[cabfpub] What is 'misuse'?

Ryan Sleevi sleevi at google.com
Mon Jul 17 09:05:36 MST 2017


There have been several attempts relating to definitions of both
'misissue' and 'misuse'

Mozilla attempted to refine its definition in Mozilla Policy 2.4 after
substantial discussion as
https://groups.google.com/d/msg/mozilla.dev.security.policy/UHRdmKNVAOg/Sqtj-YLdCAAJ

Opera attempted a ballot to require CAs disclose when they perform
incorrect issuance - https://cabforum.org/2016/02/12/ballot-161/ -
which similarly touched on a substantial discussion of these two
words.

On Mon, Jul 17, 2017 at 11:49 AM, Rich Smith via Public
<public at cabforum.org> wrote:
> The BRs use the term misuse/misused in multiple places in regards to reasons
> for revocation, and Subscriber representations, but do not define the term.
>
>
>
> What constitutes misuse of a certificate?  Phishing?  Fraud?  Or is it only
> compromise of the private key or other action that results in someone who is
> not authorized being allowed use of the certificate?  Or is it something
> else?
>
>
>
> Because it is undefined interpretations are all over the map.  IMO the
> definition needs to be pinned down and codified in the Definitions section
> of the BRs.
>
>
>
> Regards,
>
> Rich Smith
>
> Senior Compliance Manager
>
> Comodo
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>


More information about the Public mailing list