Now that this is being more openly discussed, can someone post a copy of the letter here? While redacting whatever PII
On Fri, Aug 2, 2024 at 14:05 Watson Ladd <[email protected]> wrote: > On Fri, Aug 2, 2024 at 5:33 AM 'Bruce Morton' via > [email protected] <[email protected]> > wrote: > > > > Hi Nick, > > > > Thanks for passing on the customer email, we’re following up directly > there, and as always, we’d recommend that customers directly reach out to > their account team to discuss their specific needs. > > > > That said, we think it would be helpful to share the different > certificate licensing models we offer and the details of each. Entrust > broadly offers two models for certificate purchase. The handling of active > certificates, including revocation, differs based on the model chosen by > the customer. > > > > The first model is what we call “unit based” and is what most would > consider the historically traditional approach for certificate offers, > where a customer purchases a certificate for a specific term, that > certificate is paid for up front, and their license is valid through the > expiration date of the certificate. After initial issuance only limited > changes are permitted to the details of the certificate. > > > > The second model is what we call “subscription” or “pooling”, and this > approach allows a customer to have up to a pre-defined number of > certificates issued and active at any given time during the period of the > subscription. This approach allows customers the flexibility to issue and > change certificates as often as necessary as their needs change, including, > for example, revoking a no-longer needed certificate and issuing a new one > with new organization information or domains, with no additional charges. > At the time of renewal, customers can increase or decrease the number of > certificates that are available under their subscription. If at any time a > customer chooses to fully stop their subscription, then the license period > ends, and under the terms of the agreement we reserve the right to revoke > any unexpired certificates. > > > > So, depending on the model selected by the customer up front, the > approach differs on how unexpired certificates are handled upon > termination, and both are addressed in our Certificate and Signing Services > Terms of Use. In addition, it is common that terms may be custom > negotiated, so the best course of action, for any individual customer with > questions, is to contact their account representatives directly to discuss. > > > > We hope this provides some more context to the question here on what our > standard options and practices are. And we have an extensive customer > communications and outreach program underway to ensure that customers > understand their options and to provide uninterrupted support for their > publicly trusted TLS certificates. > > Let me get this straight: you will not revoke on time when presented > with a BR violation, making the excuse customers will be > inconvenienced, run criticial systems yadda yadda. You will revoke > gratuitously come contract renewal time, and none of the reasons > listed before matter. > > Sincerely, > Watson Ladd > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0cnU6nDKQ%3DyEONsACzZi9LCgjdgQdXdO2AM%2BxTS51utUwA%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAOG%3DJUKSgRw-h5%3DUzMFxc%3DDPOxQCaTcJUtRehZswmHGkT08gHg%40mail.gmail.com.
