Also, in response to "any good estimates", just so relying parties have more public information on this important issue, I can mention that Method 1 is (in our case, was) absurdly common; far more common than most people think.
The rest is pretty evenly scattered across the methods you would expect (DNS, email, phone). -Tim > -----Original Message----- > From: Public [mailto:[email protected]] On Behalf Of Paul > Hoffman via Public > Sent: Thursday, July 12, 2018 1:13 PM > To: CA/Browser Forum Public Discussion List <[email protected]> > Subject: Re: [cabfpub] [Ext] Re: List of which CAs use which methods from > Section 3.2.2.4? > > On Jul 12, 2018, at 12:51 PM, Wayne Thayer <[email protected]> wrote: > > Paul- can explain your use case for this information? That might help us > determine if the proposal is worth pursuing. > > There are communities who use certificates who trust some BR-allowed > methods more than others. Some of the methods are more prone to BGP > rerouting than others, for example. > > At this point, I don't have any good estimates for them to indicate how many > CAs use which method, much less how many certificates in common use are > likely to use particular methods. As Ryan pointed out, transparency here is > pretty low. That affects users' trust of CAs in general, and it would be grand if I > could say "here's what the relying parties know about the certificates in use". > > --Paul Hoffman > _______________________________________________ > Public mailing list > [email protected] > https://clicktime.symantec.com/a/1/1kVJSPrvPO1NCgx0TAV0VA7VwN2tHYzrrg > ZPFB7WGRk=?d=96uoE8KZaLGQTDiYffuzulg9lgr5FtS5CUtwYRiZ- > hiVoILZRr9Zv_CpIaGbzyTUterSqsHJwA-o5L-dE-MLjHl6aqJ5G5n-cjbkA_nWYKsl- > 9bgJX3ZHnFvWIRARmLSdQSlvCHw5OlLs9CLcUoGG_hqUFzSTcdA_kTzRtt8VqAO > q8fTSjwkDlBzwFHjKoIaUAZX6LZiJ3IOdgA4zWy3C3fTeV3oNRHddgupQ3VnzAam > ELWcZ4BosSjIzYl6XKVSrwrHPSsnPwsd2EwVooGfv3ETn54xgRdqV14vGX7SthjcF > CYRK_R76kq3vbuZ9d6ktyOH- > 2dRHcpEKbDZDEDgJAechi5ZQYLgbNNF98FHBX6bIAHLs4u73Treoc0p3np8aTnpY > _bh1H8cvxvLavOYrFnzpEW- > tn8ZwOo5OOkBbGlr3UirdpvdBMkPNTiL7YhxnA%3D%3D&u=https%3A%2F%2F > cabforum.org%2Fmailman%2Flistinfo%2Fpublic
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
