CA:ImprovingRevocation: Difference between revisions

CA:ImprovingRevocation (view source)

75 bytes added , 5 September 2013

m

Confirmed users, Administrators

5,526

edits

@@ Line 122: / Line 122: @@
 '''When''' To Notify Mozilla:
-* Technical Issue - There is a problem with the intermediate certificate such that the certificate may be inappropriately used. For instance, wrong key usage, incorrect name constraints, etc.
+* Technical Issue - There is a problem with the intermediate certificate such that the certificate may be inappropriately used. This includes, but is not limited to, wrong key usage, incorrect name constraints, etc.
 * An externally-operated subordinate CA certificate has been revoked or replaced (for any reason) before it has expired.
-* Cessation of business operation.
+* Cessation of business operation. (Is this one covered by the previous bullet point?)
 * According to [http://csrc.nist.gov/publications/drafts/nistir-7924/draft_nistir_7924.pdf NIST IR 7924] a Trust Anchor Manager (TAM) is an Authority who manages a repository of trusted Root CA Certificates. As specified in Section 5.7, the TAM will require the CA to provide notification when:
 ** Root CA compromise -- Compromise of CA private signing key (Notification shall be made in an authenticated and trusted manner... earliest feasible time and shall not exceed <24> hours beyond determination of compromise or loss unless otherwise required by law enforcement)