Re: [cabfpub] [EXTERNAL] Ballot 204: Forbid DTPs from doingDomain/IP Ownership Validation

CFCA votes Yes Zhang Yi China Financial Certification Authority From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, June 26, 2017 8:18 AM To: CABFPub Subject: [EXTERNAL][cabfpub] Ballot 204: Forbid DTPs from doing

Re: [cabfpub] [EXTERNAL] Ballot 204: Forbid DTPs from doingDomain/IP Ownership Validation

GDCAvotes Yes on ballot 204. Yongqiang ZHANG Global Digital Cybersecurity Authority CO., LTD. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, June 26, 2017 8:18 AM To: CABFPub public@cabforum.org Subject: [EXTERNAL][cabfpub] Ballot

Re: [cabfpub] Profiling OCSP & CRLs

I suppose one challenge I have with "infrequently used" is that it effectively states that CAs do not believe that OCSP Stapling should/can be used for all certificates. That is, I think one vision of the future would be to say all sites support OCSP stapling, and all (Web PKI) clients request

Re: [cabfpub] Profiling OCSP & CRLs

More of "it would be nice" for OCSP responder certs. Right now, we run all OCSP through our CA hardware. Yes - your summary is exactly what I was thinking. We can roll responder certs pretty easily but the signing limit is often hardware-based. Moving to Level 2 hardware gives us more

Re: [cabfpub] Profiling OCSP & CRLs

I'm not sure - are you suggesting that the BRs (and/or NetSec guidelines) allow for that? Or is that more a "Would be nice"? For the incremental improvement of a normative profile, I'd rather keep the status quo - which I believe already requires the hardware key protection at Level 3 in Section

Re: [cabfpub] Profiling OCSP & CRLs

> On Jul 10, 2017, at 1:47 PM, Jeremy Rowley via Public > wrote: > > A shorter validity period for responders isn’t painful, but could we have a > looser interpretation on hardware? What if delegated responder certs were > stored in FIPS 140-2 Level 2 if they were short

Re: [cabfpub] Profiling OCSP & CRLs

A shorter validity period for responders isn’t painful, but could we have a looser interpretation on hardware? What if delegated responder certs were stored in FIPS 140-2 Level 2 if they were short periods? From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via

Re: [cabfpub] [EXTERNAL] Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation

Entrust votes Yes for ballot 204. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, June 26, 2017 8:18 AM To: CABFPub Subject: [EXTERNAL][cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP Ownership

[cabfpub] Voting on Ballot 204 ends tomorrow (July 11) at 23:00 UTC

So far we have only 7 votes; I believe quorum is 12 votes. ___ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation

Comodo votes Yes on Ballot 204 Regards, Rich Smith Senior Compliance Manager Comodo From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, June 26, 2017 7:18 AM To: CABFPub Subject: [cabfpub] Ballot 204: Forbid DTPs

Re: [cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation

HARICA votes "yes" to ballot 204. Dimitris. On 26/6/2017 3:18 μμ, Gervase Markham via Public wrote: *Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation * *Purpose of Ballot: *At the moment, CAs are permitted to delegate the process of domain and IP address validation.