<div dir="ltr">Greetings,<div><br></div><div>To make commenting easier, I've converted the doc to Markdown and put it on Github:</div><div><br></div><div><a href="https://github.com/awhalley/docs-for-comment/blob/master/SHA1RequestProcedure.MD">https://github.com/awhalley/docs-for-comment/blob/master/SHA1RequestProcedure.MD<br></a></div><div><br></div><div>Pull requests most welcome.</div><div><br></div><div>I've incorporated the feedback from Eric about ensuring the list is CCed on any response, and some typos he caught. </div><div><br></div><div>(For anybody who's looked at the PDF, the differences from that are minor and <a href="https://github.com/awhalley/docs-for-comment/compare/0d991867eea023b3d60e3485685ee341f2dc2668...ae0261cd723487f44cc6301f939fbc2350e5a381?name=ae0261cd723487f44cc6301f939fbc2350e5a381&short_path=74615fb#diff-74615fb5efdb17b5b1e612614841494b">shown here</a>)</div><div><br></div><div>Cheers,</div><div><br></div><div>Andrew</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 3, 2016 at 1:53 PM, Andrew R. Whalley <span dir="ltr"><<a href="mailto:awhalley@google.com" target="_blank">awhalley@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Greetings,<div><br></div><div>At the face to face meeting in Bilbao we heard there's still a need for new SHA-1 certs from some sectors, most notably the payment industry, to avoid outages of critical systems with real world impact. We discussed if there was a way we might balance these cases against the vitally important need to ensure the security and safety of the public PKI.</div><div><br></div><div>Please take a look at the proposed procedure, attached. It outlines a way for CAs to request an exceptional SHA-1 issuance, including details which would help with a risk management decision. It's not a guaranty that any such issuance would be acceptable, but provides a more structured approach than what's already occurred this year, e.g. with worldpay.</div><div><br></div><div>I look forward to comments.</div><div><br></div><div>Cheers,</div><div><br></div><div>Andrew</div><div><br></div></div>
</blockquote></div><br></div>