On Wed, Aug 29, 2018 at 11:53 AM Wayne Thayer <[email protected]> wrote:
> On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton < > [email protected]> wrote: > >> Works for me. >> >> Bruce. >> >> On Aug 29, 2018, at 10:29 AM, Ryan Sleevi <[email protected]> wrote: >> >> Just to confirm: Your concern is about the CA feeling that the evidence >> does not meet any of the requirements to revoke, and wanting it to be clear >> that that is a valid outcome of a problem report, correct? >> >> The problem with the suggested wording (and perhaps implicit in the >> existing wording) is that it suggests that the period to "work with the >> Subscriber and any entity" is unbounded, and once a determination is made, >> then it must be within the bounds of 4.9.1.1's time period. That is, say, >> 24 hours + as much "work with" time as you want. This is because the >> modified wording seemingly attaches the "which MUST not" to the date in >> which the CA will revoke, rather than the overall process. >> >> The CA SHALL work with the Subscriber and any entity reporting the >> Certificate Problem Report or other revocation-related notice to establish >> whether or not the certificate will be revoked, and if so, a date which the >> CA will revoke the certificate. The period from report to published >> revocation MUST NOT exceed the time frame set forth in Section 4.9.1.1. >> >> > > Does "report" here mean the preliminary report on its findings, or the > Certificate Problem Report? I am happy to accept this change once that is > clarified. > I was thinking about that on the drive in today :) "The period from receipt of report or notice to published revocation" ? >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
