Am Montag, 5. Februar 2018 22:31:46 UTC+1 schrieb Wayne Thayer: > Gerv and I have made, and the CA/Browser Forum has accepted a proposal to > convene a "Validation Summit" on Tuesday March 6th during the next > regularly scheduled CA/Browser Forum face-to-face meeting that will be held > in the Washington DC area. > > The intent of this summit is to perform an analysis of each of the "blessed > 10" domain validation methods, identify weaknesses, and determine if each > method needs to be improved or deprecated. You can find a proposed agenda > at [1]. > > The CA/Browser Forum has agreed to invite security experts who have > specialized knowledge of threat analysis and CA operations to participate, > and I would like to extend that invitation to members of the Mozilla > security community. It would be particularly helpful to have participants > who have experience in the following areas: > > > > 1. Real-world experience with the validation procedures as they are > currently practiced by public CAs > 2. Experience with threat modeling, analyzing a variety of protocols, or > other methods for rigorously analyzing processes and procedures for > potential vulnerabilities > 3. Deep technical expertise related to how validation-related > technologies perform and/or fail in the real world (DNS, WHOIS, Domain > Registrars, Reverse IP lookup, and so on) > 4. Technical challenges that prevent various validation methods from > being usable by a significant fraction of certificate applicants, and thus > drive users towards less desirable methods > 5. Automation of validation protocols (i.e. ACME) > > Those putting their names forward should be prepared to adhere to the Code > of Conduct [2] and to participate in a constructive discussion that remains > focused on the topic at hand. If you would like to participate, you will be > required to become an Interested Party [3] and sign the CA/Browser Forum > IPR Agreement. [4] (Note: if your company is already a CA/Browser Forum > member, please check with your representative) > > If you intend to meet these requirements and attend the summit as an > Interested Party, please email me (wthayer-at-mozilla-dot-com) so that I > can get you added to the list of attendees and provide more information. > > We do expect to have a remote attendance option available; however, given > the size of the group, please be aware that it can be difficult to > participate even when the audio quality is good. If you would like to > attend in-person but require travel/accommodation sponsorship, please > mention that in your email to me, along with a ballpark figure for costs > (estimate the hotel as $122 per night). > > Wayne > > [1] https://cabforum.org/pipermail/public/2018-February/012908.html > [2] > https://cabforum.org/wp-content/uploads/CA-Browser-Forum-Bylaws-v.-1.7.pdf > (Exhibit C) > [3] https://cabforum.org/current-work > [3] https://cabforum.org/ipr-policy/
Hi Wayne, all, we really appreciate this effort to enable us all for a deep-dive into Validation mechanisms and how to proceed here. D-Trust will actively engage in this process and thus will be represented by Enrico Entschew and Arno Fiedler. Thanks, Kim _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
