Re: [cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg > wrote: > > Sectigo votes NO. > > We don't object to the idea behind this ballot, and we don't have any > specific objections to the content of this ballot either. However, the > IETF has a process for defining new CAA

Re: [cabfpub] [Ext] Re: List of which CAs use which methods from Section 3.2.2.4?

On Jul 12, 2018, at 12:51 PM, Wayne Thayer wrote: > Paul- can explain your use case for this information? That might help us > determine if the proposal is worth pursuing. There are communities who use certificates who trust some BR-allowed methods more than others. Some of the methods are

[cabfpub] List of which CAs use which methods from Section 3.2.2.4?

Greetings. I am interested in finding out which member CAs use each of the methods listed in Section 3.2.2.4 of the BRs. I looked around the CABF web site and could not find any such list, but could have missed it. If the CABF doesn't keep such a list, does anyone know of an external researcher

Re: [cabfpub] [Ext] [EXTERNAL] Associate Member status and meeting participation by related entities

On May 29, 2018, at 11:35 AM, Kirk Hall via Public wrote: > ICANN has tended to be represented only by Francisco Arias, who is an > employee, I think. I don’t have experience with Tscheme on this issue. Francisco is indeed an employee of ICANN. :-) So am I, but I don't participate in the

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

(Unlurking, this time as one of the IETF's S/MIME WG chairs for more than a decade) > On May 24, 2018, at 7:39 AM, Ryan Sleevi via Public > wrote: > > ... the basic foundation of how you validate an e-mail address is going to be > key. Whether that's by validating the

Re: [cabfpub] [Ext] BR Authorized Ports, add 8443

On Mar 1, 2018, at 7:51 AM, Ben Wilson via Public wrote: > > Forwarding from Richard Wang: > > The current BRs say: > > Authorized Ports: One of the following ports: 80 (http), 443 (http), 25 > (smtp), 22 (ssh). > > But many internal networks use the port 8443, broadly

Re: [cabfpub] [Ext] Ballot XXX: Update Discussion Period

On Dec 8, 2017, at 7:38 AM, Kirk Hall via Public wrote: > In the past, we have let ballot authors correct typos - such as "certificaet" > to "certificate". Would that no longer be allowed (meaning, would that type > of editing to a ballot require the restart of a new seven

Re: [cabfpub] [Ext] New RFC on CT Domain Label Redaction

On Nov 21, 2017, at 7:03 AM, Gervase Markham via Public wrote: > > On 03/11/17 23:23, Kirk Hall via Public wrote: >> This email is to lay out the course we want to follow to complete the >> technical specs for Redaction in the IETF, and also to address the >> recourse

[cabfpub] Relation to the IETF

On Sep 26, 2017, at 9:40 PM, Kirk Hall via Public wrote: > Certainly we have the power to do this, and it has nothing to do with IETF or > standards setting bodies Just a small nit here, but the IETF often appreciates hearing from other bodies who are implementing IETF

Re: [cabfpub] [Ext] Voting has started on Ballot 21 - CAA Discovery CNAME Errata

Related to this tread, a post on the dns-operations mailing list from just now: https://lists.dns-oarc.net/pipermail/dns-operations/2017-September/016752.html ___ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public

[cabfpub] CAA checking: anecdotal reports?

Greetings. I'm interested in how CAA is working out for both the names and CA communities. Is someone collecting anecdotal reports of certificate non-issuance due to CAA checking? I kind of imagine they fall into at least two buckets: "I really do own the name but don't know how that wrong CAA

Re: [cabfpub] [Ext] [EXTERNAL] Ballot 212: Canonicalise formal name of the Baseline Requirements

On Aug 21, 2017, at 1:59 PM, Kirk Hall via Public wrote: > Gerv, I was asked by my team “what problem is this ballot solving”? Not in > opposition, but just wondering why we need it? An outside view: I have had to point people to the BR a few times, and have sometimes

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

On Aug 1, 2017, at 11:50 AM, Erwann Abalea wrote: > I personally think the new definition is clear and unambiguous; a label is > composed of arbitrary octets, and can even be empty (which is the case for > the root). But for the new definition to fit our purpose, we

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

On Jul 31, 2017, at 11:57 AM, Peter Bowen <p...@amzn.com> wrote: > > >> On Jul 31, 2017, at 11:20 AM, Paul Hoffman via Public <public@cabforum.org> >> wrote: >> >> To (apologetically) throw a spanner into the works here: RFC 7719 is being >&g

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

On Jul 31, 2017, at 10:45 AM, Rich Smith via Public wrote: > > Hi Peter, > Overall, I like your suggestions, but could I ask that in definitions where > you refer to outside RFC definitions that you include those outside > definitions verbatim so that someone reading the

Re: [cabfpub] [Ext] .well-known and re-directs

On Jul 18, 2017, at 8:35 PM, Jeremy Rowley via Public wrote: > > We recently encountered a reoccurring scenario while using .well-known to > validate a certificate. The customer is trying to validate basedomain.com > using

[cabfpub] Last Call: (Internationalization Updates to RFC 5280) to Proposed Standard

Greetings. I didn't see this message about the IETF Last Call on this document sent here, but it could certainly be of interest to CABForum members. Forwarded message: The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following

Re: [cabfpub] [Ext] Fixup ballot for CAA

On Jul 11, 2017, at 10:42 AM, Ryan Sleevi wrote: > Is there a reason not to simply include the errata text as an Appendix > to the BRs (thus ensuring the necessary IP protections as well), and > then remove that once/if the CAA document is updated? > > This seems clearer and

Re: [cabfpub] [Ext] Updated Ballot 190 v4 dated June 30, 2017

On Jun 30, 2017, at 3:47 PM, Kirk Hall wrote: > > Paul - how does this look? Thanks for your help. > > Note: Once the FQDN has been validated using this method, the CA MAY also > issue Certificates for other FQDNs that have more labels than the validated >

Re: [cabfpub] [Ext] Updated Ballot 190 v3 dated June 30, 2017

> On Jun 30, 2017, at 3:04 PM, Kirk Hall via Public wrote: > > “Note: Once the FQDN has been validated using this method, the CA MAY also > issue Certificates for other FQDNs that end in the validated FQDN. This > method is suitable for validating Wildcard Domain

Re: [cabfpub] [Ext] Fixup ballot for CAA

On Jun 13, 2017, at 8:14 AM, Gervase Markham via Public wrote: > > On 13/06/17 15:33, Phillip via Public wrote: >> I do not see a good argument for including the text in the BR and a good >> reason not to. > > Well, you may not consider it a good argument, but the

Re: [cabfpub] [Ext] Fixup ballot for CAA

On Jun 9, 2017, at 9:38 AM, Gervase Markham via Public wrote: > > On 06/06/17 09:42, Gervase Markham via Public wrote: >> So if and when we do think PHB's algorithm tweak is both stably defined >> and an improvement, then amending the BRs to specifically incorporate >> the