In general, worried that a CA who can’t get its info ready at the start will protect trust as a CA. If they issue a bad cert, can’t take two+ months to revoke it when actively being used maliciously. If they cannot get current information now, worried about their ability to do so in the future and their competency On Thursday, December 15, 2022 at 12:53:03 PM UTC-5 [email protected] wrote:
> I assume this resets the 6 week clock for dicussions? Or do they get to > call timeouts and run the clock out? > > On Thu, Dec 15, 2022 at 10:36 AM Ben Wilson <[email protected]> wrote: > >> All, >> >> We have received a request from SERPRO to pause the public discussion >> until the end of February while they re-assess their application and to >> give them time to prepare better answers to the questions raised here. As >> stated: >> >> We are going to organize ourselves to include more technical and more >> consistent answers in the group, since we consider it important to clarify >> all the doubts understood. >> We know that we have had a process for validating and issuing SSL/TLS >> certificates since 2019, in practice, we are always looking to improve >> every day, ensuring compliance with the requirements defined in the >> baseline. >> We would like to request a pause in this discussion in the AC SERPRO SSL >> group, until the end of February, which will be used to include the new >> responses as mentioned above. If the group had more questions, we ask that >> they continue to be forwarded so that we can use this new deadline to >> answer them. >> >> I am granting their request and will pick the discussion back up on March >> 1, 2023, unless SERPRO notifies me prior to then that they are prepared to >> re-convene. >> >> Sincerely yours, >> >> Ben Wilson >> Mozilla Root Store Manager >> >> On Wed, Dec 14, 2022 at 3:38 PM 'Cynthia Revström' via public < >> [email protected]> wrote: >> >>> Hi André, >>> >>> It feels like I am getting conflicting information here, can you please >>> clarify what method SERPRO uses in order to get domain contact info? >>> As far as I can tell you are saying that you use both who.is and RDAP >>> but I might very well be misunderstanding it. >>> >>> -Cynthia >>> >>> On Wed, Dec 14, 2022 at 7:52 PM André Silva <[email protected]> >>> wrote: >>> >>>> Hi Joel, >>>> The main purpose do use the WHOIS service is to get domain contact to >>>> proceed to domain validation, as described in BR SSL section *3.2.2.4*, >>>> after that we proceed to validation of the documentation presented by the >>>> entity (organization) by the government agencies. >>>> >>>> Em quarta-feira, 14 de dezembro de 2022 às 14:41:08 UTC-3, >>>> [email protected] escreveu: >>>> >>>>> Hello: >>>>> >>>>> I just want to make sure I clearly understand the use of who.is. So >>>>> for this certificate for infoconv.sicredi.io >>>>> https://crt.sh/?id=6202101964, since it is non-.br when SERPRO issued >>>>> it for the organization name of the bank BANCO COOPERATIVO SICREDI the >>>>> validation was to go to https://who.is/whois/sicredi.io and see that >>>>> Confederacao Sicredi was listed? Were there any other steps involved? >>>>> >>>>> Thanks, >>>>> Joel Reardon >>>>> On Wednesday, December 14, 2022 at 10:35:06 AM UTC-7 >>>>> [email protected] wrote: >>>>> >>>>>> On Wed, Dec 14, 2022 at 10:15 AM André Silva < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> here we go again... >>>>>>> >>>>>> >>>>>> Thanks, also why were you not emailing from your work account at the >>>>>> beginning and instead using a throw-away Gmail account? It's very odd >>>>>> and >>>>>> potentially suspicious behavior that you would create a new email >>>>>> account >>>>>> to do this instead of using your existing account and I think it >>>>>> deserves >>>>>> an explanation (there must be a simple reason, right?). >>>>>> >>>>>> >>>>>>> >>>>>> -- >>>>>> Kurt Seifried (He/Him) >>>>>> [email protected] >>>>>> >>>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "public" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/a/ccadb.org/d/topic/public/Mux855BsRg4/unsubscribe >>>> . >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/ccadb.org/d/msgid/public/ae3fb36a-7a8e-4a48-acbd-250e3f6fe95an%40ccadb.org >>>> >>>> <https://groups.google.com/a/ccadb.org/d/msgid/public/ae3fb36a-7a8e-4a48-acbd-250e3f6fe95an%40ccadb.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "public" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/ccadb.org/d/msgid/public/CAKw1M3NAsiDuwyhsf8z3TP2odRFnyy4F%2BHg1JN8b%2BQ3eM-Z6DA%40mail.gmail.com >>> >>> <https://groups.google.com/a/ccadb.org/d/msgid/public/CAKw1M3NAsiDuwyhsf8z3TP2odRFnyy4F%2BHg1JN8b%2BQ3eM-Z6DA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "public" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaYxBkk7_UR6yqvHvbhmchSLLoJymUdKNJnnj7FSHt_nTw%40mail.gmail.com >> >> <https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaYxBkk7_UR6yqvHvbhmchSLLoJymUdKNJnnj7FSHt_nTw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Kurt Seifried (He/Him) > [email protected] > -- You received this message because you are subscribed to the Google Groups "public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/be611b13-6957-41f7-a88f-bfd90634fe22n%40ccadb.org.
