On 11/2/09 17:20, Paul Hoffman wrote:
At 5:09 PM +0000 2/4/09, Frank Hecker wrote:
1. To what extent do typical CPSs and CPs address this issue? In other words,
if we were to read the average CPS/CP, would it have language that would
unambiguously tell us whether our policy requirement were met or not? Or is
this something that's typically ambiguous and left to CAs' discretion, or that
CAs are prohibited from unilaterally doing under the terms of their subscriber
agreements? (E.g., CA can revoke only at the subscriber's request.)
Whether or not the average CPS/CP has it is irrelevant. Let's look at the
standards that all CAs are supposed to be using, in this case RFC 5280:
Where in the policy does it mention RFC 5280?
The CA is not following the PKIX standard: pull their trust anchor.
pull the policy?
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
