Thanks. This is a much better, and clearer, update, and I appreciate you taking the time to provide it. With respect to the following proposed change: > We will update during July the contract template for SSL certificates to add a clause stating that Firmaprofesional will revoke a certificate with findings regarding Root Programs in no more than five days. The Baseline Requirements require (using [Version 1.6.5](https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.5.pdf)), in Section 9.6.1, that: > The CA represents and warrants to the Certificate Beneficiaries that, during the period when the Certificate is > valid, the CA has complied with these Requirements and its Certificate Policy and/or Certification Practice > Statement in issuing and managing the Certificate. and > **Subscriber Agreement**: That, if the CA and Subscriber are not Affiliated, the Subscriber and CA are > parties to a legally valid and enforceable Subscriber Agreement that satisfies these Requirements, or, > if the CA and Subscriber are the same entity or are Affiliated, the Applicant Representative > acknowledged the Terms of Use; and > **Revocation**: That the CA will revoke the Certificate for any of the reasons specified in these > Requirements. The description makes it sound like the changes to the contract mean that there's presently no "legally valid and enforceable Subscriber Agreement that satisfies these Requirements" that "the CA will revoke the Certificate for any of the reasons specified in these Requirements". Is that a correct understanding? I'm asking to understand if this was the result of a differing interpretation of the BR obligations, which may highlight an opportunity to improve and clarify them to be clearer, if so.
Bug 1538638 Comment 11 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Thanks. This is a much better, and clearer, update, and I appreciate you taking the time to provide it. With respect to the following proposed change: > We will update during July the contract template for SSL certificates to add a clause stating that Firmaprofesional will revoke a certificate with findings regarding Root Programs in no more than five days. The Baseline Requirements require (using [Version 1.6.5](https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.5.pdf)), in Section 9.6.1, that: > The CA represents and warrants to the Certificate Beneficiaries that, during the period when the Certificate is > valid, the CA has complied with these Requirements and its Certificate Policy and/or Certification Practice > Statement in issuing and managing the Certificate. and > **Subscriber Agreement**: That, if the CA and Subscriber are not Affiliated, the Subscriber and CA are > parties to a legally valid and enforceable Subscriber Agreement that satisfies these Requirements, or, > if the CA and Subscriber are the same entity or are Affiliated, the Applicant Representative > acknowledged the Terms of Use; and > **Revocation**: That the CA will revoke the Certificate for any of the reasons specified in these > Requirements. The description makes it sound like the changes to the contract mean that there's presently no "legally valid and enforceable Subscriber Agreement that satisfies these Requirements" that "the CA will revoke the Certificate for any of the reasons specified in these Requirements". Is that a correct understanding? I'm asking to understand if this was the result of a differing interpretation of the BR obligations, which may highlight an opportunity to improve and clarify them to be clearer, if so.