[cabfpub] What is 'misuse'?
sleevi at google.com
Mon Jul 17 09:05:36 MST 2017
There have been several attempts relating to definitions of both
'misissue' and 'misuse'
Mozilla attempted to refine its definition in Mozilla Policy 2.4 after
substantial discussion as
Opera attempted a ballot to require CAs disclose when they perform
incorrect issuance - https://cabforum.org/2016/02/12/ballot-161/ -
which similarly touched on a substantial discussion of these two
On Mon, Jul 17, 2017 at 11:49 AM, Rich Smith via Public
<public at cabforum.org> wrote:
> The BRs use the term misuse/misused in multiple places in regards to reasons
> for revocation, and Subscriber representations, but do not define the term.
> What constitutes misuse of a certificate? Phishing? Fraud? Or is it only
> compromise of the private key or other action that results in someone who is
> not authorized being allowed use of the certificate? Or is it something
> Because it is undefined interpretations are all over the map. IMO the
> definition needs to be pinned down and codified in the Definitions section
> of the BRs.
> Rich Smith
> Senior Compliance Manager
> Public mailing list
> Public at cabforum.org
More information about the Public