On Wed, Nov 9, 2016 at 11:06 AM, Peter Bowen wrote:
> Ryan,
>
> If we adopt CAA hard-fail only, and it does become a problem, what is the
> path to correct, given the current WebTrust cycle? At it stands, I expect
> it to take years to correct if it makes it into a WebTrust
On Wed, Nov 9, 2016 at 9:34 AM, Peter Bowen wrote:
> Ryan,
>
> I presume Google has internal controls in place that cover who can sign
> contracts and under what circumstances. I am inclined to side with Bruce
> on this one — a signed contract should be prima facie evidence of
>
On Tue, Nov 8, 2016 at 11:01 AM, Gervase Markham wrote:
> Given that we will simultaneously be discussing and hopefully before too
> long be voting on some changes to the Bylaws to solve the problem, their
> trust does not have to extend for that long.
>
You said "hopefully
On Tue, Nov 8, 2016 at 10:21 AM, Gervase Markham wrote:
> On 08/11/16 18:10, Ryan Sleevi wrote:
> > Can you point me to the ballot or bylaw that guarantees this? Otherwise,
> > you're taking a gamble that everyone will behave rationally - which,
> > from a legal perspective, is
On Tue, Nov 8, 2016 at 10:07 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
> and I think the general risks of
> IPR "fishing" Ryan raises would not come into play because we would only
> be using this process for a limited time and a known number of ballots
> with known content.
On Tue, Nov 8, 2016 at 8:46 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
> I may have buried the lede here, so:
>
> On 03/11/16 16:21, Gervase Markham wrote:
> > be addressed, which would be fine. But would both sides be willing to
> > allow Mark to rule on original intent, and
Jeremy,
Just to check - I don't recall there being a formal ballot to terminate the
WG (as per section 5.2 of the bylaws), so a few quick and easy process
questions:
1) Do you expect that the continuation of the Validation WG will be
conducted in accordance with the scope and deliverables of
On Fri, Nov 4, 2016 at 5:03 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
> On 03/11/16 18:20, Dimitris Zacharopoulos wrote:
> > 1. whether it is dictated in the bylaws or the IPR policy that the CA/B
> > Forum must produce patent-free guidelines (otherwise it is probably
> >
On Thu, Nov 3, 2016 at 11:20 AM, Dimitris Zacharopoulos via Public <
public@cabforum.org> wrote:
> Well, my question was not intended to interfere with the other threads
> regarding the current ballots or the sequence of events that have to take
> place. I was more curious if there is a clear
On Wed, Nov 2, 2016 at 3:05 PM, Kirk Hall via Public
wrote:
> Of course, the PAG will not be providing legal advice to any member. In
> the end, the ballot might be modified by the proposer and two endorsers
> (which would probably trigger another discussion period and
On Wed, Nov 2, 2016 at 3:41 PM, Geoff Keating via Public <
public@cabforum.org> wrote:
>
> > a) Is the process that the PAG may modify the ballot before the vote,
> based on its conclusions? If so, do we need a new Discussion Period after
> the PAG? If not, and the PAG makes "recommendations",
More concretely to the discussion of the F2F, which does not yet appear in
the draft minutes, and for which a recording would be necessary to fully
reconstruct arguments from those on the call (Virginia) or in the room
(Jeremy), during the F2F, I discussed and disagreed with Virginia's
statements
Hi Kirk,
Can you provide the recording of the F2F to support your claim that "you
didn't raise these issues at the F2F either"?
Thanks,
Ryan
On Wed, Nov 2, 2016 at 11:31 AM, Kirk Hall
wrote:
> Emails before the F2F are available, and so are teleconference
>
On Wed, Nov 2, 2016 at 11:04 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
> Questions for proponents of Position 2:
>
> j) This position states that we vote, there's an IPR review, and the
> change gets made regardless of what it turns up. So encumbered
> requirements could make
On Wed, Nov 2, 2016 at 11:03 AM, Gervase Markham wrote:
> On 02/11/16 17:39, Ryan Sleevi wrote:
> > That is, Ballots 181 and 182 are thus Draft Guidelines, and need 60 day
> > reviews,
>
> How does this follow?
>
> Section 4.1: "Prior to the approval of a CAB Forum Draft
On Wed, Nov 2, 2016 at 10:40 AM, Kirk Hall
wrote:
> First, why did you say nothing about this during the weeks of discussion
> on this list, (with Virginia, me, and others pointing out we were not
> following our IPR Policy, and must do so now)? We made it clear
On Wed, Nov 2, 2016 at 10:32 AM, Gervase Markham <g...@mozilla.org> wrote:
> On 02/11/16 15:57, Ryan Sleevi via Public wrote:
> > Oh, and I would note the Key Definitions of 8.3
> >
> > d. “Draft Guideline” means a version of a CAB Forum guideline that has
>
On Wed, Nov 2, 2016 at 9:04 AM, Kirk Hall
wrote:
> No one at the meeting objected at that time, said the procedure was wrong,
> or suggested a different procedure.
>
I feel this deserves calling out on it's own - I do not believe this is not
an accurate
On Wed, Nov 2, 2016 at 9:04 AM, Kirk Hall
wrote:
> Clearly there are people in the Forum who don’t agree with this analysis –
> I am one.
>
>
>
> Can you clarify – do you believe Position 1 is wrong, and Position 2 is
> correct? Or are just weighing the two
On Wed, Nov 2, 2016 at 8:45 AM, Kirk Hall via Public
wrote:
> So under Position 2, how do we ever get to Approval - which (under the IPR
> Policy) can only come AFTER the Review Period is over. Something is
> missing from the Position 2 process?
>
> Can someone who supports
On Wed, Nov 2, 2016 at 8:14 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
> This is my understanding of the current controversy regarding the
> balloting process. I'm sure it is incomplete. Can people make
> corrections and additions until it's accurate and everyone can
>
On Sat, Oct 29, 2016 at 12:59 AM, Gervase Markham wrote:
> On 28/10/16 17:49, Ryan Sleevi wrote:
> > On Fri, Oct 28, 2016 at 7:49 AM, Peter Bowen via Public
> > > wrote:
> >
> > I think CAs should track this so we can come
On Fri, Oct 28, 2016 at 9:57 AM, Peter Bowen wrote:
>
> With products like the Cavium CNN3560-NFBE-G supporting more than 30,000
> RSA signatures per second when using a 2048-bit key, I'm confident that
> the multiple DNS lookups required by CAA will be the long pole.
>
And if I
On Fri, Oct 28, 2016 at 9:52 AM, Peter Bowen wrote:
>
> OK. I used a machine with a locally running caching resolver. I then did
> the following as a test:
>
> Fetch top-1m.csv.zip
> Unzip it
> head -n 200 top-1m.csv | cut -d, -f2 | sed -r -e ’s/^/www./‘ > top200.txt
> echo
On Fri, Oct 28, 2016 at 8:01 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
> However, the expected use case for skipsubdomains=true is when CAs
> have a very particular relationship with a small number of clients who
> need high speed issuance.
If that is the use case, then I
On Fri, Oct 28, 2016 at 7:49 AM, Peter Bowen via Public wrote:
>
> I think CAs should track this so we can come back in a year and review how
> often allowing soft-fail had any impact.
We've been spinning our wheels on this point for several years. For four
years now,
On Thu, Oct 27, 2016 at 8:33 PM, Peter Bowen via Public wrote:
> I propose that this be mitigated by adoption a two prong rule for CAA:
> 1) By default CAs must treat the presence of CAA records which do not
> include them as “hard fail” and not issue
> 2) However, if the
On Thu, Oct 27, 2016 at 3:44 PM, Richard Barnes via Public <
public@cabforum.org> wrote:
>
>
> On Thu, Oct 27, 2016 at 6:33 PM, Jody Cloutier via Public <
> public@cabforum.org> wrote:
>
>> Question: If a company has trusted roots, but it does not issue roots to
>> the general public, would it
Forwarding on behalf of Brian Smith
On Wed, Oct 26, 2016 at 2:39 PM, Brian Smith wrote:
> [Please forward this message to the CABForum mailing list. Thanks!]
>
> Rick Andrews via Public wrote:
>
>> Rob, I think the primary use case is OCSP for code
On Wed, Oct 26, 2016 at 11:45 AM, Kirk Hall
wrote:
> I think we may be making too much of all this. If we have both an old
> style ballot to make the change now following the procedures in our Bylaws
> and our past practices, at the very least we will have added
On Wed, Oct 26, 2016 at 11:00 AM, Jeremy Rowley
wrote:
> I’m not sure if there is consensus on Virigina’s interpretation. We
> haven’t even had a straw poll to agree/disagree on the issue.
>
>
>
> That’s my interpretation more or less with one point. I don’t see a
Hi Kirk,
It's unclear what the discussion agenda is for Items 11 - CT is.
I especially want to highlight Google's position that the proper venue for
discussing CT use case/concerns (with the protocol) is the IETF, and that
the proper venue for discussing concerns with CT's requirement in Chrome
On Wed, Oct 26, 2016 at 10:02 AM, Jeremy Rowley
wrote:
> It’s important because a draft guideline isn’t non-binding on the CAB
> Forum membership. The bylaws clearly spell out how a ballot takes place:
>
>
>
> (c) A representative of any Member can call for a
a CAA record in the DNS is a lot more
> difficult than changing the record once established.
>
>
>
> *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Ryan
> Sleevi via Public
> *Sent:* Wednesday, October 26, 2016 9:52 AM
> *To:* Eneli Kirme <eneli.ki...@sk.e
Reposting to public, somehow lost.
On Oct 26, 2016 9:32 AM, "Ryan Sleevi" wrote:
> On Oct 26, 2016 9:06 AM, "Jeremy Rowley"
> wrote:
> >
> > It’s called a “CAB Forum Draft Guideline” and would follow the procedure
> already established by the
On Oct 25, 2016 10:38 PM, "Eneli Kirme via Public"
wrote:
>
> Hi,
>
> In practice CAA record are subject to be manipulated by UI provided by
DNS records management. We have no way to control it and once there is a
“default” listed for customer convenience then the damage for
On Oct 26, 2016 8:40 AM, "Kirk Hall via Public" wrote:
>
> Helpful suggestion, Gerv - thanks.
>
> On the question of whether our change of processes to comply with our IPR
Policy must be complete and immediate, I think about the prayer of the St.
Augustine who was trying to
On Tue, Oct 25, 2016 at 5:26 PM, Kirk Hall via Public
wrote:
> Wayne – I agree with you we that need to move forward now.
>
>
>
> Previously we had discussed not putting forward any ballots that amend the
> current BRs or EVGL until we complete the readoption Ballot 180,
Similarly, can you produce a redline version for this ballot?
Thanks
On Tue, Oct 25, 2016 at 1:38 PM, Kirk Hall via Public
wrote:
> *This is the start of the 7 day discussion period for this Ballot. The
> Review Period under our IPR Policy will start on Nov. 1, and run
Last request for a redline version. Thanks :)
On Tue, Oct 25, 2016 at 1:38 PM, Kirk Hall via Public
wrote:
> *This is the start of the 7 day discussion period for this Ballot. The
> Review Period under our IPR Policy will start on Nov. 1, and run for 60
> days. I will
Hi Kirk,
Per our past F2F conversation - https://cabforum.org/2016/05/25/2016-05/ -
would you mind preparing redline versions of the documents changed?
I'm specifically referencing this part of the conversation, from Ben Wilson:
"Ben: As we’ve said in the past, we should prepare a redlined
t;
>
> -Rick
>
>
>
> *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Ryan
> Sleevi via Public
> *Sent:* Tuesday, October 25, 2016 8:22 AM
> *To:* Gervase Markham <g...@mozilla.org>
> *Cc:* public@cabforum.org
> *Subject:* Re: [cabfpu
On Tue, Oct 25, 2016 at 1:57 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
>
> I think this is definitely worth exploring, and I am confident we can
> work out some reasonable parameters. However, I wonder if, if we are not
> checking CAA at every issuance, it would be wise for CAs
[Note: This is cross-posted. The best venue for follow-up questions is the
public mailing list at ct-pol...@chromium.org or the post at
https://groups.google.com/a/chromium.org/d/msg/ct-policy/78N3SMcqUGw/ykIwHXuqAQAJ
]
This past week at the 39th meeting of the CA/Browser Forum, the Chrome team
Kirk,
It's sad to see your promise was so short lived. That is, the " I promise I
will read the links carefully for the details you have provided. " promise
you made one hour ago.
Since your message is not appearing in the archives, I'll link you to the
reply in which I quoted you, in the hopes
On Mon, Oct 24, 2016 at 1:38 PM, Kirk Hall
wrote:
> Ryan, this discussion is happening on the Public list, and members of the
> public were not at our meeting.
>
Which is why minutes of our phone calls and meetings are so important.
> So please drop your
On Mon, Oct 24, 2016 at 12:09 PM, Kirk Hall
wrote:
> Yes, please provide the links to all – I certainly don’t remember any
> details from what you have said in the past, and others feel the same way.
> I promise I will read the links carefully for the details you
On Mon, Oct 24, 2016 at 11:32 AM, Kirk Hall
wrote:
> Ryan, I have to admit I have not always understood your response on
> Jeremy’s question (which I have asked myself). You have said at times “we
> already answered that”, but I think many of us can’t recall what
Jeremy,
This has been repeatedly asked on calls, and each time Google provides
details about how it has prevented unauthorized issuance?
Can we accept CAA has worked, helped for those CAs that check, and move on?
On Mon, Oct 24, 2016 at 8:40 AM, Jeremy Rowley via Public <
public@cabforum.org>
On Tue, Oct 18, 2016 at 4:34 PM, Dean Coclin via Public wrote:
> While I'm not the technical expert here, assuming we could, wouldn't they
> then need to undergo the 10 day eval period?
>
Yes
___
Public mailing list
On Tue, Oct 18, 2016 at 4:10 PM, Dean Coclin via Public wrote:
> Given that the current TBS certs have passed cryptanalysis, could you allow
> the issuance of the TBS certs as presented, and mandate that the CA revoke
> those
> certs on 12/31 (or the next business day).
Google concurs with Mozilla's findings. We believe it would be best to see
these certificates expire by December 31, 2016, for this and future
requests.
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public
On Tue, Oct 11, 2016 at 5:26 PM, Peter Bowen wrote:
>
> You are conflating two things here. "it's perfectly acceptable for the
> domain operator to be distinct from the certificate applicant” - Yes.
> Akamai or Fastly (or any CDN) can apply for a certificate for a domain
>
While I understand the IETF doesn't work on policy, I meant to suggest that
the most important aspect - which absolutely belongs in the IETF - is use
cases.
I do not believe we can have a meaningful discussion of policy without
understanding use cases. It's clear that the technical solutions
Forwarding on behalf of Patrick Donahue, at Cloudflare.
On Sun, Oct 9, 2016 at 8:09 PM, Patrick Donahue wrote:
>
>
>
>> We examined this mechanism and determined that due to the variety of POS
>> devices using our network, the client HELLO will not allow us to
>>
801 - 855 of 855 matches
Mail list logo