<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font face="Calibri">OK. then I agree.</font><font face="Calibri"></font><br>
</p>
<br>
<div class="moz-cite-prefix">Il 24/08/2017 07:44, Jeremy Rowley ha
scritto:<br>
</div>
<blockquote type="cite"
cite="mid:9e7afd8d95544967b6ea2a02a5778222@EX2.corp.digicert.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">Under this
change, email is not the only way to manage Certificate
Problem Reports. The change requires CAs to support at least
email, but the CA may support any other methods they want to
manage. Regardless of potential spam, requiring CAs to
manage one mailing list doesn’t seem unreasonable
considering how difficult/annoying other methods are. <o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"
moz-do-not-send="true"><span style="color:windowtext"><o:p> </o:p></span></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Public
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Adriano
Santoni via Public<br>
<b>Sent:</b> Wednesday, August 23, 2017 11:40 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> Re: [cabfpub] Revocation ballot v2<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">The problem I
see with mandating an email address as the only way to report
a problem to the CA is that mailboxes are subject to spamming.
Our certificate problem reporting mailbox is being targeted to
spam more and more, lately, and it is not always easy and
quick to tell apart real problem reports and spam.<o:p></o:p></p>
<div>
<p class="MsoNormal">Il 24/08/2017 02:45, Gervase Markham via
Public ha scritto:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>On 23/08/17 17:39, Jeremy Rowley via Public wrote:<o:p></o:p></pre>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>“Certificate Problem Report: A complaint of suspected Key Compromise,<o:p></o:p></pre>
<pre>Certificate misuse, or other types of fraud, compromise, misuse, or<o:p></o:p></pre>
<pre>inappropriate conduct related to Certificates that is sent to an email<o:p></o:p></pre>
<pre>address publicly specified in the CA’s repository. “<o:p></o:p></pre>
</blockquote>
<pre><o:p> </o:p></pre>
<pre>I think that if we want to mandate that the CA's Problem Reporting<o:p></o:p></pre>
<pre>Mechanisms include at minimum an email address, we should say that in<o:p></o:p></pre>
<pre>the relevant section, rather than slip it in here.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>I would be in support of such a change. :-) We are considering it for<o:p></o:p></pre>
<pre>Mozilla policy. People currently find it too difficult to send reports<o:p></o:p></pre>
<pre>to multiple CAs, having to cope with lots of different mechanisms.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Gerv<o:p></o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Public@cabforum.org" moz-do-not-send="true">Public@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://cabforum.org/mailman/listinfo/public" moz-do-not-send="true">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>