search

cabforum / servercert

Repository for the CA/Browser Forum Server Certificate Chartered Working Group
https://cabforum.org/working-groups/scwg/
160 stars 104 forks source link

MPIC - Clarify when a CA is or is not allowed to issue #557

Open XolphinMartijn opened 1 week ago

XolphinMartijn commented 1 week ago

"The CA MUST NOT proceed with certificate issuance if the number of non-corroborations is greater than allowed in the Quorum Requirements table and if the remote Network Perspectives that do corroborate the determinations made by the Primary Network Perspective do not fall within the service regions of at least two (2) distinct Regional Internet Registries."

Should the ”and” in ”and if the remote” not be an ”or”? Otherwise, it seems to me a CA might be allowed to issue even with 3 non-corroborations, as long as all corroborations are at least in two different RIRs.

Having discussed with @ryancdickson, suggesting using:

The CA MUST only proceed with certificate issuance if the requirements defined in Quorum Requirements Table are satisfied, and the remote Network Perspectives that corroborate the Primary Network Perspective fall within the service regions of at least two (2) distinct Regional Internet Registries.

github-actions[bot] commented 1 week ago

This issue was created based on: