For sure. Apologies if that was worded confusing - we're hugely supportive
of SRVNames, but solving the technical and policy issues around them is
thorny and will require technical expertise, and I think most of the
technical expertise of the Forum has been otherwise occupied by a number of
more pressing matters (adoption of Certificate Transparency, strengthening
of validation methods, reducing certificate lifetimes, etc)

On Fri, Mar 2, 2018 at 11:20 AM, Tim Hollebeek <>

> We’re willing to continue talking through those issues in an attempt to
> reach a solution.  I do think SRVNames would be a useful improvement.  For
> us, the lack of movement has had more to do with time constraints than
> technical constraints!
> While SRVNames do offer a way to scope the authority to a particular
> service (on any port), there's been no movement towards adopting them in
> the CA/Browser Forum, due to the issues they would have with technically
> constrained sub-CAs.
Public mailing list

Reply via email to