> On 14 Sep 2017, at 12:11 pm, Wayne Thayer via Public
> wrote:
>
> Thanks Geoff. To be clear, does your proposed language require
> ‘authentication of an NSEC RRset that proves that no DS RRset is present for
> this zone’ in order to meet the new condition of the last item, or can an
> una
> On Sep 14, 2017, at 2:37 PM, Peter Bowen wrote:
>
>
>> On Sep 14, 2017, at 10:02 AM, Geoff Keating via Public
>> wrote:
>>
>> At the moment the BRs say:
>>
>> CAs are permitted to treat a record lookup failure as permission to issue if:
>>
>> the failure is outside the CA's infrastructu
I had thought I had covered this with deft choice of the normative language in
the errata. Seems not.
We can allow following the errata as soon as the ballot takes effect. How long
before phasing out? 3 months?
> On Sep 14, 2017, at 2:06 PM, Tim Hollebeek via Public
> wrote:
>
> To allow f
> On Sep 14, 2017, at 10:02 AM, Geoff Keating via Public
> wrote:
>
> At the moment the BRs say:
>
> CAs are permitted to treat a record lookup failure as permission to issue if:
>
> the failure is outside the CA's infrastructure;
>
> the lookup has been retried at least once; and
>
> the d
To allow for a reasonable transition, shouldn’t the ballot allow RFC 6844
either with or without the errata, and have a sunset date for the non-errata
version?
-Tim
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jacob
Hoffman-Andrews via Public
Sent: Wednesday, September 13, 20
Trustwave votes YES to Ballot 190
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via
Public
Sent: Monday, September 11, 2017 6:01 AM
To: CA/Browser Forum Public Discussion List
mailto:public@cabforum.org>>
Subject: [EXTERNAL][cabfpub] Two amendments to Ballot 190
The p
Thanks Geoff. To be clear, does your proposed language require ‘authentication
of an NSEC RRset that proves that no DS RRset is present for this zone’ in
order to meet the new condition of the last item, or can an unauthenticated
query that returns no DS record be used to meet this condition? If
At the moment the BRs say:
CAs are permitted to treat a record lookup failure as permission to issue if:
the failure is outside the CA's infrastructure;
the lookup has been retried at least once; and
the domain's zone does not have a DNSSEC validation chain to the ICANN root.
I suggest replac
TrustCor votes YES on Ballot 190.
Neil
> On 12 Sep 2017, at 23:23, Kirk Hall via Public wrote:
>
> Voting has started on Ballot 190 as proposed on Sept 5 (see bottom of this
> message, and attachments), as amended by my email from Sept. 11 (see
> immediately below). Voting runs through Sept.
All,
The Policy Review Working Group has been reviewing the use of the term
"Certification Authority" in the BRs and is now considering adopting a
use of the term "Trust Service Provider", which is included in ISO 21188
(referenced by WebTrust for CAs) and ETSI definitions. In general, the
t
On 12/09/17 23:23, Kirk Hall via Public wrote:
> Voting has started on Ballot 190 as proposed on Sept 5 (see bottom of
> this message, and attachments), as amended by my email from Sept. 11
> (see immediately below). Voting runs through Sept. 19 at 18:00 UTC.
Mozilla votes YES.
Gerv
___
As noted in the Paypal/Let's Encrypt meeting yesterday, James Burton has
published a blog post claiming that it's not difficult to get a
fraudulent EV certificate:
https://0.me.uk/ev-phishing/
Now, they didn't actually get a fraudulent one, and it did take them a
few days and a reasonable amount o
GlobalSign votes Yes on Ballot 190.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via
Public
Sent: Tuesday, September 12, 2017 6:23 PM
To: CA/Browser Forum Public Discussion List
Subject: [cabfpub] Voting has started on Ballot 190
Voting has started on Ballot 190 as
13 matches
Mail list logo