Rob, Thanks for this excellent project.
Ryan On Tue, Jul 30, 2024 at 8:23 AM 'Rob Stradling' via [email protected] <[email protected]> wrote: > Hi everyone. I've already posted a release announcement > <https://groups.google.com/a/groups.cabforum.org/g/public/c/lM7XZxUYakc/m/3z9IIqq0AgAJ> > for > this project on the CABForum Public list, but I imagine there are some > folks here who aren't following that list but who might be interested... > > Amir wrote > <https://www.mail-archive.com/[email protected]/msg01669.html> > : > *"You've had issues with, arguably one of the easiest parts of being a CA, > linting. Your issues with linting go back at least six years. Seriously, > how do you have so much difficulty with properly implementing pre, and post > issuance linting?"* > > Mike Shaver wrote > <https://www.mail-archive.com/[email protected]/msg01727.html> > : > *"Finally, conformance to the standards and correct issuance is just not > that hard, as regards the things that have been argued to be "too minor to > revoke in 5 days". They would virtually all have been caught by decent > linting."* > > In my experience, effective integration of linters into a CA's > pre-issuance pipeline isn't rocket science, but it's also far from > trivial. In recent months on Bugzilla we've seen a number of CAs struggle > with, or take a long time to complete, linter integration projects; and now > that CABForum has set deadlines in the TLS BRs for when CAs SHOULD > <https://github.com/cabforum/servercert/pull/518/files#diff-e0ac1bd190515a4f2ec09139d395ef6a8c7e9e5b612957c1f5a2dea80c6a6cfeR193> > and > MUST > <https://github.com/cabforum/servercert/pull/518/files#diff-e0ac1bd190515a4f2ec09139d395ef6a8c7e9e5b612957c1f5a2dea80c6a6cfeR194> > implement > a linting strategy, every TLS-capable CA needs to get on top of this. > > *pkimetal delivers: easier linter integration, a comprehensive linting > strategy, and more performant and scalable linting.* > > Open-source project: https://github.com/pkimetal/pkimetal (code, > documentation, prebuilt Docker containers) > > Public instance: https://pkimet.al/ (not recommended for production CA > environments) > > I, for one, look forward to the day when misissuance incidents that could > have been *"caught by decent linting"* are a thing of the past! > > -- > Rob Stradling > Distinguished Engineer > Sectigo Limited > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729614F57D6CACA7DE0A1AAAAB02%40MW4PR17MB4729.namprd17.prod.outlook.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729614F57D6CACA7DE0A1AAAAB02%40MW4PR17MB4729.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CALVZKwbp9fcexQ%3D8XDijcaMyRTnexqdeEq6AsxGXeRn5Q%2BoGXg%40mail.gmail.com.
