Re: SSL.com root inclusion request

2017-10-16 Thread Kathleen Wilson via dev-security-policy
Thank you to those of you who reviewed and commented on this request from SSL.com to include the “SSL.com Root Certification Authority RSA”, “SSL.com Root Certification Authority ECC”, “SSL.com EV Root Certification Authority RSA R2”, and “SSL.com EV Root Certification Authority ECC” root certif

Re: SSL.com root inclusion request

2017-10-16 Thread Gervase Markham via dev-security-policy
On 13/10/17 15:41, Gervase Markham wrote: > Er, we should fix that... Well, actually it's scoped as being inside the original EV cert request, so there's probably no harm in practice. If any CAB Forum member wants to fix this small error, great, but I've got too many other ballot ideas to juggle.

Re: SSL.com root inclusion request

2017-10-13 Thread Leo Grove via dev-security-policy
Hello and thank you Andrew for taking the time to review and/or comment on the SSL.com CP/CPS v1.2.1 for any potential issues. I will be more than happy to answer your questions below: On Thursday, October 12, 2017 at 5:55:00 PM UTC-5, Andrew R. Whalley wrote: > Greetings, > > I have reviewed S

Re: SSL.com root inclusion request

2017-10-13 Thread Gervase Markham via dev-security-policy
On 13/10/17 06:01, Peter Bowen wrote: > This is taken directly from the EV Guidelines section 14.2.2. The > EVGs don't use the PSL, they specify third or higher. Er, we should fix that... Gerv ___ dev-security-policy mailing list dev-security-policy@li

Re: SSL.com root inclusion request

2017-10-12 Thread Peter Bowen via dev-security-policy
On Thu, Oct 12, 2017 at 3:54 PM, Andrew R. Whalley via dev-security-policy wrote: > I have reviewed SSLcom_CP_CPS_Version_1_2_1 and made the following notes: > > 1.3.2.1 > > "may contractually authorize the Subject of a specified Valid EV > Certificate to perform the RA function and authorize SSL.

Re: SSL.com root inclusion request

2017-10-12 Thread Nick Lamb via dev-security-policy
On Thursday, 12 October 2017 23:55:00 UTC+1, Andrew R. Whalley wrote: > This assumes the number of labels in domains appearing in the Public Suffix > List, which is inadvisable. An illustrative example, probably worth using by any CAs which have humans involved in the domain verification proces

Re: SSL.com root inclusion request

2017-10-12 Thread Andrew R. Whalley via dev-security-policy
Greetings, I have reviewed SSLcom_CP_CPS_Version_1_2_1 and made the following notes: 1.3. CA diagrams are useful, thanks. 1.3.2 "SSL.com may delegate the performance of *all or any* part of these requirements to a Delegated Third Party" though the BRs preclude sections 3.2.2.4 and 3.2.2.5. - S

Re: SSL.com root inclusion request

2017-09-08 Thread Kathleen Wilson via dev-security-policy
On Tuesday, August 8, 2017 at 2:26:02 PM UTC-7, Aaron Wu wrote: > This request from SSL.com is to include the “SSL.com Root Certification > Authority RSA”, “SSL.com Root Certification Authority ECC”, “SSL.com EV Root > Certification Authority RSA”, and “SSL.com EV Root Certification Authority >