[144412] in cryptography@c2.net mail archive
Re: Has any public CA ever had their certificate revoked?
daemon@ATHENA.MIT.EDU (Thierry Moreau)
Tue May 5 11:23:47 2009
Date: Mon, 04 May 2009 22:29:33 -0500
From: Thierry Moreau <thierry.moreau@connotech.com>
To: dan@geer.org
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com
In-Reply-To: <20090503205759.D7C2E34378@absinthe.tinho.net>
dan@geer.org wrote:
> No, [...]
Now that the main question is answered, there are sub-questions to be asked:
1. Has any public CA ever encountered a situation where a revocation
would have been necessary?
1.1 Has any public CA ever had a disgrunted employee with too many
privileges not revoked on a timely manner?
1.2 Has any public CA ever experienced a corporate reorganization where
a backup HSM has been lost?
1.3 ...
2. Has any public CA ever suspected a situation where a revocation would
have been necessary?
2.1 Has any public CA ever had an audit that identified mismanagement of
signature private key over some extended period of time?
2.2 ...
Regards,
--
- Thierry Moreau
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
