Tim, On Tue, Mar 20, 2018 at 9:57 AM, Tim Hollebeek <tim.holleb...@digicert.com> wrote:
> > > * Add a new bullet on IP Address validation that forbids the use of BR > > 3.2.2.5(4) (“any other method”) and requires disclosure of IP Address > > validation processes in the CA’s CP/CPS. > > This is a bit premature. Most CA's IP validation procedures still fall > under > any other method, and the draft ballot that we've been trying to pass > for a year or so is not done yet (I was writing it when the Validation > Summit started taking over my life...) There's a good chance we will > get a ballot passed on this issue this summer, but there's also a good > chance that work on improving the non-IP validation methods will be > prioritized above it. > > This seems to contradict your comment in issue 116 [1]: I think the solution to Ryan's issue is to remove 3.2.2.5 (4). The VWG is > currently discussing changes to 3.2.2.5 (in order to remove 3.2.2.5 (4)), > and we haven't heard of any CA that is using it, though we should check the > smaller ones. > It's possible 3.2.2.5 (4) could be removed with an aggressive timeline if > it's really true no one is using it. > It would be great to hear from CAs on the impact they would feel from Mozilla banning 3.2.2.5(4) prior to passage of the VWG ballot you mentioned. - Wayne [1] https://github.com/mozilla/pkipolicy/issues/116 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy