Re: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

Apple votes YES. Cheers, Curt > On Apr 5, 2017, at 12:46 AM, Dimitris Zacharopoulos via Public > wrote: > > > After the recent discussion, the ballot is now updated with simpler language. > Voting starts tomorrow April 6th. > > Dimitris. > > > Ballot 189 - Amend

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

> On Apr 10, 2017, at 10:53 AM, Ryan Sleevi via Public > wrote: > > On Mon, Apr 10, 2017 at 11:48 AM, Doug Beattie > wrote: > Here are a couple of challenges the CAs face: > > -Updating all managed service Org and Domain information

Re: [cabfpub] Ballot 195 - CAA Fixup is in the DISCUSSION period (ends April 10)

> On Apr 10, 2017, at 3:18 PM, Jacob Hoffman-Andrews > wrote: > > On Mon, Apr 10, 2017 at 11:20 AM, philliph--- via Public > wrote: > Discussion in the LAMPS WG indicated that the consensus was to replace the > search

Re: [cabfpub] RFC5280-related Ballot - For Discussion

That's an interesting take. I read the same discussions and took quite the opposite conclusion. On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public wrote: > All, > > > > I’ve posted the proposal to the PKIX list and haven’t heard sufficient > opposition on that list,

Re: [cabfpub] RFC5280-related Ballot - For Discussion

All, I’ve posted the proposal to the PKIX list and haven’t heard sufficient opposition on that list, IMHO, that would merit holding up this proposed revision to the Baseline Requirements. I need two endorsers for a ballot. Thanks, Ben From: Ryan Sleevi [mailto:sle...@google.com]

Re: [cabfpub] Ballot 195 - CAA Fixup is in the DISCUSSION period (ends April 10)

On Mon, Apr 10, 2017 at 11:20 AM, philliph--- via Public < public@cabforum.org> wrote: > Discussion in the LAMPS WG indicated that the consensus was to replace the > search algorithm completely with one that uses prefixes. > I participated in the LAMPS WG via videoconference at IETF 98, and read

Re: [cabfpub] Ballot 195 - CAA Fixup is in the DISCUSSION period (ends April 10)

> On Apr 10, 2017, at 2:04 PM, Ryan Sleevi via Public > wrote: > > > > On Mon, Apr 10, 2017 at 12:39 PM, Gervase Markham via Public > > wrote: > On 10/04/17 17:27, Phillip Hallam-Baker via Public wrote: > > As I proposed

Re: [cabfpub] Ballot 195 - CAA Fixup is in the DISCUSSION period (ends April 10)

The rules for IETF errata depend on the nature of the change. Changes to the language that do not affect the technical details may be accepted or rejected. Changes to the technical content are either rejected or ‘held for document update’, that is publication of a new RFC. This is a change in

Re: [cabfpub] Brazilian bank DNS heist

> On Apr 6, 2017, at 3:44 PM, Richard Moore wrote: > > I'm including Ryan since he's said before he's willing to forward things to > the CAB list. Comments inline. > > On 6 April 2017 at 18:46, philliph--- via Public > wrote: >

Re: [cabfpub] Ballot 195 - CAA Fixup is in the DISCUSSION period (ends April 10)

On Mon, Apr 10, 2017 at 12:39 PM, Gervase Markham via Public < public@cabforum.org> wrote: > On 10/04/17 17:27, Phillip Hallam-Baker via Public wrote: > > As I proposed earlier, can we amend this so that instead of saying: > > > > "CAs MUST process the issue, issuewild, and iodef property tags as

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

On Mon, Apr 10, 2017 at 11:48 AM, Doug Beattie wrote: > Ryan, > > > > Ballot 194 allow for a temporary roll-back on the use of certificate data > (back to 39 months) until March 1, 2018. No other changes are being > included. The “security” reverts back to what it

Re: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

Buypass votes YES. Regards Mads From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public Sent: 5. april 2017 09:47 To: public@cabforum.org Cc: Dimitris Zacharopoulos Subject: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

Re: [cabfpub] Ballot 195 - CAA Fixup is in the DISCUSSION period (ends April 10)

As I proposed earlier, can we amend this so that instead of saying: "CAs MUST process the issue, issuewild, and iodef property tags as specified in RFC 6844, although they are not required to act on the contents of the iodef property tag." We say "CAs MUST process the issue, issuewild, and

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

Ryan, Ballot 194 allow for a temporary roll-back on the use of certificate data (back to 39 months) until March 1, 2018. No other changes are being included. The “security” reverts back to what it was prior to the ballot and we’re not introducing any loopholes or new Renewal processing. Here

[cabfpub] BR clarification re: test certificates

Section 2.2 of the BRs says: "The CA SHALL host test Web pages that allow Application Software Suppliers to test their software with Subscriber Certificates that chain up to each publicly trusted Root Certificate. At a minimum, the CA SHALL host separate Web pages using Subscriber Certificates

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

Prior to finalizing our vote, which is strongly inclined to vote against this as actively harmful to security, I want to make sure there's no other additional data that CAs wish to share. To date, the only information that's been shared is that it makes renewing a certificate - or changing its

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

Entrust votes Yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Chris Bailey via Public Sent: Sunday, April 2, 2017 4:27 PM To: public@cabforum.org Cc: Chris Bailey Subject: [EXTERNAL][cabfpub] Ballot 194 – Effective Date of Ballot 193

Re: [cabfpub] [EXTERNAL] Brazilian bank DNS heist

+1 -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling via Public Sent: Monday, April 10, 2017 10:36 AM To: CA/Browser Forum Public Discussion List Cc: Rob Stradling Subject: Re: [cabfpub]

Re: [cabfpub] Ballot 189 – Amend BR 6.1.7 to clarify signing by root keys is in VOTING period (ends APRIL 13)

On 10/04/17 00:29, Kirk Hall via Public wrote: > Reminder: Ballot 189 – Amend BR 6.1.7 to clarify signing by root keys - > is in the voting period (ends APRIL 13). Mozilla votes YES. Gerv ___ Public mailing list Public@cabforum.org

Re: [cabfpub] Brazilian bank DNS heist

On 10/04/17 07:29, Richard Wang via Public wrote: > As I know, for Internet banking security in China, some bank developed > its own client software that they don’t use browser, and the internal > important communication use IP address + SSL certificate, and the SSL > certificate is issued by the

Re: [cabfpub] Ballot 189 – Amend BR 6.1.7 to clarify signing by root keys is in VOTING period (ends APRIL 13)

Izenpe votes YES to Ballot 189 .eus gara ! horregatik orain nire helbide elektronikoa da: por eso mi dirección de correo electrónico ahora es: o-gar...@izenpe.eus Oscar García CISSP, CISM [Descripción: Descripción: firma_email_Izenpe_eus] ERNE! Baliteke mezu

Re: [cabfpub] Brazilian bank DNS heist

As I know, for Internet banking security in China, some bank developed its own client software that they don’t use browser, and the internal important communication use IP address + SSL certificate, and the SSL certificate is issued by the bank’s own CA. This will solve the DNS heist, fake SSL