Final Minutes for CA/Browser Forum Teleconference - 9 August 2018
Attendees: Arno Fiedler (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson
(DigiCert), Corey Bonnell (Trustwave),Daymion Reynolds (GoDaddy), Dean
Coclin (DigiCert), Devon O'Brien (Google), Dimitris Zacharopoulos (HARICA),
Doug Bea
Final Minutes for Server Certificate Working Group Teleconference - 9 August
2018
Attendees:
1. Roll Call. The roll call occurred on the previous Forum teleconference.
2. Read Antitrust Statement. Reading of the Antitrust Statement occurred
on the previous Forum teleconference.
Hi.
I'm Ben Wilson.
Many of you know me, but for those who may not, I am DigiCert's VP of
Compliance and have worked in PKI for approximately 20 years during which I
have been an active participant in the work of the CA/Browser Forum (CAB
Forum) and have held a variety of CABF leadership position
Thanks, Jos. I’ve signed up and indicated on Doodle that I’m pretty much
available except Thursday mornings when we have some of our other CABF calls.
From: Public On Behalf Of Jos Purvis (jopurvis)
via Public
Sent: Friday, August 31, 2018 10:31 AM
To: CA/B Forum Public List
Subject: [cabf
Ballot Forum-2 - Chair and Vice-Chair Term Extensions
Ben Wilson of DigiCert calls the following proposed ballot to be published
for discussion and comment by the CABF membership.
Dimitris Zacharopoulos of HARICA and Jos Purvis of Cisco have endorsed the
proposed ballot.
Explanation
Congratulations, Dimitris! I look forward to supporting you in your new
role.
From: Public On Behalf Of Wanko, Clemens via
Public
Sent: Thursday, September 6, 2018 11:35 AM
To: public@cabforum.org
Subject: Re: [cabfpub] [cabfman] Ballot Forum-3: Election of CA/Browser
Forum Chair - ELECTION R
Just a reminder –
Jos, Ryan, Wayne, Moudrick and Dimitris have signed up so far on the wiki for
the Infrastructure WG.
Other takers?
From: Public On Behalf Of Ben Wilson via Public
Sent: Friday, August 31, 2018 12:00 PM
To: Jos Purvis (jopurvis) ; CA/Browser Forum Public
From: Public mailto:public-boun...@cabforum.org>
> On Behalf Of Ben Wilson via Public
Sent: Tuesday, September 11, 2018 9:00 AM
To: CA/Browser Forum Public Discussion List mailto:public@cabforum.org> >; Jos Purvis (jopurvis) mailto:jopur...@cisco.com> >
Subject: Re: [cabfpub] Fo
VOTING HAS STARTED.
DigiCert votes "YES"
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson
via Public
Sent: Wednesday, September 5, 2018 9:35 PM
To: CABFPub mailto:public@cabforum.org> >
Subject: [EXTERNAL][cabfpub] Ballot Forum-2 - Chair and
The current version of the Bylaws (v.2.0) are posted on the Website here -
https://cabforum.org/bylaws/
The PDF and Word versions are here: https://cabforum.org/wiki/Bylaws
The Github version has been updated and is available here -
https://github.com/cabforum/documents/blob/master/docs/
I've been meaning to get this out since the F2F -
Ballot FORUM-__: Charter to Establish a Bylaws Working Group
Purpose of Ballot
As a necessary aspect of good governance, the CA/Browser Forum must maintain
its Bylaws to ensure that the organization meets the needs of its Members
and Inter
As mentioned on today's call - please contact me off-list if you're
interested in helping draft the charters for the two above-listed working
groups.
smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
htt
Here is a draft SMIME WG Charter. Please provide your comments.
https://docs.google.com/document/d/1vEswtzzMm0_G0ujoAT5ChiajyqfRfDTydG9Nmsc-eo4/edit?usp=sharing
Thanks,
Ben Wilson
___
Public mailing list
Public@cabforum.org
https://cabforum.org
Here is a draft Code Signing Certificate WG Charter. Please provide your
comments.
https://docs.google.com/document/d/11mtnfCIeXJTX3EDz0wjV0-bigcjatC-kNJf0Uh6cMwk/edit?usp=sharing
Thanks,
Ben Wilson
___
Public mailing list
Public@cabforum.
Ballot FORUM-8: Charter to Establish a Code Signing Certificate Working Group
Purpose of Ballot
It is proposed that the Forum establish a working group to adopt and maintain a
policy, framework, and set of standards related to the issuance and management
of code signing certificates by a th
Public Discussion
List
Subject: Re: [cabfpub] Ballot FORUM-8: Charter to Establish a Code Signing
Certificate Working Group
Ben,
There is an issue with numbered items in sections 4.2.1 and 4.2.2. You need to
restart the numbering.
Thanks you,
Dimitris.
On 22/2/2019 2:00 π.μ., Ben Wilson
I feel that I’ve followed the ballot rules, and I am assuming that this is a
valid ballot with the comment period ending and voting beginning Friday,
1-March-2019 at 0100 UTC.
From: Public On Behalf Of Ben Wilson via Public
Sent: Friday, February 22, 2019 9:17 AM
To: Dimitris Zacharopoulos
I hereby announce that Voting Begins on the following ballot and that DigiCert
affirmatively votes "Yes":
Ballot FORUM-8: Charter to Establish a Code Signing Certificate Working Group
Purpose of Ballot
It is proposed that the Forum establish a working group to adopt and maintain a
DigiCert votes YES on Ballot FORUM-10.
From: Public mailto:public-boun...@cabforum.org>
> On Behalf Of Jos Purvis (jopurvis) via Public
Sent: Monday, September 30, 2019 11:27 AM
To: CA/B Forum Public List mailto:public@cabforum.org> >
Subject: [EXTERNAL][cabfpub] FW: Ballot FORUM-10: Re-charte
I think it's the other way around. Thanksgiving in the U.S. is on the 28th.
-Original Message-
From: Public On Behalf Of Dimitris
Zacharopoulos (HARICA) via Public
Sent: Monday, November 11, 2019 12:23 AM
To: public@cabforum.org
Subject: [cabfpub] Cancel CA/B Forum teleconference Novembe
All,
Section 3.2.2.4.3 of the BRs says, "CAs SHALL NOT perform validations using
this method after May 31, 2019. Completed validations using this method
SHALL continue to be valid for subsequent issuance per the applicable
certificate data reuse periods." If that is 825 days, then would that be
un
Mozilla votes "Yes"
On Mon, May 18, 2020 at 9:30 AM Dimitris Zacharopoulos (HARICA) via Public <
public@cabforum.org> wrote:
> The following motion has been proposed by Dimitris Zacharopoulos of HARICA
> and endorsed by Mike Reilly of Microsoft and Tim Hollebeek of Digicert.
>
> *Purpose of Ballo
Mozilla votes YES on Forum-14 version 2.
On Tue, Jun 9, 2020 at 8:57 AM Doug Beattie via Public
wrote:
>
>
> GlobalSign votes Yes to ballot Forum-14 v2.
>
>
>
> Doug
>
>
>
> *From:* Public *On Behalf Of *Tim Hollebeek
> via Public
> *Sent:* Monday, June 8, 2020 4:52 PM
> *To:* CABforum1
> *Su
Mozilla votes "Yes" on ballot Forum-15.
On Mon, Sep 14, 2020 at 9:47 AM Dimitris Zacharopoulos (HARICA) via Public <
public@cabforum.org> wrote:
>
> HARICA votes "yes" to ballot Forum-15.
>
>
> On 2020-09-14 6:11 μ.μ., Dimitris Zacharopoulos (HARICA) via Public wrote:
>
>
> Voting begins for Spec
Mozilla votes "yes"
On Thu, Oct 22, 2020 at 8:16 AM Mike Reilly (SECURITY) via Public <
public@cabforum.org> wrote:
> Microsoft votes “Yes” on Special Ballot Forum-16 : ) Thanks, Mike
>
>
>
> *From:* Public *On Behalf Of *Dean Coclin
> via Public
> *Sent:* Wednesday, October 21, 2020 7:15 PM
>
Just a few thoughts to move this conversation forward, and speaking as a
CSCWG interested party and not to advocate any position of Mozilla, I think
the answer depends on how strict or flexible the CABF wants to be as an
organization when it comes to interpreting the scope of a working group
charte
All,
Here is a draft charter for a Network Security Working Group. Please
provide your comments, and then we will finalize this work in the form of a
Forum Ballot and Server Certificate WG Ballot.
Thanks,
Ben
Overview
In January 2013 the CA/Browser Forum’s “Network and Certificate System
Securit
he
> working groups. While each working group does have its own unique needs
> and needs to have the ability to maintain their own requirements, there are
> lots of other cases beyond the NCSSRs where uniformity is more important,
> and now that we’re close to having all the policies in 364
groups. While each working group does have its own unique needs
> and needs to have the ability to maintain their own requirements, there are
> lots of other cases beyond the NCSSRs where uniformity is more important,
> and now that we’re close to having all the policies in 3647 format,
;m afraid it is not allowed. Chartered Working
> Groups have the necessary isolation from the Bylaws so that one CWG doesn't
> affect the work of another CWG, so I'm afraid this language is inconsistent
> with the current Bylaws.
>
>
> Dimitris.
>
> Nov 10, 2021 05:20:
tSec
> WG Guidelines because they would need to check for IPR issues.
>
> Thoughts about that?
>
> On the updated language and "enforcement" of updated NetSec Guidelines to
> other Working Groups, I'm afraid it is not allowed. Chartered Working
> Groups have t
I'd like to get two endorsers for this ballot, unless people feel that
there are comments/concerns that still need to be resolved.
On Mon, Nov 15, 2021 at 9:28 AM Ben Wilson via Public
wrote:
> I am striking the following from the proposal: "If the ballot to change
> the N
Hi Dimitris,
Our IPR Policy is not perfect, so it doesn't have a solution for every
possible scenario. It was written with a goal of balancing the interests of
IP holders and the Forum membership. From the IPR Policy, "Working Groups
will ordinarily not approve a Guideline if they are aware that E
The following ballot is proposed by Ben Wilson of Mozilla and endorsed by
Tim Hollebeek of DigiCert and David Kluge of Google.
*Ballot Forum-17: Create Network Security Working Group*
*Overview*
In January 2013 the CA/Browser Forum’s “Network and Certificate System
Security Requirements” (NCSSRs
Ballot FORUM-17, Create Network Security Working Group, is proposed by Ben
Wilson of Mozilla and endorsed by Tim Hollebeek of DigiCert and David Kluge
of Google.
The Voting Period for Ballot FORUM-17 begins today at 19:00 UTC and ends on
23-Dec-2021 at 19:00 UTC.
*Overview*
In January 2013 the C
Mozilla vote "YES" on Ballot FORUM-17.
On Thu, Dec 16, 2021 at 11:39 AM Ben Wilson wrote:
> Ballot FORUM-17, Create Network Security Working Group, is proposed by
> Ben Wilson of Mozilla and endorsed by Tim Hollebeek of DigiCert and David
> Kluge of Google.
>
> The Voting Period for Ballot FORUM
Did anyone else want to declare their membership in this new NetSec WG (by
sending a declaration of intent to participate to the questions list)? I
think we were planning on having the first meeting tomorrow, and we'll be
sending out a new meeting invite.
On Tue, Dec 28, 2021 at 8:18 AM Dean Cocl
We might want to have an item and time allocated for the Network Security
Committee report, which will meet tomorrow.
On Sun, Jan 16, 2022 at 5:31 PM Dean Coclin via Public
wrote:
> *Here is the draft agenda for the subject call*
>
> *CA/Browser Forum Agenda*
>
> *Time*
>
> *Start(ET)*
>
> *Stop
Mozilla votes "Yes" on Ballot Forum-18.
On Wed, Jul 27, 2022 at 1:10 PM Tim Hollebeek via Public <
public@cabforum.org> wrote:
>
>
> Ballot FORUM-18, Allow Re-election of CWG Chairs and Vice Chairs
>
>
>
> Proposed by Tim Hollebeek of DigiCert and endorsed by Ben Wilson of
> Mozilla and Wayne Tha
Do you want me to post these to the website?
On Tue, Jan 24, 2023 at 12:08 AM Dimitris Zacharopoulos (HARICA) via Public
wrote:
> These are the approved Minutes of the Teleconference described in the
> subject of this message, prepared by Andrea Holland (VikingCloud).
>
> *Forum Meeting: January
Here is a draft ballot to modify the Charter of the Server Certificate
Working Group.
*Ballot FORUM-0XX: Modify Charter of Server Certificate Working Group*
*Purpose of the Ballot*
During discussions at Face-to-Face Meeting 58, it was noted that the
membership criteria for Certificate Consumers
Mozilla votes "Yes" on Ballot Forum-018 v3
On Thu, Jul 13, 2023 at 2:43 AM Dimitris Zacharopoulos (HARICA) via Public <
public@cabforum.org> wrote:
> This message begins the voting period for ballot Forum-18 v3.
>
> Dimitris.
>
> Purpose of the Ballot
> The Forum has identified and discussed a nu
All,
I am planning to introduce a Forum ballot to amend the Server Certificate
Working Group Charter.
At a high level, here are some of the proposed changes:
- Section numbering added
- "Root Certificate Issuer" voting category removed
- Membership requirements for Certificate Consumers
All,
I am looking for at least one more endorser for this ballot.
Thanks,
Ben
On Thu, Oct 12, 2023 at 4:23 PM Ben Wilson wrote:
> All,
>
> I am planning to introduce a Forum ballot to amend the Server Certificate
> Working Group Charter.
>
> At a high level, here are some of the proposed chan
pon the request of any Member that challenges the Applicant's
> adherence to all of the requirements of section 3(a) or 3(b), by a Ballot
> among the Members."*
>
> I read the rest of the proposed changes and they look good. If you are ok
> with the change above, HARICA would be
*Ballot FORUM-019: Amend Server Certificate Working Group Charter*
*Purpose of the Ballot*
This ballot proposes changes to the Server Certificate Working Group (SCWG)
Charter, based on existing version 1.2 of the Charter and on recent updates
to the Forum’s Bylaws.
During discussions at Face-to
Thanks, Tobias.
I'll take a look at your suggestions and see if I can work in a few
revisions, and then we can restart the discussion period.
Ben
On Thu, Oct 26, 2023 at 12:30 PM Tobias S. Josefowitz
wrote:
> Hi Ben,
>
> On Mon, 23 Oct 2023, Ben Wilson wrote:
>
> > *Ballot FORUM-019: Amend Serv
The voting period for Ballot FORUM-019 v.2 starts today. Votes must be
cast on the Forum public list in accordance with the Forum's Bylaws.
Voting will conclude at 16:00 UTC on 4 December 2023.
*Ballot FORUM-019 v.2 - Amend Server Certificate Working Group Charter*
*Purpose of Ballot*
This ball
Mozilla votes "yes" on Ballot FORUM-019 v.2.
On Mon, Nov 27, 2023 at 8:44 AM Ben Wilson via Public
wrote:
> The voting period for Ballot FORUM-019 v.2 starts today. Votes must be
> cast on the Forum public list in accordance with the Forum's Bylaws.
> Voting will co
Mozilla votes "Yes" on Ballot FORUM-020 v.2.
On Thu, Jan 4, 2024 at 1:02 PM Martijn Katerbarg via Public <
public@cabforum.org> wrote:
> *Ballot FORUM-020 **v2 - Amend Code Signing Certificate Working Group
> Charter*
>
>
>
> *Purpose of Ballot*
>
> This ballot proposes to amend the Code Signing
Looks good to me.
Ben
On Thu, Mar 21, 2024 at 9:00 AM Clint Wilson via Public
wrote:
> *Ballot FORUM-021*
>
> Proposed by Clint Wilson of Apple and endorsed by Tim Hollebeek of
> DigiCert and Tim Callan of Sectigo.
>
> *Purpose of Ballot*
>
> The CA/Browser Forum publishes Final Guidelines repre
All,
In today's Forum call, I announced that we are collecting the names and
email addresses of participants in the Patent Advisory Group through
Friday, April 12, 2024, and then we'll get started.
Thanks,
Ben
___
Public mailing list
Public@cabforum.org
h
Mozilla votes "yes" on Ballot FORUM-021.
Thanks.
On Thu, Apr 4, 2024 at 9:03 AM Clint Wilson via Public
wrote:
> *Ballot FORUM-021*
>
> Proposed by Clint Wilson of Apple and endorsed by Tim Hollebeek of
> DigiCert and Tim Callan of Sectigo.
>
> *Purpose of Ballot*
>
> The CA/Browser Forum publi
Just a reminder -
If you or your IP counsel are interested in participating in the Patent
Advisory Group, please let me know by close of business Friday.
Thanks. Ben
On Thu, Mar 28, 2024 at 11:03 AM Ben Wilson via Public
wrote:
> All,
> In today's Forum call, I announced that we are
All,
As mentioned during the Forum teleconference of April 11, 2024, here is a
draft charter for a Forum IPR Subcommittee. (This effort is separate, but
somewhat in parallel to the work of the Patent Advisory Group, which will
be handling GoDaddy's Patent Exclusion Notice, filed Mar. 22, 2024, in
All,
I will put this in ballot format. I am looking for endorsers.
Thanks,
Ben
On Tue, Apr 16, 2024 at 10:48 AM Ben Wilson wrote:
> All,
>
> As mentioned during the Forum teleconference of April 11, 2024, here is a
> draft charter for a Forum IPR Subcommittee. (This effort is separate, but
> som
the actuall ballot?
>
>
>
> > Voting shall be egalitarian: all Members shall vote together as a
> single class
>
> Is the intent here to also allow Associated Members, Probationary Members
> and Interested Parties to vote?
>
> Regards,
>
> Martijn
>
>
>
Thanks, Dimitris.
I will make edits to the proposal and get back to everyone.
Ben
On Fri, Apr 19, 2024 at 11:59 AM Dimitris Zacharopoulos (HARICA) via Public
wrote:
> Hi Ben,
>
> On 16/4/2024 7:48 μ.μ., Ben Wilson via Public wrote:
>
> All,
>
> As mentioned during the Fo
2024 7:48 μ.μ., Ben Wilson via Public wrote:
>
> All,
>
> As mentioned during the Forum teleconference of April 11, 2024, here is a
> draft charter for a Forum IPR Subcommittee. (This effort is separate, but
> somewhat in parallel to the work of the Patent Advisory Group, which will
>
Mozilla wants to participate in the new Definitions and Glossary Working
Group.
On Mon, Apr 22, 2024 at 10:27 AM Dimitris Zacharopoulos (HARICA) via Public
wrote:
>
> Dear Members,
>
> I have added the approved Charter of the Definitions and Glossary
> Working Group (DGWG) to the main GitHub For
*Ballot FORUM-022: Establish Forum IPR Subcommittee*
Proposed by Ben Wilson of Mozilla and endorsed by Roman Fischer of
SwissSign and Clint Wilson of Apple.
*Purpose of Ballot*
The CA/Browser Forum’s Intellectual Property Rights (IPR) Policy and
associated documentation were last revised
Hi Dimitris,
There appears to be an open slot on the F2F agenda - Wed. May 29th at 9:05
a.m. I was thinking we could use that time to discuss revocation timelines
and balancing the security provided by revocation with the
security/stability needed to support critical infrastructure. In other
words
*Ballot FORUM-022: Establish Forum IPR Subcommittee*
Proposed by Ben Wilson of Mozilla and endorsed by Roman Fischer of
SwissSign and Clint Wilson of Apple.
*Purpose of Ballot*
The CA/Browser Forum’s Intellectual Property Rights (IPR) Policy and
associated documentation were last revised
Mozilla votes "Yes" on Forum-022, and I'll assume that is what was meant by
Antti.
On Thu, May 16, 2024 at 2:55 AM Backman, Antti <
antti.back...@teliacompany.com> wrote:
> Telia votes ’Yes’ on Ballot FORUM-002
>
>
>
> //Antti
>
>
>
> *From: *Publi
time 5280 was produced, and was decided not to adopt - see
https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html and
https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html
On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilson via Public
mailto:public@cabforum.org>> wrote:
Her
wrote:
That's an interesting take. I read the same discussions and took quite the
opposite conclusion.
On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public mailto:public@cabforum.org> > wrote:
All,
I’ve posted the proposal to the PKIX list and haven’t heard sufficient
o
DigiCert votes “Yes”
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris
Zacharopoulos via Public
Sent: Wednesday, April 5, 2017 1:47 AM
To: public@cabforum.org
Cc: Dimitris Zacharopoulos
Subject: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline
Requirement
DigiCert votes “yes”
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Chris Bailey via
Public
Sent: Sunday, April 2, 2017 2:27 PM
To: public@cabforum.org
Cc: Chris Bailey
Subject: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions
Ballot 194 – Effective Date of Bal
DigiCert votes “yes”
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Monday, April 3, 2017 11:58 AM
To: CABFPub
Cc: Gervase Markham
Subject: [cabfpub] Ballot 195: CAA Fixup
Ballot 195 - CAA Fixup
Purpose of Ballot: The CAB Forum recently pas
DigiCert votes “yes”
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Monday, April 3, 2017 12:06 PM
To: CABFPub
Cc: Gervase Markham
Subject: [cabfpub] Ballot 196: Define "Audit Period"
Ballot 196 - Define "Audit Period"
Purpose of Ballot: It
in the subjectAltName (whose type
dNSName is defined as IA5String)
On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public mailto:public@cabforum.org> > wrote:
If the ballot were amended to address only underscore characters (and delete
outdated content), would there be any endorsers
Any endorsers?
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: Wednesday, April 12, 2017 9:58 AM
To: Ryan Sleevi ; CA/Browser Forum Public Discussion List
Cc: Ben Wilson
Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion
Thanks
nisms that allow you to do what you
want without breaking compliant code.
On Apr 13, 2017, at 12:42 PM, Ben Wilson via Public mailto:public@cabforum.org> > wrote:
Any endorsers?
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: Wednesday, April
ng it as a UTF8String is not valid in the subjectAltName (whose type
dNSName is defined as IA5String)
On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public mailto:public@cabforum.org> > wrote:
If the ballot were amended to address only underscore characters (and delete
outdated content)
All,
I'm looking for two endorsers for a proposed amendment to section 7.1.4.2.1
of the Baseline Requirements--to be modified to allow the underscore
character ("_") in SANs and to remove the sunset language in that section
related to internal names and reserved IP addresses. The revised secti
On Thu, Apr 20, 2017 at 1:07 PM, Ben Wilson via Public mailto:public@cabforum.org> > wrote:
All,
I’m looking for two endorsers for a proposed amendment to section 7.1.4.2.1 of
the Baseline Requirements--to be modified to allow the underscore character
(“_”) in SANs and to remo
DigiCert votes “yes”
From: Public mailto:public-boun...@cabforum.org>>
on behalf of Kirk Hall via Public
mailto:public@cabforum.org>>
Reply-To: CA/Browser Forum Public Discussion List
mailto:public@cabforum.org>>
Date: Tuesday, April 25, 2017 at 10:45 PM
To: CA/Browser Forum Public Discussi
All versions are now posted here -
<https://cabforum.org/baseline-requirements-documents/>
https://cabforum.org/baseline-requirements-documents/
I will upload them to the wiki and update the GitHub version.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson
via
All,
Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5 of the
Baseline Requirements. To provide greater flexibility when revoking
certificates, I am proposing that we remove the 24-hour revocation requirement
from section 4.9.1.1 and replacing it with a criteria-based pr
rch/005312.html
Are there new concerns why that approach wouldn't work?
On Tue, May 2, 2017 at 7:23 PM, Ben Wilson via Public
mailto:public@cabforum.org>> wrote:
All,
Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5 of the
Baseline Require
Two questions, Gerv.
1 - Does this ballot rule out “vanity CAs” – CAs with customer names in the
subject field, even though the key is held by the root CA? (I can provide
further clarification, and/or examples, if necessary.
2- What is the full current wording of Ballot 199?
Thanks,
Gerv,
I think this still presents problems for vanity CAs. I can agree with the need
to validate the entity in the O field (i.e. that the root CA has permission to
create a CA with the sub CA's tradename), but I would want to preserve some
flexibility. Right now, the language I'm concerned ab
Cc: Gervase Markham ; Ben Wilson
Subject: Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate
Certificates
Ben,
That language is already in the BRs. It is unchanged in this ballot.
Thanks,
Peter
> On May 5, 2017, at 10:57 AM, Ben Wilson via Public
> wrote:
>
> G
DigiCert votes yes.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Doug Beattie via
Public
Sent: Friday, May 5, 2017 12:42 PM
To: CA/Browser Forum Public Discussion List
Cc: Doug Beattie
Subject: Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate
Certific
I agree that a one-year validity for OCSP Responders / CRLs is a reasonable
timeframe for off-line CAs.
Ben Wilson, JD, CISA, CISSP
VP Compliance
+1 801 701 9678
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Doug Beattie
via Public
Sent: Wednesday, May 10, 2017 11:15
low them, we need CAs to think about
the technical risks and make proactive suggestions on how best to codify that.
Because just a blanket "1 year responder" can go very wrong
On Wed, May 10, 2017 at 4:40 PM, Ben Wilson via Public mailto:public@cabforum.org> > wrote:
I agree that
As to think about
the technical risks and make proactive suggestions on how best to codify that.
Because just a blanket "1 year responder" can go very wrong
On Wed, May 10, 2017 at 4:40 PM, Ben Wilson via Public mailto:public@cabforum.org> > wrote:
I agree that a one-year validi
whether the text Kirk included in the Review
Notice - which is different than the ballot (since it omits the redlines) -
supersedes/replaces the Ballot itself.
Does this capture every possible interpretation? Are the others?
On Tue, May 16, 2017 at 1:00 PM, Ben Wilson via Public mailto:p
ded the redline
changes). That is, it's unclear whether the text Kirk included in the Review
Notice - which is different than the ballot (since it omits the redlines) -
supersedes/replaces the Ballot itself.
Does this capture every possible interpretation? Are the others?
On Tue, May 1
I am looking for two endorsers for the following motion:
Ballot ___ - RFC5280-related Amendments
The current Baseline Requirements do not expressly allow underscore
characters in Subject Alternative Names. This ballot seeks to clarify that
one or more underscore characters ("_") are allowed in F
Just a clarification for everyone, the text below was copied out of the wiki
with wiki markup language, so the following text is being deleted --(City,
State, and country - Required; Street and postal code - Optional)-(the open
and close parentheses with dashes indicates a deletion).
From: Publ
for ballot 191.
Thanks, Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: Thursday, May 18, 2017 11:18 AM
To: CA/Browser Forum Public Discussion List
mailto:public@cabforum.org>>
Cc: Ben Wilson mailto:ben.wil...@digicert.com>>
Pre-validation is a common practice. Here is scenario:
1 – a. Customer signs a contract with domains listed therein, or
b. signs up for an account, obtains a username/password and submits domain
names.
2 – CA starts the domain validation process
3 – Customer submits CSR
4 – CA co
Ryan,
I agree that a full request needs to be made before a certificate can be
issued. Section 4.1.2 might adequately define a request, but I suppose someone
could improve it with additional definition and/or guidance in this regard. I
would not want to say for certain when a full request
eserved IP Address.
--Motion Ends--
Thanks,
Ben
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: Thursday, April 20, 2017 12:09 PM
To: Ryan Sleevi ; CA/Browser Forum Public Discussion List
Cc: Ben Wilson
Subject: Re: [cabfpub] Pre-Ballot:
DigiCert votes “Yes”
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Virginia
Fournier via Public
Sent: Tuesday, May 16, 2017 2:55 PM
To: CA/Browser Forum Public Discussion List
Cc: Virginia Fournier
Subject: [cabfpub] Ballot 200 - Amendment of Bylaws to add Code of Conduct
me formed by prepending "*." to a
FQDN`
Thanks,
Peter
> On May 25, 2017, at 1:08 PM, Ben Wilson via Public
> wrote:
>
> I’m looking for two endorsers for Ballot 202 – Underscore Characters
> in SANS The current Baseline Requirements do not expressly allow underscore
>
ication of the RFCs by underlying resolver libraries, I fully support a
defense in depth approach that reflects CAs obligations and expectations to
abide by the relative standards and wellformedness.
On Thu, Jun 1, 2017 at 2:21 PM, Ben Wilson via Public mailto:public@cabforum.org> &g
ome itself is working through security issues resulting from
misapplication of the RFCs by underlying resolver libraries, I fully support a
defense in depth approach that reflects CAs obligations and expectations to
abide by the relative standards and wellformedness.
On Thu, Jun 1, 2017 at
Let me word this another way. Who believes that an underscore character cannot
be the first character in an FQDN?
-Original Message-
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: Thursday, June 1, 2017 12:22 PM
To: Peter Bowen ; CA/Browser
1 - 100 of 187 matches
Mail list logo
