Re: [cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

On Fri, Apr 28, 2017 at 3:59 PM, Jeremy Rowley via Public < public@cabforum.org> wrote: > I think removing DTPs completely would have some unforeseen consequences. > We talked about the need for DTPs when passing the guidelines and the > various reasons were given: > 1) Org validation - some entit

[cabfpub] Test Message

Please disregard, this is a test message. -Gordon ___ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public

[cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (amended April 26)

OATI votes YES to Ballot 197 as listed below. Thanks With kind regards, Patrick Tronnier Principal Security Architect & Sr. Director of Quality Assurance & Customer Support Phone: 763.201.2000 Fax: 763.201.5333 Direct Line: 763.201.2052 Open Access Technology International, Inc. 3660 Technology

[cabfpub] RE: Ballot 197 �C Effective Date of Ballot 193 Provisions (amended April 26)

Symantec votes ABSTAIN (as we did for Ballot 194) -Rick From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: 26. april 2017 07:45 To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Ballot 197 - Effective Date of Ballot 193 Provisions

Re: [cabfpub] Baseline Requirements v. 1.4.6

All versions are now posted here - https://cabforum.org/baseline-requirements-documents/ I will upload them to the wiki and update the GitHub version. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent

Re: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (amended April 26)

Microsoft votes yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Stephen Davidson via Public Sent: Friday, April 28, 2017 12:25 PM To: CA/Browser Forum Public Discussion List Cc: Stephen Davidson Subject: Re: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (am

Re: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (amended April 26)

SSC votes: "Yes". Thanks, M.D. On 4/26/2017 8:45 AM, Kirk Hall via Public wrote: Sorry, I lost version control on Ballot 197 (originally sent to the Public list on April 19) in my message earlier today – we are still in the Discussion Period, and so we can clearly make amendments. To resta

Re: [cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

I think removing DTPs completely would have some unforeseen consequences. We talked about the need for DTPs when passing the guidelines and the various reasons were given: 1) Org validation - some entities have DTPs that validate organizational validation in the country where they operate. 2)

Re: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (amended April 26)

QuoVadis votes yes, Regards, Stephen > > > > From: Public on behalf of Kirk Hall via Public > > Reply-To: CA/Browser Forum Public Discussion List > Date: Tuesday, April 25, 2017 at 10:45 PM > To: CA/Browser Forum Public Discussion List > Cc: Kirk Hall > Subject: [cabfpub] Ballot 197 – Ef

Re: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (amended April 26)

DigiCert votes “yes” From: Public mailto:public-boun...@cabforum.org>> on behalf of Kirk Hall via Public mailto:public@cabforum.org>> Reply-To: CA/Browser Forum Public Discussion List mailto:public@cabforum.org>> Date: Tuesday, April 25, 2017 at 10:45 PM To: CA/Browser Forum Public Discussi

Re: [cabfpub] [EXTERNAL]Re: Ballot 190

Our systems are focused on enterprises, who have the ability to come back to a portal whenever they like and get new certs for organizations and domains that have been validated. This continues for as long as the BRs allow re-use of proper validation data – at that point, all domains will be re

Re: [cabfpub] [EXTERNAL]Re: Ballot 190

A question, if I might: I’m not understanding the “massive revalidation of all existing domains” part here. My understanding is that if we alter the methods of validation, you would need to ensure that any applicants from that date forward are validated under acceptable methods, which may mean s

Re: [cabfpub] Fwd: RE: RFC 3647 Compliance

For what it's worth, the proposal gives that - 6 months - since we know there are some using 2527 :) It phases in at 8 December, which was 6 months + 44 days (14 days voting + 30 day IP review) from when I drafted it :) On Fri, Apr 28, 2017 at 9:35 AM, Gervase Markham via Public < public@cabforum

Re: [cabfpub] [EXTERNAL]Re: Ballot 190

Yes, that’s good information on possible exploits - thanks. That’s why we worked so long on improving BR 3.2.2.4 – as you may recall, I was deeply involved in that, and very supportive. But I’d really like to know if there is evidence that cert “misissuance” occurred in the past because of the

Re: [cabfpub] Ballot 190

> On Apr 28, 2017, at 9:06 AM, Kirk Hall via Public wrote: > > 1. It appears from various comments over time that your biggest concern > about re-use of prior validation data relates to method 3.2.2.4.6 – Agreed > Upon Change to Website. Old method 6 required “Having the Applicant > demons

Re: [cabfpub] [EXTERNAL]Re: Ballot 190

Kirk, I’m very hesitant to call anything “misissuance” based on the old methods as the CA followed the rules. I am reasonably sure that the following certificates were issued using either “any other” or an agreed upon change to website method: https://crt.sh/?id=106122476

Re: [cabfpub] Ballot 190

A couple of responses. 1. It appears from various comments over time that your biggest concern about re-use of prior validation data relates to method 3.2.2.4.6 – Agreed Upon Change to Website. Old method 6 required “Having the Applicant demonstrate practical control over the FQDN by making a

Re: [cabfpub] [EXTERNAL]Re: Draft Agenda for CABF teleconference April 27

On 26/04/17 23:20, Kirk Hall wrote: > I'm concerned that if we create yet another public web page for this, > it won't be updated. That is certainly a risk; which is perhaps why the "Github Issues" method that someone proposed might well be the way forward. Gerv _

Re: [cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

> On Apr 28, 2017, at 7:06 AM, Gervase Markham via Public > wrote: > > On 27/04/17 19:52, Kirk Hall wrote: >> Please humor me (and the rest of the members, and the public >> following this list). In one or two paragraphs, can you summarize >> your reasons? > > I think that has been effectivel

[cabfpub] 3rd Party RAs

One of the questions we asked in our April CA Communication was whether CAs had 3rd party RAs, of the sort that my proposed ballot intends to ban. The deadline for responses has not yet come so the list is incomplete, but you can see that of the 29 CAs who have answered so far: https://mozillacapr

[cabfpub] 3rd Party RAs

One of the questions we asked in our April CA Communication was whether CAs had 3rd party RAs, of the sort that would be banned by my proposed ballot. The deadline for responses has not yet come so the list is incomplete, but you can see that of the N CAs who have answered so far: _

Re: [cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

On 27/04/17 19:52, Kirk Hall wrote: > Please humor me (and the rest of the members, and the public > following this list). In one or two paragraphs, can you summarize > your reasons? I think that has been effectively done elsewhere in this thread. Fixing audits to reliably include DTPs is very di

Re: [cabfpub] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

On 27/04/17 23:17, Ryan Sleevi via Public wrote: > At Trend Micro, when validating some governments and enterprises in > Central and South America, we relied on law firms in the countries > involved to (1) obtain necessary validation documents confirming the > legal name(s) of the a

Re: [cabfpub] Ballot 190

Hi Jeremy, On 27/04/17 21:00, Jeremy Rowley via Public wrote: > Ben let me know that there were questions about Ballot 190. The ballot > was withdrawn and hasn’t gone to vote yet because of Section 2: My concerns with ballot 190 are threefold: 1) I think that applicability and sunset dates for s

[cabfpub] Fwd: RE: RFC 3647 Compliance

Forwarding as requested. Gerv Forwarded Message Subject: RE: [cabfpub] RFC 3647 Compliance Date: Thu, 27 Apr 2017 04:26:35 + From: Man Ho To: public@cabforum.org CC: g...@mozilla.org I can see that good points of deprecating the old RFC 2527. However, I can't tell whethe

Re: [cabfpub] Ballot 190

On Fri, Apr 28, 2017 at 1:32 AM, Kirk Hall wrote: > One other comment. Remember that for the last few months, new Methods 1-4 > and 7-10 were actually included under Method 11 “any other method” after > Ballot 181’s effective date, and that situation will continue until the > effective date of B

Re: [cabfpub] RFC 3647 Compliance

On Fri, Apr 28, 2017 at 7:58 AM, Doug Beattie wrote: > Ryan, > > > > Would CAs be able to add additional subsections to their CP and CPS under > your proposal? If so, GlobalSign is OK with the proposed ballot and > timeline. > > > > Doug > Yeah, that was something captured on yesterdays call. T

Re: [cabfpub] RFC 3647 Compliance

Ryan, Would CAs be able to add additional subsections to their CP and CPS under your proposal? If so, GlobalSign is OK with the proposed ballot and timeline. Doug From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: Tuesday, April 25, 2017 10:12 PM To:

Re: [cabfpub] Proposed Amendment to Ballot 197

HARICA votes "abstain" to ballot 197 (same as we voted to ballot 194). Dimitris. On 25/4/2017 11:30 μμ, Kirk Hall via Public wrote: Based on discussions on the list about the uncertain status of Ballot 194, the proposer and endorsers for Ballot 197 wish to amend Ballot 197 as shown below a

Re: [cabfpub] Ballot 197 ? Effective Date of Ballot 193 Provisions (amended April 26)

TURKTRUST votes “YES”. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: 26. april 2017 07:45 To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Ballot 197 - Effective Date of Ballot 193 Provisions (amended April 26) Sorry, I l