Hi everyone. I've already posted a
release announcement for this project on the CABForum Public list, but I imagine there are some folks here who aren't following that list but who might be interested...
"You've had issues with, arguably one of the easiest parts of being a CA, linting. Your issues with linting go back at least six years. Seriously, how do you have so much difficulty with properly implementing pre, and post issuance linting?"
"Finally, conformance to the standards and correct issuance is just not that hard, as regards the things that have been argued to be "too minor to revoke in 5 days". They would virtually all have been caught by decent linting."
In my experience, effective integration of linters into a CA's pre-issuance pipeline isn't rocket science, but it's also far from trivial. In recent months on Bugzilla we've seen a number of CAs struggle with, or take a long time to complete, linter integration
projects; and now that CABForum has set deadlines in the TLS BRs for when CAs
SHOULD and
MUST implement a linting strategy, every TLS-capable CA needs to get on top of this.
pkimetal delivers: easier linter integration, a comprehensive linting strategy, and more performant and scalable linting.
I, for one, look forward to the day when misissuance incidents that could have been
"caught by decent linting" are a thing of the past!
--
Rob Stradling
Distinguished Engineer
Sectigo Limited