On Monday, 13 February 2017 15:15:47 UTC, Jürgen Brauckmann wrote: > I'm probably confused regarding BRs pre/post Ballot 181: Aren't there > only 4 methods per Ballot 181? > > Jürgen
Ballot 169 identified exactly 10 methods. Although this ballot passed unanimously, meaning that both CA members and Browser members on the whole supported these 10 methods, subsequently the CA/B effectively undid the changes from Ballot 169 because of patent concerns. Mozilla's position as I understand it is that regardless of what happens with patents, they don't want CAs to continue inventing their own ad hoc validation methods (witness the flaws in the method GoDaddy came up with). Thus, even though some of the methods from Ballot 169 are not included in the Baseline Requirements today, Mozilla intends to oblige root programme members to pick from those ten methods. So far as I can see three factors might cause a CA to decide it's necessary in their opinion to reject any particular method. These are 1. The method isn't allowed for them under the BRs, or another root programmes rules. 2. The method is subject to patent or other legal rights and they're unable or unwilling to agree acceptable terms to use the method. 3. The method is incompatible with the CA's business model or doesn't meet their own standards for validation. For (1) I believe the BRs currently allow all ten Ballot 169 methods because they have an "any method" escape clause. If a CA believes another root programme requirement conflicts this would be the right forum for the CA to tell Mozilla about it. For (2) where a CA is aware of such rights and they weren't already revealed to the CA/B it'd sure be helpful to know about them here. For (3) I don't see any problem unless the CA rules out all ten methods. If any CA is on the verge of doing that they should definitely reach out to us in m.d.s.policy to explain their thinking. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
