> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg
> wrote:
>
> Sectigo votes NO.
>
> We don't object to the idea behind this ballot, and we don't have any
> specific objections to the content of this ballot either. However, the
> IETF has a process for defining new CAA
On Jul 12, 2018, at 12:51 PM, Wayne Thayer wrote:
> Paul- can explain your use case for this information? That might help us
> determine if the proposal is worth pursuing.
There are communities who use certificates who trust some BR-allowed methods
more than others. Some of the methods are
Greetings. I am interested in finding out which member CAs use each of the
methods listed in Section 3.2.2.4 of the BRs. I looked around the CABF web site
and could not find any such list, but could have missed it. If the CABF doesn't
keep such a list, does anyone know of an external researcher
On May 29, 2018, at 11:35 AM, Kirk Hall via Public wrote:
> ICANN has tended to be represented only by Francisco Arias, who is an
> employee, I think. I don’t have experience with Tscheme on this issue.
Francisco is indeed an employee of ICANN. :-) So am I, but I don't participate
in the
(Unlurking, this time as one of the IETF's S/MIME WG chairs for more than a
decade)
> On May 24, 2018, at 7:39 AM, Ryan Sleevi via Public
> wrote:
>
> ... the basic foundation of how you validate an e-mail address is going to be
> key. Whether that's by validating the
On Mar 1, 2018, at 7:51 AM, Ben Wilson via Public wrote:
>
> Forwarding from Richard Wang:
>
> The current BRs say:
>
> Authorized Ports: One of the following ports: 80 (http), 443 (http), 25
> (smtp), 22 (ssh).
>
> But many internal networks use the port 8443, broadly
On Dec 8, 2017, at 7:38 AM, Kirk Hall via Public wrote:
> In the past, we have let ballot authors correct typos - such as "certificaet"
> to "certificate". Would that no longer be allowed (meaning, would that type
> of editing to a ballot require the restart of a new seven
On Nov 21, 2017, at 7:03 AM, Gervase Markham via Public
wrote:
>
> On 03/11/17 23:23, Kirk Hall via Public wrote:
>> This email is to lay out the course we want to follow to complete the
>> technical specs for Redaction in the IETF, and also to address the
>> recourse
On Sep 26, 2017, at 9:40 PM, Kirk Hall via Public wrote:
> Certainly we have the power to do this, and it has nothing to do with IETF or
> standards setting bodies
Just a small nit here, but the IETF often appreciates hearing from other bodies
who are implementing IETF
Related to this tread, a post on the dns-operations mailing list from just now:
https://lists.dns-oarc.net/pipermail/dns-operations/2017-September/016752.html
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public
Greetings. I'm interested in how CAA is working out for both the names and CA
communities.
Is someone collecting anecdotal reports of certificate non-issuance due to CAA
checking? I kind of imagine they fall into at least two buckets: "I really do
own the name but don't know how that wrong CAA
On Aug 21, 2017, at 1:59 PM, Kirk Hall via Public wrote:
> Gerv, I was asked by my team “what problem is this ballot solving”? Not in
> opposition, but just wondering why we need it?
An outside view:
I have had to point people to the BR a few times, and have sometimes
On Aug 1, 2017, at 11:50 AM, Erwann Abalea wrote:
> I personally think the new definition is clear and unambiguous; a label is
> composed of arbitrary octets, and can even be empty (which is the case for
> the root). But for the new definition to fit our purpose, we
On Jul 31, 2017, at 11:57 AM, Peter Bowen <p...@amzn.com> wrote:
>
>
>> On Jul 31, 2017, at 11:20 AM, Paul Hoffman via Public <public@cabforum.org>
>> wrote:
>>
>> To (apologetically) throw a spanner into the works here: RFC 7719 is being
>&g
On Jul 31, 2017, at 10:45 AM, Rich Smith via Public wrote:
>
> Hi Peter,
> Overall, I like your suggestions, but could I ask that in definitions where
> you refer to outside RFC definitions that you include those outside
> definitions verbatim so that someone reading the
On Jul 18, 2017, at 8:35 PM, Jeremy Rowley via Public
wrote:
>
> We recently encountered a reoccurring scenario while using .well-known to
> validate a certificate. The customer is trying to validate basedomain.com
> using
Greetings. I didn't see this message about the IETF Last Call on this document
sent here, but it could certainly be of interest to CABForum members.
Forwarded message:
The IESG has received a request from the Limited Additional Mechanisms for
PKIX and SMIME WG (lamps) to consider the following
On Jul 11, 2017, at 10:42 AM, Ryan Sleevi wrote:
> Is there a reason not to simply include the errata text as an Appendix
> to the BRs (thus ensuring the necessary IP protections as well), and
> then remove that once/if the CAA document is updated?
>
> This seems clearer and
On Jun 30, 2017, at 3:47 PM, Kirk Hall wrote:
>
> Paul - how does this look? Thanks for your help.
>
> Note: Once the FQDN has been validated using this method, the CA MAY also
> issue Certificates for other FQDNs that have more labels than the validated
>
> On Jun 30, 2017, at 3:04 PM, Kirk Hall via Public wrote:
>
> “Note: Once the FQDN has been validated using this method, the CA MAY also
> issue Certificates for other FQDNs that end in the validated FQDN. This
> method is suitable for validating Wildcard Domain
On Jun 13, 2017, at 8:14 AM, Gervase Markham via Public
wrote:
>
> On 13/06/17 15:33, Phillip via Public wrote:
>> I do not see a good argument for including the text in the BR and a good
>> reason not to.
>
> Well, you may not consider it a good argument, but the
On Jun 9, 2017, at 9:38 AM, Gervase Markham via Public
wrote:
>
> On 06/06/17 09:42, Gervase Markham via Public wrote:
>> So if and when we do think PHB's algorithm tweak is both stably defined
>> and an improvement, then amending the BRs to specifically incorporate
>> the
22 matches
Mail list logo