On 13/01/17 17:36, Ryan Sleevi wrote:
> On Fri, Jan 13, 2017 at 7:23 AM, Gervase Markham via Public
> > wrote:
>
> > Text proposals welcome.
>
> CAs MUST support the issue, issuewild, and iodef property tags.
> Additional property tags MAY be
On 19/01/17 16:11, Steve Medin wrote:
> Gerv, in the event that a domain does not have CAA, would you be
> willing to allow CAs to cache that result for longer than one hour?
> You presently offer TTL or 1 hour, whichever is greater, when CAA is
> present. Might a day be reasonable, since the
> -Original Message-
> From: Gervase Markham [mailto:g...@mozilla.org]
> Sent: Thursday, January 19, 2017 8:33 AM
> To: CA/Browser Forum Public Discussion List <public@cabforum.org>
> Cc: Doug Beattie <doug.beat...@globalsign.com>
> Subject: Re: [cabfpub] D
On 19/01/17 13:25, Doug Beattie via Public wrote:
> What did you intend by “adverse CAA records”? If a CA runs across a
> CAA record that identifies other CAs that are authorized to issue but
> not them, I don’t see a reason to report on that to CABF as you
> suggested in the proposed ballot.
...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Thursday, January 12, 2017 9:25 AM
To: CABFPub <public@cabforum.org>
Cc: Gervase Markham <g...@mozilla.org>
Subject: [cabfpub] Draft CAA motion (3)
CAs MUST document issuances that were prevented by an adverse CAA record in
suffi
On 13/01/17 22:32, Steve Medin wrote:
> Pending questions handled by an explanatory new angle. Since EV
> Certificate Approvers and their non-EV counterparts are implemented
> in Enterprise RA accounts as 2FA-credentialed issuance portal
> administrators with access to a pre-vetted collection of
.
> -Original Message-
> From: Gervase Markham [mailto:g...@mozilla.org]
> Sent: Friday, January 13, 2017 5:25 AM
> To: CA/Browser Forum Public Discussion List <public@cabforum.org>
> Cc: Steve Medin <steve_me...@symantec.com>
> Subject: Re: [cabfpub] Draft CAA mot
blic-boun...@cabforum.org] *On Behalf Of *Ryan
> Sleevi via Public
> *Sent:* Friday, January 13, 2017 4:11 PM
> *To:* Jeremy Rowley <jeremy.row...@digicert.com>
> *Cc:* Ryan Sleevi <sle...@google.com>; CA/Browser Forum Public Discussion
> List <public@cabforum.org>
>
, 2017 4:11 PM
To: Jeremy Rowley <jeremy.row...@digicert.com>
Cc: Ryan Sleevi <sle...@google.com>; CA/Browser Forum Public Discussion List
<public@cabforum.org>
Subject: Re: [cabfpub] Draft CAA motion (3)
Jeremy,
Was it intentional that you avoided answering on behalf of DigiCe
row...@digicert.com> >
Cc: CA/Browser Forum Public Discussion List <public@cabforum.org
<mailto:public@cabforum.org> >
Subject: Re: [cabfpub] Draft CAA motion (3)
I would prefer if we base our time decisions on actual data, not hypothetical
data.
Put differently: Is 6 m
n List <public@cabforum.org>
Subject: Re: [cabfpub] Draft CAA motion (3)
I would prefer if we base our time decisions on actual data, not hypothetical
data.
Put differently: Is 6 months sufficient for DigiCert to implement? Is it
sufficient for Entrust?
Those are things
On Fri, Jan 13, 2017 at 7:23 AM, Gervase Markham via Public <
public@cabforum.org> wrote:
> On 13/01/17 14:55, Doug Beattie wrote:
> > I'd suggest we include exactly what is required in the ballot and if
> > the RFC changes then we have a new ballot to specify the changes and
> > effective dates.
Reposting on Jurgen's behalf, because this does add useful information to
the discussion of timing and what CAs other priorities are, which helps
make sure browsers (like us) are cognizant of the impact :)
On Fri, Jan 13, 2017 at 12:46 AM, Jürgen Brauckmann
wrote:
> Am
On 13/01/17 14:55, Doug Beattie wrote:
> I'd suggest we include exactly what is required in the ballot and if
> the RFC changes then we have a new ballot to specify the changes and
> effective dates.
Well, it's not the RFC that would change - if it was, that would be
simpler :-) It's the
> -Original Message-
> From: Gervase Markham [mailto:g...@mozilla.org]
>
> On 13/01/17 13:13, Doug Beattie wrote:
> > As it stands, this means that CAs must support Issuer Critical, issue
> > and issuewild today and then to support other Property Tags as they
> > are added (without an
On 13/01/17 13:13, Doug Beattie wrote:
> As it stands, this means that CAs must support Issuer Critical, issue
> and issuewild today and then to support other Property Tags as they are
> added (without an indication of when the need to be supported). The
> spec also says that you must check the
Hi Bruce,
On 12/01/17 18:28, Bruce Morton wrote:
> There needs to be some consideration for existing agreements with
> Subscribers.
Is this the issue you raised in previous discussions, or a different
issue? It seems the same, but I want to make sure. If it is the same, as
noted in the comments
On Thu, Jan 12, 2017 at 1:15 PM, Bruce Morton <
bruce.mor...@entrustdatacard.com> wrote:
>
> How often does that scenario happen - that you're issuing a server
> certificate via ceremony (as opposed to an intermediate or root
> certificate)?
>
> *[BM] We have a model where about 20-30 certificates
Hi Ryan, responses below.
Thanks, Bruce.
From: Ryan Sleevi [mailto:sle...@google.com]
Sent: Thursday, January 12, 2017 3:39 PM
To: CA/Browser Forum Public Discussion List <public@cabforum.org>
Cc: Bruce Morton <bruce.mor...@entrustdatacard.com>
Subject: Re: [cabfpub] Draft C
Public
Sent: Thursday, January 12, 2017 1:28 PM
To: CA/Browser Forum Public Discussion List <public@cabforum.org>
Cc: Bruce Morton <bruce.mor...@entrustdatacard.com>
Subject: Re: [cabfpub] Draft CAA motion (3)
Hi Gerv,
Thanks for pulling this together and addressing Jody’s request a
Hi everyone,
As we are trying to get ballots ready for when the ballot reforms are
done, here's a third version of the draft motion to make CAA mandatory.
Changes over version 2 are:
* Add a further exception: "CAA checking is optional if the domain's DNS
is operated by the CA or an Affiliate."
21 matches
Mail list logo