All, As I said at the F2F in Bergamo, the issues with BR section 4.9.1.1 are not going to resolve themselves. We're going to have to address them sooner rather than later.
Here are two more ideas that I've received from others: 1 - add a 30-day revocation timeframe for a few minor, non-security-related mis-issuance types; and/or 2 - maintain a list of Subscribers, uses, FQDNs (or other) that can't meet the revocation deadlines, and exempt them, but require that they use 90-day certificates. Thanks, Ben
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
