On 04/04/17 12:17, Gervase Markham via dev-security-policy wrote:
On 27/03/17 22:12, Andrew Ayer wrote:
[ Corresponding issue on GitHub: https://github.com/mozilla/pkipolicy/issues/67
]
This has now been added to the policy 2.5 draft with a one-week deadline.
Gerv
Gerv,
Mozilla also requires CAs to disclose intermediate cert revocations to
CCADB. Should there be a corresponding time limit in the policy
regarding how soon after revocation this disclosure must occur?
https://crt.sh/mozilla-disclosures#disclosedbutincrl currently shows 2
GlobalSign EV intermediates that were revoked by Google Trust Services 5
days ago, but which are still unrevoked according to CCADB. By when
must GTS notify CCADB of these 2 revocations?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
