Going back to the original question.
We have a format for a certificate request (well a few actually). Do we have a
PKIX feature that can be used to allow a key holder to request revocation? I
can’t think of a PKIX standard for one and it does appear to be a missing
feature.
Ron Rivest and But
On Mar 1, 2018, at 7:51 AM, Ben Wilson via Public wrote:
>
> Forwarding from Richard Wang:
>
> The current BRs say:
>
> Authorized Ports: One of the following ports: 80 (http), 443 (http), 25
> (smtp), 22 (ssh).
>
> But many internal networks use the port 8443, broadly used in Apache server,
On Mar 2, 2018, at 6:04 AM, philliph--- via Public wrote:
>
> Going back to the original question.
>
> We have a format for a certificate request (well a few actually). Do we have
> a PKIX feature that can be used to allow a key holder to request revocation?
> I can’t think of a PKIX standard
To clarify what Paul said,
We need to distinguish between the use of a port for certificate validation
and the use of a port for delivery of an Internet service. The fact that we
use SSL on every port to provide a service does not mean that we should
allow that use for validation.
I do think we
I have proposed this as an AOB topic for LAMPS.
On the wider problem, please remember I do not work for ComodoCA and have no
more information on this than anyone else. I do find some aspects of the
situation troubling though not necessarily the ones others are finding
troubling.
That a reselle
This does not seem like a good idea.
On Thu, Mar 1, 2018 at 8:05 AM, LeaderTelecom B.V.
wrote:
> It will be great to have daily / monthly limit for revocation for each
> reseller. For example, daily limit 1% from all active certificates (minimum
> 10 pcs). Monthly limit can be 20% from all activ
On Fri, Mar 2, 2018 at 10:08 AM, Paul Hoffman via Public <
public@cabforum.org> wrote:
> On Mar 1, 2018, at 7:51 AM, Ben Wilson via Public
> wrote:
> >
> > Forwarding from Richard Wang:
> >
> > The current BRs say:
> >
> > Authorized Ports: One of the following ports: 80 (http), 443 (http), 25
>
On Fri, Mar 2, 2018 at 10:35 AM, Phillip via Public
wrote:
> To clarify what Paul said,
>
> We need to distinguish between the use of a port for certificate validation
> and the use of a port for delivery of an Internet service. The fact that we
> use SSL on every port to provide a service does n
??? I think it is fairly clear that with the necessary privs, I can request a
TCP/IP socket on any port (other than 0) and then bind a TLS provider to it.
The point I am making is that the fact the subscriber might use the certificate
on port 8443 or for that matter on any port in the range [
We’re willing to continue talking through those issues in an attempt to reach a
solution. I do think SRVNames would be a useful improvement. For us, the lack
of movement has had more to do with time constraints than technical constraints!
While SRVNames do offer a way to scope the authority
On Fri, Mar 2, 2018 at 11:11 AM, Phillip wrote:
> ??? I think it is fairly clear that with the necessary privs, I can
> request a TCP/IP socket on any port (other than 0) and then bind a TLS
> provider to it.
>
>
>
> The point I am making is that the fact the subscriber might use the
> certificat
For sure. Apologies if that was worded confusing - we're hugely supportive
of SRVNames, but solving the technical and policy issues around them is
thorny and will require technical expertise, and I think most of the
technical expertise of the Forum has been otherwise occupied by a number of
more pr
From: Ryan Sleevi [mailto:sle...@google.com]
Sent: Friday, March 2, 2018 11:22 AM
To: Phillip
Cc: CA/Browser Forum Public Discussion List ; Paul Hoffman
; Ben Wilson
Subject: Re: [cabfpub] [Ext] BR Authorized Ports, add 8443
More importantly though, how many validation approaches do w
I’m working on updating cablint to make sure it has checks that match browser
checks. These will be INFO level items if they don’t align with the BRs, but I
think having them is valuable.
I’m hoping that the browsers can confirm a couple of things, so I get it right
in cablint:
1) Safari and
A few details for those attending the F2F next week, either for the working
group day or for the members’ plenary:
1) When you arrive at the office, enter the doors and tell the desk you are
there for CA/Browser Forum meeting. They will request an ID, confirm you are
on the list, and issue you
On Fri, Mar 2, 2018 at 2:05 PM, Peter Bowen via Public
wrote:
> I’m working on updating cablint to make sure it has checks that match
> browser checks. These will be INFO level items if they don’t align with
> the BRs, but I think having them is valuable.
>
> I’m hoping that the browsers can con
I have added this information to the wiki.
Peter has included "test" Chime meeting IDs below, and I strongly suggest that
anyone planning to participate remotely install and test Chime now to make sure
there are no problems. The real Chime meeting IDs will be emailed to
participants later vi
No problem, I knew what you meant. I just wanted to fish the topic out of your
long email and emphasize it.
Since I’m on a plane on a Friday afternoon, and need some mindless work, I
collected some references to refresh people’s memories:
https://cabforum.org/pipermail/public/2016-April/
18 matches
Mail list logo
