[cabfpub] Misissuance of certificates
gerv at mozilla.org
Wed Oct 28 08:47:46 MST 2015
On 28/10/15 15:40, Sigbjørn Vik wrote:
> A CA might still prefer to fix their issues silently, without letting
> the public know that it had misissued certificates. This amendment does
> not fix that issue directly.
Why not? Presumably silently fixing an issue in this way would now be a
BR violation, which would lead to a failed audit?
> If such misissuance were discovered later,
> either through CT, through the auditor, or otherwise, the CA would be
> forced to issue full information.
By what mechanism? Your proposed text doesn't seem to cover this case.
More information about the Public