Now I understand better. Thanks for rephrasing the question. What happened was that we started using the CACHECKER "first" instead of waiting for the Root CA to be alerted to wrong certificates. We always aim to only use CA SSL/TLS software in compliance with BR SSL requirements. We understand that we need to respect the rules about the time for revocation, and we started intensify this issue even more if we are accepted in root programs. Well, as I read the bugzillas daily, I see that even today there are still CAs, that are in the program, and also have problems, keeping the revocation time within the rules. We assume that we have rules to resolve issues and not remain impartial. Thanks about your question.l
Em quinta-feira, 8 de dezembro de 2022 às 11:48:38 UTC-3, [email protected] escreveu: > Hello: > > regarding this: > > > >> 2 - As I explained earlier, we had problems with the SAN of all these >> certificates, alerted by Mozilla to our Root CA, as the Root CA rules >> overlapped the BR SSL rules. >> > Unfortunately, due to the very large number of certificates, it was not >> possible to fulfill what is expected(24 hours timeline), both from the BR >> SSL regulations and what we reflect in our regulations (CPS). >> >> These revocations, unfortunately, lasted much longer than expected. >> >> We understand that we would not, yet, be infringing the rules, because >> our certificate is not in the Mozilla program. >> > I suppose my question is what specific operational changes have been made > on your side since then so that the inability to fulfill the baseline > requirements won't remain an issue were you to be part of Mozilla's program? > > -- You received this message because you are subscribed to the Google Groups "public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/63ca387d-fcd3-44b3-9838-fdca227134f6n%40ccadb.org.
