Re: [cabfpub] [外部郵件] RE: No post of CABF minutes of Oc =?utf-8?Q?t_12=2C 2017_Teleconference

2018-01-10 Thread 陳立群 via Public
_call?= Date: Thu, 11 Jan 2018 12:50:04 +0800 Message-ID: <013b01d38a97$c34d3c70$49e7b550$@cht.com.tw> X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQHpWcjYZwggTSSxVQPf1y6w+6sffQIezAA1AStiApqjKCVQAA== Content-Language: zh-tw MIME-Version: 1.0 Content-Type: multipart/signed;

Re: [cabfpub] No post of CABF minutes of Oct 12, 2017 Teleconference call

2018-01-10 Thread Ben Wilson via Public
I’ve posted them now. https://cabforum.org/2017/10/12/2017-10-12-minutes/ Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of realsky(CHT) via Public Sent:

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

2018-01-10 Thread Peter Bowen via Public
Can we also include a validation method based on the one I suggested a couple of months ago in https://cabforum.org/pipermail/public/2017-October/012423.html ? That method would provide a strong link between Registry/Registrar

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

2018-01-10 Thread Daymion T. Reynolds via Public
I am in agreement with this approach. Thanks Ryan for wrapping this up. Daymion From: Ryan Sleevi [mailto:sle...@google.com] Sent: Wednesday, January 10, 2018 4:49 PM To: Daymion T. Reynolds Cc: CA/Browser Forum Public Discussion List ; Kirk Hall

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

2018-01-10 Thread Ryan Sleevi via Public
So to make sure I've captured the discussion points of 3.2.2.4.1 for the "things that would be disruptive" For situations like GoDaddy (in which the CA is the Registrar as well) - or for situations like, say, Google Trust Services/Google, in which the CA is an Affiliate of the Registrar (I think;

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

2018-01-10 Thread Daymion T. Reynolds via Public
Ryan, Q: Can you explain why you do not believe it is more secure? A: I am not stating its more secure, but .1 Option #3 is on par with other deemed secure options. It is secure because only the domain owner is the authorized user to a registrars account, and only they can order a cert for a

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

2018-01-10 Thread Daymion T. Reynolds via Public
Ryan, Thank you for replying as this is a good discussion to have. “Direct contact” is great method when you don’t have a clean, reliable data source to validate ownership. For Registrar / CA combos, whereby the same account ordered the domain and the cert, knowledge of ownership

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

2018-01-10 Thread Masaki SHIMAOKA via Public
# This post is on behalf of my colleagues. We support to strengthen 3.2.2.4.1. Besides, we don't think that 3.2.2.4.1 and .5 can replace within a short period. In our understanding, we are using 3.2.2.4.1 and .5 in our validation process. We understand that checking the domain with 3.2.2.4.1