(In reply to capoc from comment #10) > For a particular type of customers (such as government entities) whose certificate replacement approval process can be lengthy and complex, we have assisted them to analyze and redesign the various aspects in the approval process to reduce the redundant steps and improve the approval efficiency, and eventually shorten the time required for certificate replacement. I don’t think that this meets the requirements of the BRs. 9.6.3 is the BR section dealing with the subscriber warranties and acknowledgements, which I believe to be legally binding upon the Subscriber. Part 8 reads 8. **Acknowledgment and Acceptance**: An acknowledgment and acceptance that the CA is entitled to revoke the certificate immediately if the Applicant were to violate the terms of the Subscriber Agreement or Terms of Use or if revocation is required by the CA’s CP, CPS, or these Baseline Requirements. Issuing a certificate to a subscriber who did not acknowledge and accept that immediate revocation may occur in the case of BR violation is misissuance. By my understanding of the BRs, and that of a well-informed anonymous expert who I consulted, you should not have issued replacement certificates if the subscriber did not *accept that revocation can happen instantly at any time*. Did your subscribers accept and acknowledge that such revocation could occur? If so, why are you not holding them to their commitment? You may also wish to amend section 1.4.2 of your CPS, to prohibit use in life-critical or similar contexts, but that’s sort of a separate issue.
Bug 1889062 Comment 11 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to capoc from comment #10) > For a particular type of customers (such as government entities) whose certificate replacement approval process can be lengthy and complex, we have assisted them to analyze and redesign the various aspects in the approval process to reduce the redundant steps and improve the approval efficiency, and eventually shorten the time required for certificate replacement. I don’t think that this meets the requirements of the BRs. 9.6.3 is the BR section dealing with the subscriber warranties and acknowledgements, which I believe to be legally binding upon the Subscriber. Part 8 reads 8. **Acknowledgment and Acceptance**: An acknowledgment and acceptance that the CA is entitled to revoke the certificate immediately if the Applicant were to violate the terms of the Subscriber Agreement or Terms of Use or if revocation is required by the CA’s CP, CPS, or these Baseline Requirements. Issuing a certificate to a subscriber who did not acknowledge and accept that immediate revocation may occur in the case of BR violation is misissuance. By my understanding of the BRs, and that of a well-informed anonymous expert who I consulted, you should not have issued replacement certificates if the subscriber did not *accept that revocation can happen instantly at any time*. Did your subscribers accept and acknowledge that such revocation could occur? If so, why are you not holding them to their commitment? You may also wish to amend section 1.4.2 of your CPS, to prohibit use in life-critical or similar contexts, but that’s sort of a separate issue. Edit: I have also sent a question on this topic to the public CCADB list for clarification.