On 17 February 2012 11:51, Phillip Hallam-Baker <[email protected]> wrote: > If the reporting mechanism is public we may well see a DDoS attack > against it in parallel with an actual attack.
Well, there's a few months to solve that problem, but it will need to be resolved. According to the CA/B Forum Guidelines (effective July 1st), 13.1.2: The CA SHALL provide Subscribers, Relying Parties, Application Software Suppliers, and other third parties with clear instructions for reporting suspected Private Key Compromise, Certificate misuse, or other types of fraud, compromise, misuse, inappropriate conduct, or any other matter related to Certificates. The CA SHALL publicly disclose the instructions through a readily accessible online means. -tom
