If your CA is audited according ETSI 319 401, there is a clear obligation for a CA (aka TSP) "to issue to those meeting the qualifications specified"
* REQ-7.1.1-02: Trust service practices under which the TSP operates shall be non-discriminatory. * REQ-7.1.1-03: The TSP should make its services accessible to all applicants whose activities fall within its declared field of operation and that agree to abide by their obligations as specified in the TSP's terms and conditions. I don't know, if WebTrust has a similar requirement. From: Matthew Hardeman via dev-security-policy > Perhaps it should be the broader question of both issuance policy and > revocation? > > For example, guidelines denote what issuance is permissible but > nowhere in the BR policies (or in any of the root programs as far as > I'm aware) is an affirmative obligation to issue to those meeting the > qualifications specified. > > > On Thu, Apr 12, 2018 at 3:46 PM, Wayne Thayer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > Eric raised an issue distinct from 'the value of EV' that I think is > > important: Can certificate revocation be used as a form of censorship? > > As HTTPS becomes the default state of the web, it becomes more > > important to consider this issue and what should be done about it. I > > plan to discuss this with others at Mozilla, and I welcome more > > discussion here on the topic (perhaps in a new thread). > > > > - Wayne With best regards, Rufus Buschart Siemens AG GS IT HR 7 4 Hugo-Junkers-Str. 9 90411 Nuernberg, Germany Tel.: +49 1522 2894134 mailto:rufus.busch...@siemens.com www.siemens.com/ingenuityforlife _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy