[gtld-tech] ICANN CRL expired and not updated yet

Kal Feher Kal.Feher at ariservices.com
Fri Jul 31 02:23:31 UTC 2015

Thank you Francisco,
That is exactly what I was hoping for.

Kal Feher

-----Original Message-----
From: Francisco Arias [mailto:francisco.arias at icann.org] 
Sent: Friday, 31 July 2015 10:59 AM
To: Kal Feher; gtld-tech at icann.org
Subject: Re: [gtld-tech] ICANN CRL expired and not updated yet

Hi Kal,

The first version of the TMCH CA CRL had a "Next Update" field set to
2015-07-23 23:59:59 UTC. The second version of the CRL was published on
2015-07-28 01:35:00 UTC. Leaving a window of 4 days, 1 hour and 35 minutes of potential impact.

TLDs with sunrise periods between 24 July 2015 and 28 July 2015 may have determined that certificates issued by the TMCH could not be validated.
Registrars who received sunrise registration/application requests for those TLDs during that period may have also been affected.

Moving forward, ICANN plans to publish a definitive schedule for future CRL updates. Registries and registrars must continue refreshing the CRL as specified in draft-lozano-tmch-func-spec (i.e., at least every 24 hours).

A communication was sent to the potentially affected parties (registries and registrars).



On 7/28/15, 6:40 PM, "Kal Feher" <Kal.Feher at ariservices.com> wrote:

>Can you please provide the length of the outage period and the symptoms
>observed by users as currently understood?
>Clearly stating the known facts would be useful for all those who rely on
>the service and who need to now identify invalid submission failures.
>Kal Feher
>-----Original Message-----
>From: gtld-tech-bounces at icann.org [mailto:gtld-tech-bounces at icann.org] On
>Behalf Of Francisco Arias
>Sent: Tuesday, 28 July 2015 11:39 AM
>To: David Krizanic; gtld-tech at icann.org
>Subject: Re: [gtld-tech] ICANN CRL expired and not updated yet
>This message contains a digitally signed email which can be read by
>opening the attachment.

More information about the gtld-tech mailing list