Musings about WebPKI and Public Trust • 8 HN points • 15 Mar 24
- Certificate Authorities can face incidents like misissuance or non-issuance, with misissuances often caused by human error or software bugs.
- Baselining Requirements set by the CA/B forum provide rules for dealing with certificate misissuances, including the timeline for revocation.
- Entrust's recent incident highlights a misissuance dilemma, where they continued misissuing certificates and refused to follow the proper revocation process, impacting thousands of Extended Validation certificates.