[cabfpub] Fwd: Re: [EXTERNAL] Re: [Cscwg-public] FW: Ballot CSC-22: High Risk Requirements Update

Hi all, Forwarding to the Forum public list to discuss at our call tomorrow. DZ. Jan 17, 2024 21:09:52 Bruce Morton : Hi Dimitris, Should we discuss this on the CA/Browser Forum call tomorrow? It may be great for all to have input/feedback in case this happens again. Otherwise, we will

[cabfpub] Final CA/Browser Forum agenda - Thursday, August 3, 2023 at 11:00 am Eastern Time

Here is the final agenda for the subject call. Jos Purvis (Fastly) is scheduled to take minutes and next up is Kiran Tummala (Microsoft). 1. Begin Recording - Roll Call 2. Read note-well 3. Review of Agenda 4. Approval of minutes from the July 20 Teleconference 5. Server Certificate Working

[cabfpub] Final Minutes of CA/Browser Forum Meeting - June 22, 2023

These are the final Minutes of the Teleconference described in the subject of this message. *Attendees:* Aaron Poulsen - (Amazon), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Adrian Mueller - (SwissSign), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin -

Re: [cabfpub] Draft Working Group Charter for Network Security WG

Ben, To minimize the risk of including IP protected material in the NetSec Guidelines, I propose that the IPR review process includes all Chartered Working Groups. Exclusion notices might arrive by any Member of any CWG. At the same time, all CWG members will be aware of changes in the NetSec

[cabfpub] The purpose of the CA/B Forum

Dear CA/B Forum Members, Recent posts [1], [2] were brought to my attention with a statement from a representative of a Certificate Consumer Member who believes that the role of the Forum is the following: "The Forum provides a venue to ensure Browsers do not place conflicting requirements

Re: [cabfpub] Presentation at CA Day Oct 24th 2018

And here are the rest of the presentations, all made publicly available today. https://www.enisa.europa.eu/events/tsforum-caday-2018/tsf-cad-2018-presentations Dimitris. On 25/10/2018 7:20 πμ, Dimitris Zacharopoulos via Public wrote: Attached is my presentation at the CA Day that took place

[cabfpub] VOTING HAS STARTED Forum-7 - Update ETSI requirements in the SCWG Charter

Voting has also started for ballot Forum-7. HARICA votes "yes" to ballot Forum-7. Dimitris. On 21/9/2018 8:03 πμ, Dimitris Zacharopoulos via Public wrote: The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Moudrick M. Dadashov of SSC and

[cabfpub] VOTING HAS STARTED Forum-6 - Update ETSI requirements in the Bylaws

HARICA votes "yes" to ballot Forum-6. Dimitris. On 17/9/2018 7:37 μμ, Dimitris Zacharopoulos via Public wrote: The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Moudrick M. Dadashov of SSC and Mads Egil Henriksveen from Bypass. *

Re: [cabfpub] [Servercert-wg] Ballot SC9 v4 – Establish the Validation Subcommittee of the SCWG

HARICA votes "yes" to ballot SC9 v4. Dimitris. On 19/9/2018 6:48 μμ, Wayne Thayer via Servercert-wg wrote: Here is an updated version of this ballot that will allow the Validation WG to continue as a Subcommittee after the October 3rd sunset for Legacy Working Groups that is built into our

Re: [cabfpub] Ballot FORUM-4 v3

HARICA votes "yes" to ballot Forum-4 v3. Dimitris. On 14/9/2018 9:50 μμ, Tim Hollebeek via Public wrote: As no additional typos or mistakes appear to have been found in the proposed redline, Ballot FORUM-4 v2 is hereby withdrawn, and this new Ballot FORUM-4 v3 submitted in its place. 

[cabfpub] Forum-7 - Update ETSI requirements in the SCWG Charter

The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Moudrick M. Dadashov of SSC and Mads Egil Henriksveen from Bypass. *Background*: Section 3 of the SCWG Charter describes the qualifying criteria for "Certificate Issuers" and "Root Certificate

[cabfpub] Forum-6 - Update ETSI requirements in the Bylaws

The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Moudrick M. Dadashov of SSC and Mads Egil Henriksveen from Bypass. *Background*: Sections 2.1(a)(1) and 2.1(a)(2) of the Bylaws describe the qualifying criteria for "Certificate Issuers" and "Root

Re: [cabfpub] [Servercert-wg] Ballot FORUM-4 v2

lic Discussion List *Subject:* Re: [Servercert-wg] [cabfpub] Ballot FORUM-4 v2 This is your first endorser. Thanks, M.D. On 9/16/2018 9:06 PM, Dimitris Zacharopoulos via Public wrote: Hi Inigo, Tim has withdrawn the changes to ETSI because his main goal is to just fix the Bylaws with th

Re: [cabfpub] [Servercert-wg] Ballot FORUM-4 v2

Hi Inigo, Tim has withdrawn the changes to ETSI because his main goal is to just fix the Bylaws with the language of Ballot 206. The risk of CAs using the old TS standards is already very high and we should not wait any longer to fix this. I'd be happy to propose a new ballot to fix the ETSI

Re: [cabfpub] Ballot Forum-2 - Chair and Vice-Chair Term Extensions

HARICA votes "yes" to ballot Forum-2. Dimitris. On 6/9/2018 7:35 πμ, Ben Wilson via Public wrote: *Ballot Forum-2 - Chair and Vice-Chair Term Extensions* Ben Wilson of DigiCert calls the following proposed ballot to be published for discussion and comment by the CABF membership. Dimitris

Re: [cabfpub] [Servercert-wg] Ballot FORUM-4 v2

Following-up on these comments, here is a proposed red-lined version that fixes the ETSI references. Dimitris. On 14/9/2018 10:06 πμ, InigoBarreira via Public wrote: Tim, I´d remove all mentions to ETSI TS documents (102 042 and 101 456) in all CABF documents. These TSs have not been

Re: [cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

It looks like a similar conversation was captured in the minutes of previous Server Certificate WG teleconferences. * https://cabforum.org/2018/07/12/2018-07-12-scwg-minutes/ where the ambiguity on how to form subcommittees was first raised *

Re: [cabfpub] Draft Ballot Forum-4 for discussion

in section 1.2.2. The issue with numbers that you note could be handled there as well. Sure, editorial changes can be drafted later. Dimitris. -Tim *From:*Public *On Behalf Of *Dimitris Zacharopoulos via Public *Sent:* Tuesday, September 11, 2018 7:43 AM *To:* public@cabforum.org *Subject

Re: [cabfpub] Draft Ballot Forum-4 for discussion

Thanks Tim, the changes seem to be in order. I have two suggestions. 1. Legacy WGs: If we delay this ballot for a couple of days and put it for vote after October 3rd, the language around Legacy Working Groups will be obsolete. I think it makes sense to wait a few days, remove section

Re: [cabfpub] [cabfman] Ballot Forum-3: Election of CA/Browser Forum Chair - ELECTION RESULTS

Thank you very much Clemens and Don, and thanks everyone for the support. Being in this Forum has been, and continuous to be, an amazing learning experience. I strongly recommend members to interact more and engage in conversations. They have nothing to lose but a lot to gain. I look forward

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

On 4/9/2018 8:22 μμ, Ryan Sleevi wrote: On Tue, Sep 4, 2018 at 1:08 PM Dimitris Zacharopoulos mailto:ji...@it.auth.gr>> wrote: On 4/9/2018 5:53 μμ, Ryan Sleevi wrote: I do not believe there is any justifiable or defensible reason to extend the 5 days requirement, nor do I

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

On 4/9/2018 5:53 μμ, Ryan Sleevi wrote: On Mon, Sep 3, 2018 at 1:48 PM Dimitris Zacharopoulos mailto:ji...@it.auth.gr>> wrote: On 24/8/2018 4:10 μμ, Ryan Sleevi wrote: On Fri, Aug 24, 2018 at 1:42 AM Dimitris Zacharopoulos via Servercert-wg

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

On 24/8/2018 4:10 μμ, Ryan Sleevi wrote: On Fri, Aug 24, 2018 at 1:42 AM Dimitris Zacharopoulos via Servercert-wg > wrote: I'm not sure if this has been discussed before (sorry if I missed did), but I would like to bring up the fact that

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

I'm not sure if this has been discussed before (sorry if I missed did), but I would like to bring up the fact that there might be Subscribers who suffer a Key Compromise (like the ones distributed with their own software or embedded within customer devices), who would be willing to leave the

Re: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group

On 20/8/2018 5:11 μμ, Jos Purvis (jopurvis) via Public wrote: I didn’t receive any further updates to this ballot by the end of the discussion period, so the voting period for this ballot is formally opened. It concludes at 0900 UTC on Monday, 27 August. Oh, and Cisco votes YES on ballot

Re: [cabfpub] Voting has started on Ballot SC3 version 2

HARICA votes "yes" to ballot SC3 version 2. Dimitris. On 13/8/2018 7:27 μμ, Kirk Hall via Public wrote: See text and link below.  Voting ends on Thursday, August 16, 2018 at 11:45 am Eastern. *From:* Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] *On Behalf Of *Tim Hollebeek

Re: [cabfpub] Voting Begins: Ballot SC2 - version 2: Validating certificates via CAA CONTACT

HARICA votes "yes" to ballot SC2. Dimitris. On 19/7/2018 6:02 μμ, Tim Hollebeek via Public wrote: > >   > > Administrivia: > >   > > 1. This ballot is being cross-posted to the CABF public mailing in > line with the consensus from last Thursday’s call that it is > important everyone is

Re: [cabfpub] Draft Ballot to establish new SCWG Network Security Subcommittee

Kirk, About the NetSec Subcommittee, I believe we should take into account the conclusion paragraph of the deliverable published on June 22nd 2018. The conclusion was not to "scrap" the NetSec Guidelines. I propose the following: ---

Re: [cabfpub] New Server Certificate Working Group

On 3/7/2018 3:36 μμ, Tim Hollebeek via Public wrote: > > This was discussed on the Governance Reform Working Group, and as I > recall, most people agree the distinction probably isn’t useful and is > a historical artifact.  But there wasn’t enough motivation to scrap it. > >   > > It is intended

Re: [cabfpub] Final Agenda for CABF our teleconference this Thursday, June 28, 2018 at 11:00 am Eastern Daylight Time

On 28/6/2018 11:17 πμ, Arno Fiedler via Public wrote: > > Dear Kirk, > > today D-TRUST has its 20th Anniversary, so Enrico and me can´t join. > > About the issue with ETSI, in my understanding there is no Associated > Membership",  there is a partnership between CA/B-Forum and ETSI, > details of

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

Subject:* Re: [cabfpub] For Discussion: S/MIME Working Group Charter On Fri, May 18, 2018 at 12:57 AM, Dimitris Zacharopoulos via Public <public@cabforum.org <mailto:public@cabforum.org>> wrote: On 18/5/2018 2:51 πμ, Ryan Sleevi via Public wrote: I don't think it's a cr

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

On 18/5/2018 1:39 πμ, Tim Hollebeek via Public wrote: (1) Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit, or ETSI TS 102042, ETSI 101456, or ETSI EN 319 411-1 audit report prepared by a

Re: [cabfpub] Voting begins for Ballot 223 v2 - Update BR Section 8.4 for CA audit criteria

HARICA votes "yes" to ballot 223v2. On 8/5/2018 12:48 πμ, Dimitris Zacharopoulos via Public wrote: The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Moudrick M. Dadashov of SSC and Tim Hollebeek from Digicert. *Background*: S

[cabfpub] Ballot 223 v2 - Update BR Section 8.4 for CA audit criteria

I received some private comments and suggestions from members about the proposed language. There were concerns that with some reading of the requirement, CAs under ETSI would need two audit reports (EN 319 401 and EN 319 411-1) instead of one. For ETSI, the EN 319 401 audit criteria is a

Re: [cabfpub] Ballot 223 - Update BR Section 8.4 for CA audit criteria

ons or concerns with the current proposal. Best regards, Dimitris. // Am 27.04.2018 um 13:58 schrieb Dimitris Zacharopoulos via Public: On 27/4/2018 2:21 μμ, Arno Fiedler via Public wrote: Hello Dimitris, so starting at Mai 1th is fine, if we get 21 days for discussion. Best regar

Re: [cabfpub] Ballot 223 - Update BR Section 8.4 for CA audit criteria

(with no changes) will be sent, probably on April 30, stating that the voting will begin on May 1st with no more possible updates to the ballot. Best Regards, Dimitris. Am 27.04.2018 um 07:39 schrieb Dimitris Zacharopoulos via Public: So far the discussion has been quiet which either means

Re: [cabfpub] Ballot 223 - Update BR Section 8.4 for CA audit criteria: Request to postpone it

/IEC 17065 supplemented by ETSI EN 319 403) so I suggest to postpone the start of the discussion phase on May, the 7th. Would realy like to cover the audit requirements from all browsers by the Ballot, so more time is needed. Thanks in advance and best regards Arno Fiedler Am 23.04.2018 um 07:18 schri

Re: [cabfpub] Ballot proposal - Update Section 8.4 for CA audit criteria

rs or when receiving unexpected emails.*/ On Sun, Apr 15, 2018 at 2:18 AM, Dimitris Zacharopoulos via Public <public@cabforum.org <mailto:public@cabforum.org>> wrote: I am looking for two endorsers for the following ballot. Dimitris. *Ballot XXX - Update Section

Re: [cabfpub] Ballot proposal - Update Section 8.4 for CA audit criteria

On 16/4/2018 5:57 μμ, Peter Bowen wrote: On Apr 16, 2018, at 7:21 AM, Ryan Sleevi via Public <public@cabforum.org <mailto:public@cabforum.org>> wrote: On Sun, Apr 15, 2018 at 2:18 AM, Dimitris Zacharopoulos via Public <public@cabforum.org <mailto:public@cabforum.org

Re: [cabfpub] Ballot proposal - Update Section 8.4 for CA audit criteria

On 15/4/2018 10:33 μμ, Tim Hollebeek wrote: I’ll endorse. Thanks Tim and Moudrick. I will submit the ballot with number 232 on Monday to officially start the discussion period. Thanks, Dimitris. *From:*Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Dimitris Zacharopoulos

Re: [cabfpub] Ballot proposal - Update Section 8.4 for CA audit criteria

Dimitris. On 15/4/2018 10:53 πμ, Moudrick M. Dadashov wrote: We endorse this but what do you mean by "a national scheme"? Thanks, M.D. On 4/15/2018 9:18 AM, Dimitris Zacharopoulos via Public wrote: I am looking for two endorsers for the following ballot. Dimitris. *Ballot XXX - Updat

[cabfpub] Ballot proposal - Update Section 8.4 for CA audit criteria

I am looking for two endorsers for the following ballot. Dimitris. *Ballot XXX - Update Section 8.4 for CA audit criteria* The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by ___ and ___ *Background*: Section 8.4 of the Baseline Requirements

Re: [cabfpub] Voting Begins: Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag

HARICA votes "yes" to ballot 219 v2. Dimitris. On 3/4/2018 7:13 μμ, Corey Bonnell via Public wrote: Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag Purpose of this ballot: RFC 6844 contains an ambiguity in regard to the correct processing of a

Re: [cabfpub] Ballot 221: Two-Factor Authentication and Password Improvements

On 5/4/2018 11:05 πμ, LEROY Franck via Public wrote: Hello “Certificate-based authentication can be used as part of Multifactor Authentication only if the private key is stored in a Secure Key Storage Device." Using a ‘SKSD’ doesn’t mean a 2 factors authentication. It only guaranties that

Re: [cabfpub] Voting Begins: Ballot 206: Amendment to IPR Policy & Bylaws re Working Group Formation

HARICA votes "yes" to ballot 206. Some amendments we sent to the governance WG in January and February were unintentionally disregarded. Hopefully they will be fixed in a subsequent ballot. Dimitris. On 28/3/2018 6:20 πμ, Virginia Fournier via Public wrote: Ballot 206: Amendment to IPR

Re: [cabfpub] Discussion Period to End/Voting to Begin on Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag

Tim also mentioned (https://cabforum.org/pipermail/public/2018-March/013076.html) that you would need to post a new version, even with no changes (this was a bit odd but it's the rules :). Your e-mail on March 14th clearly indicates a v2 but I'm having a little trouble following the

Re: [cabfpub] Voting Begins: Ballot 220: Minor Cleanups (Spring 2018)

HARICA votes "yes" to ballot 220. Dimitris. On 23/3/2018 12:40 μμ, Tim Hollebeek via Public wrote: Ballot 220: Minor Cleanups (Spring 2018) Purpose of Ballot: This ballot corrects two incorrect cross-references and one terminology error. The following motion has been proposed by Tim

Re: [cabfpub] Ballot 219: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag

you can trigger the voting period with the final text even at March 28th (at the latest). I don't think the "Discussion end time" makes a difference since the Bylaws are very clear on the 7+ days for discussion :) Thanks, Dimitris. >   > > *From:*Public [mailto:public-boun...@

Re: [cabfpub] Review Notice – Ballot 218

Kirk, We forgot to include the deadline of August 1st 2018 in section 1.2.2 (Relevant Dates) for the deprecation of methods #1 and #5. It is an uncontroversial change but unfortunately, as previously discussed, we don't have a process for "editorial" changes. Dimitris. On 7/2/2018 8:35 μμ,

Re: [cabfpub] Voting begins: Ballot 218 version 2

All currently approved Domain Validation methods provide some level of assurance which is not easily quantifiable without calculating the risks (vulnerabilities, threats) of each method. If we had a methodology to quantify the assurance level of each method, we would be able to compare them. The

Re: [cabfpub] Pre-Ballot 206 - Amendment to IPR Policy & Bylaws re Working Group Formation

I filled the attached in the governance WG on Tuesday about the Server Certificate Working Group Charter, which didn't make it in the version distributed by Ben. These are some comments for definitions of Application Software Suppliers and Qualified Auditors. I also think we need to update the

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

On 8/1/2018 6:29 μμ, Tim Hollebeek wrote: > >   > > I think you and Ryan are on the right track. > >   > > I’ve expressed before an interest in explicitly allowing RDAP in > addition to WHOIS (I don’t support the idea of making the requirement > more generic because security analysis is much

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

On 8/1/2018 1:11 μμ, Ryan Sleevi wrote: A slight fix to your reword, to ensure it's clear as to what's being provided by the Registrar: Domain Contact: The Domain Name Registrant, technical contact, or administrative contract (or the equivalent under a ccTLD) as listed in the WHOIS record

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

On 8/1/2018 11:24 πμ, Ryan Sleevi wrote: On Mon, Jan 8, 2018 at 4:11 AM, Dimitris Zacharopoulos > wrote: An example of pre-existing TLD adhering to this is .gov (in the US) - and I'm guessing you know of one or more ccTLDs that also

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

On 8/1/2018 10:15 πμ, Ryan Sleevi wrote: On Mon, Jan 8, 2018 at 2:45 AM, Dimitris Zacharopoulos via Public <public@cabforum.org <mailto:public@cabforum.org>> wrote: On 5/1/2018 6:31 μμ, Rich Smith wrote: *From:*Public [mailto:public-boun...@cabforum.org <mai

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

On 5/1/2018 6:31 μμ, Rich Smith wrote: *From:*Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Dimitris Zacharopoulos via Public *Sent:* Friday, January 5, 2018 5:44 AM --- BEGIN updated language for 3.2.2.4.1 --- Confirming the Applicant's control over the FQDN by validating

Re: [cabfpub] Ballot 218: Remove validation methods #1 and #5

On 3/1/2018 9:21 μμ, Tim Hollebeek via Public wrote: Ballot 218: Remove validation methods #1 and #5 Purpose of Ballot: Section 3.2.2.4 says that it “defines the permitted processes and procedures for validating the Applicant’s ownership or control of the domain.”  Most of the validation

Re: [cabfpub] Ballot 217: Sunset RFC 2527

HARICA votes "yes" to ballot 217. Dimitris. On 7/12/2017 6:52 μμ, Ryan Sleevi via Public wrote: *Ballot 217: Sunset RFC 2527* Purpose of Ballot: The Baseline Requirements and Extended Validation Guidelines require that CA's disclosures of the Certificate Policy and/or Certification

Re: [cabfpub] Ballot 216: Update Discussion Period Process

HARICA votes "yes" to ballot 216. Dimitris. On 12/12/2017 8:51 μμ, Gervase Markham via Public wrote: /[Updated endorsers, 2nd attempt. Timeline unchanged.]/* Ballot 216: Update Discussion Period Process * Purpose of Ballot: The current voting procedures specify a "period of discussion",

Re: [cabfpub] [EXTERNAL]Re: Ballot XXX: Update Discussion Period

On 11/12/2017 6:46 μμ, Ryan Sleevi wrote: "Worst case scenario" I can think of: 1. The forum is discussing about a new ballot and the formal discussion period starts at day X 2. A member introduces an "editorial change" _one day_ before day X. 3. The official

Re: [cabfpub] [EXTERNAL]Re: Ballot XXX: Update Discussion Period

Perhaps I misunderstood Kirk's original intent so please correct me if I'm wrong. IMO the "editorial changes" proposal is independent to ballots being discussed or voted on. The proposal is that at any time (_not during an official ballot discussion or voting period_), if someone detects a

Re: [cabfpub] New RFC on CT Domain Label Redaction

Even though it is currently out of scope in the current form of the CA/B Forum, IMO it would be very beneficial to use CT Logs to include pre-Certificates used for digital signatures and S/MIME. These Certificates include Personally Identifiable Information and e-mail addresses that could be

Re: [cabfpub] Path forward for DV cert subjects

Hi Peter, In the BRs section 7.1.6.1, "If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it MUST NOT include organizationName, givenName, surname, streetAddress, localityName, stateOrProvinceName, or postalCode in the Subject field." 2.23.140.1.2.1 is the identifier

Re: [cabfpub] Voting has started on Ballot 215 - Fix Ballot 190 Errata

HARICA votes "Yes" to ballot 215. Dimitris. On 28/9/2017 7:41 μμ, Kirk Hall via Public wrote: Voting ends October 5 at 16:00 UTC *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Ben Wilson via Public *Sent:* Thursday, September 21, 2017 8:48 AM *To:* CABFPub

Re: [cabfpub] Two amendments to Ballot 190

HARICA votes "yes" to ballot 190. We would also like to thank the Validation WG and the Forum members that contributed to clarifying the language of the 10 Domain Validation methods in section 3.2.2.4. Dimitris. On 11/9/2017 4:01 μμ, Kirk Hall via Public wrote: The proposer and

[cabfpub] Policy Review WG proposal for clarifying the term "CA"

All, The Policy Review Working Group has been reviewing the use of the term "Certification Authority" in the BRs and is now considering adopting a use of the term "Trust Service Provider", which is included in ISO 21188 (referenced by WebTrust for CAs) and ETSI definitions.  In general, the

Re: [cabfpub] Ballot 212: Canonicalise formal name of the Baseline Requirements

HARICA votes "yes" to ballot 212. Dimitris. On 18/8/2017 6:06 μμ, Gervase Markham via Public wrote: *Ballot 212: Canonicalise formal name of the Baseline Requirements* Purpose of Ballot: to make the formal name of the Baseline Requirements document clear, as use is not currently consistent.

Re: [cabfpub] Voting has started on Ballot 210 (NetSec Revisions)

HARICA votes "yes" to ballot 210. On 25/8/2017 6:47 μμ, Kirk Hall via Public wrote: Entrust votes yes *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Ben Wilson via Public *Sent:* Saturday, August 12, 2017 8:30 PM *To:* CABFPub

Re: [cabfpub] Ballot 210: Misc. Changes to the Network and Certificate System Security Requirements

Hi Moudrick, As with the BRs, only 411-1 was added. I think in a previous F2F, it was mentioned that some CAs that don't issue ssl/tls certificates, still want to be audited against the NSRs and the previous ETSI TS standards. That's why it is inclusive. IMO, adding 411-2 doesn't offer much

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

HARICA votes "yes" to ballot 202. Dimitris. On 20/7/2017 4:50 μμ, Peter Bowen via Public wrote: On Jul 20, 2017, at 1:23 AM, Gervase Markham via Public > wrote: On 19/07/17 23:34, Ben Wilson via Public wrote: DigiCert votes “Yes” Is the

Re: [cabfpub] WebTrust for CA - New Criteria for CABF's Consideration

Hi Jeff, Since I am not a native English speaker, I will try to offer my perspective on some of the terms used in this document so here is my 2 cents. "CA Key Transportation" was the section I had some difficulty reading but the explanatory guidance is very helpful. It is a real challenge

Re: [cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation

HARICA votes "yes" to ballot 204. Dimitris. On 26/6/2017 3:18 μμ, Gervase Markham via Public wrote: *Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation * *Purpose of Ballot: *At the moment, CAs are permitted to delegate the process of domain and IP address validation.

Re: [cabfpub] Ballot 205: Membership-Related Clarifications

HARICA votes "yes" to ballot 205. Dimitris. On 22/6/2017 2:42 μμ, Gervase Markham via Public wrote: *Ballot 205: Membership-Related Clarifications * *Purpose of Ballot: *The CAB Forum Bylaws define membership criteria, but don't say what should happen when an existing member ceases to

Re: [cabfpub] Ballot 192 - Notary revision

HARICA votes "yes" to ballot 192. Dimitris. On 14/6/2017 8:01 μμ, Jeremy Rowley via Public wrote: From the validation WG: *Ballot 192 – Notary Revisions* The following motion has been proposed by Jeremy Rowley of DigiCert and endorsed by Kirk Hall of Entrust and Rich Smith of Comodo.

Re: [cabfpub] Ballot 201 - .onion Revisions

HARICA votes "yes" to ballot 201. Dimitris. On 25/5/2017 10:50 μμ, Ben Wilson via Public wrote: *Ballot 201 - .Onion Revisions* This ballot is meant to cure any potential problems with Ballot 198, which may have been invalid due to ambiguities in what was presented to the Forum for vote.

Re: [cabfpub] Voting has started on Ballot 200 - Amendment of Bylaws to add Code of Conduct

HARICA votes "yes" to ballot 200. Dimitris. On 24/5/2017 1:07 πμ, Kirk Hall via Public wrote: Voting ends on May 30 at 22:00 UTC Ballot 200 Purpose of Ballot: To amend the CAB Forum Bylaws to add a Code of Conduct. The following motion has been proposed by Virginia Fournier of Apple

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

HARICA votes "yes" to ballot 191. Dimitris. On 18/5/2017 6:59 μμ, Bruce Morton via Public wrote: Here is a markup of BR section 9.2.7 for ballot 191. Thanks, Bruce. *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Ben Wilson via Public *Sent:* Thursday, May 18, 2017

Re: [cabfpub] Domain validation

On 16/5/2017 7:12 μμ, Jeremy Rowley wrote: "The CA MUST record the subsection and version of the Baseline Requirements used to validate an Applicant’s control over each FQDN included in an issued certificate" When is this expected to become effective? - Immediately after the IPR period

Re: [cabfpub] Profiling OCSP & CRLs

On 14/5/2017 2:49 πμ, Ryan Sleevi wrote: On Sat, May 13, 2017 at 11:47 AM, Dimitris Zacharopoulos > wrote: This is a very good description of the situation and the comparison of the security concerns between the Certificate issuing

Re: [cabfpub] Profiling OCSP & CRLs

This is a very good description of the situation and the comparison of the security concerns between the Certificate issuing system (certificates signed by a CA) and the OCSP responder system (responses signed by either the CA or a delegated OCSP responder), is fair. Could we try to focus

Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

HARICA votes "yes" to ballot 199. Dimitris. On 5/5/2017 4:22 μμ, Gervase Markham via Public wrote: ///This is the corrected text (one word change) of ballot 199 which is currently in the voting period (voting ends on 9th May)./ *Ballot 199 - Require commonName in Root and Intermediate

Re: [cabfpub] Ballot 198 - Onion Revisions v2

HARICA votes "yes" to ballot 198. Dimitris. On 24/4/2017 8:29 μμ, Jeremy Rowley via Public wrote: Apparently May comes after April, not March. Ballot 198 – .Onion Revisions Appendix F of the EV Guidelines in unclear on what a CA does with the Tor Service Descriptor Hash extension. This

Re: [cabfpub] Ballot 190

On 2/5/2017 11:59 μμ, Jeremy Rowley via Public wrote: Okay. Based on the discussion, I propose we do the following to move things forward: 1. Include an extension in the EE certs indicating compliance with a certain version of the BRs. This addresses Ryan’s concerns of knowing which

Re: [cabfpub] Require commonName in Root and Intermediate Certificates ballot draft (2)

roblem. Dimitris. On 17/4/2017 6:24 μμ, Ryan Sleevi wrote: On Mon, Apr 17, 2017 at 11:16 AM, Dimitris Zacharopoulos via Public <public@cabforum.org <mailto:public@cabforum.org>> wrote: When a CA is being audited for a period-in-time (say June 2016 - June 2017), they a

Re: [cabfpub] Require commonName in Root and Intermediate Certificates ballot draft (2)

On 17/4/2017 6:02 μμ, Ryan Sleevi via Public wrote: On Mon, Apr 17, 2017 at 10:40 AM, Gervase Markham via Public > wrote: On 17/04/17 15:28, Jeremy Rowley wrote: > Doesn't this ballot suffer from the same limitation that Ryan

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

HARICA votes "abstain" to ballot 194. Dimitris. On 2/4/2017 11:26 μμ, Chris Bailey via Public wrote: *Ballot 194 – Effective Date of Ballot 193 Provisions* *Purpose of Ballot:*Recent Ballot 193 reduced the maximum period for certificates and for reuse of vetting data for DV and OV

Re: [cabfpub] Ballot 195: CAA Fixup

HARICA votes "yes" to ballot 195. Dimitris. On 3/4/2017 8:58 μμ, Gervase Markham via Public wrote: *Ballot 195 - CAA Fixup * *Purpose of Ballot: *The CAB Forum recently passed ballot 187 to make CAA checking mandatory. This ballot corrects some wording issues in the text added by that

Re: [cabfpub] Ballot 196: Define "Audit Period"

HARICA votes "yes" to ballot 196. Dimitris. On 3/4/2017 9:05 μμ, Gervase Markham via Public wrote: *Ballot 196 - Define "Audit Period" * *Purpose of Ballot: *It appears that CAs are sometimes confused by the phrase Audit Period. This ballot adds a definition of that phrase to the BRs, in

Re: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

HARICA votes "yes" for ballot 189. Dimitris. On 5/4/2017 10:46 πμ, Dimitris Zacharopoulos via Public wrote: After the recent discussion, the ballot is now updated with simpler language. Voting starts tomorrow April 6th. Dimitris. *Ballot 189 - Amend Section 6.1.7 of Baseline Re

[cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

After the recent discussion, the ballot is now updated with simpler language. Voting starts tomorrow April 6th. Dimitris. *Ballot 189 - Amend Section 6.1.7 of Baseline Requirements* The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Bruce Morton of

Re: [cabfpub] Terminology/Style question

On 4/4/2017 8:42 πμ, Peter Bowen wrote: On Apr 2, 2017, at 11:30 PM, Dimitris Zacharopoulos via Public <public@cabforum.org <mailto:public@cabforum.org>> wrote: On 3/4/2017 3:39 πμ, Peter Bowen via Public wrote: I’m trying to draft a proposed revision to the BRs and ran into a

Re: [cabfpub] Terminology/Style question

On 3/4/2017 3:39 πμ, Peter Bowen via Public wrote: I’m trying to draft a proposed revision to the BRs and ran into a terminology/style question. Given: Key Pair: a set of cryptographic keys, usable with an asymmetric key cryptographic algorithm, consisting of a Private Key, a Public Key, and

Re: [cabfpub] Ballot 189 - Amend Section 6.1.7 of Baseline Requirements

On 30/3/2017 10:51 μμ, Ryan Sleevi wrote: On Thu, Mar 30, 2017 at 2:40 PM, Dimitris Zacharopoulos > wrote: It removes the "e.g" that was causing the confusion. At least that was the outcome from the previous discussion. it-kp-timeStamping

Re: [cabfpub] Ballot 189 - Amend Section 6.1.7 of Baseline Requirements

On 30/3/2017 9:20 μμ, Ryan Sleevi wrote: On Thu, Mar 30, 2017 at 1:03 PM, Dimitris Zacharopoulos > wrote: The intention is that it MUST NOT be permitted to directly sign a id-kp-timeStamping certificate from such a Root. The reason

[cabfpub] Ballot 189 - Amend Section 6.1.7 of Baseline Requirements

*Ballot 189 - Amend Section 6.1.7 of Baseline Requirements* The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Bruce Morton of Entrust and Jeremy Rowley of Digicert *Background*: Section 6.1.7 of the Baseline Requirements states that the Root CA

Re: [cabfpub] Naming rules

directory that does not contain the [localityName/stateOrProvinceName] attribute. Please discuss. Thanks. Li-Chun Chen *From:*Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Dimitris Zacharopoulos via Public *Sent:* Wednesday, March 22, 2017 10:21 PM *To:* public@cabforu

Re: [cabfpub] Naming rules

If both companies "ABC" are located in the same city, then with current rules, there will be a DN collision, right? I don't think you can avoid that with the current BRs. Dimitris. On 22/3/2017 3:56 μμ, Jeremy Rowley via Public wrote: Correct. For #5 to be true, #3 must be true (which is

Re: [cabfpub] C=GR, C=UK exceptions in BRs

On 21/3/2017 2:44 μμ, phill...@comodo.com wrote: Ryan, ‘ Do you think you could at least try to conduct your discussion here in an approximately professional fashion? The constant personal attacks are really unhelpful. Phill Philliph, I didn't take Ryan's reply as a personal attack. I

Re: [cabfpub] C=GR, C=UK exceptions in BRs

On 21/3/2017 5:44 πμ, Ryan Sleevi wrote: Dimitris, Thanks for providing concrete reasons to support such a change. Replies inline. On Mon, Mar 20, 2017 at 4:03 AM, Dimitris Zacharopoulos > wrote: Let me try to provide some reasons in favor

Re: [cabfpub] C=GR, C=UK exceptions in BRs

On 18/3/2017 8:02 πμ, Ryan Sleevi wrote: On Sat, Mar 18, 2017 at 1:08 AM, Dimitris Zacharopoulos via Public <public@cabforum.org <mailto:public@cabforum.org>> wrote: The same might apply to Government agencies in the UK. Kirk, thank you for the support. If members ha

  1   2   >