[gtld-tech] ICANN CRL expired and not updated yet

Francisco Arias francisco.arias at icann.org
Fri Jul 31 00:58:38 UTC 2015

Hi Kal,

The first version of the TMCH CA CRL had a "Next Update" field set to
2015-07-23 23:59:59 UTC. The second version of the CRL was published on
2015-07-28 01:35:00 UTC. Leaving a window of 4 days, 1 hour and 35 minutes
of potential impact.

TLDs with sunrise periods between 24 July 2015 and 28 July 2015 may have
determined that certificates issued by the TMCH could not be validated.
Registrars who received sunrise registration/application requests for
those TLDs during that period may have also been affected.

Moving forward, ICANN plans to publish a definitive schedule for future
CRL updates. Registries and registrars must continue refreshing the CRL as
specified in draft-lozano-tmch-func-spec (i.e., at least every 24 hours).

A communication was sent to the potentially affected parties (registries
and registrars).



On 7/28/15, 6:40 PM, "Kal Feher" <Kal.Feher at ariservices.com> wrote:

>Can you please provide the length of the outage period and the symptoms
>observed by users as currently understood?
>Clearly stating the known facts would be useful for all those who rely on
>the service and who need to now identify invalid submission failures.
>Kal Feher
>-----Original Message-----
>From: gtld-tech-bounces at icann.org [mailto:gtld-tech-bounces at icann.org] On
>Behalf Of Francisco Arias
>Sent: Tuesday, 28 July 2015 11:39 AM
>To: David Krizanic; gtld-tech at icann.org
>Subject: Re: [gtld-tech] ICANN CRL expired and not updated yet
>This message contains a digitally signed email which can be read by
>opening the attachment.

More information about the gtld-tech mailing list