[cabfcert_policy] FW: [cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements

[Ben Wilson]

And one more.



From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Tuesday, February 28, 2017 10:28 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Ben Wilson <ben.wilson at digicert.com>
Subject: Re: [cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements



Google votes NO



In voting no, we recognize it is an important task to resolve, and we are appreciative of the effort that has gone in so far, as this has been no simple matter. Unfortunately, we believe that many of these proposals meaningfully and measurably alter the Baseline Requirements in ways that are detrimental to security or clarity.



Should this Ballot fail, as we believe these issues are significant enough that we hope other CAs and Browsers carefully consider the impact, we look forward to continuing the discussions during our next F2F about effective strategies on how to address these issues in a way that best meets the goals of all participants.



In reviewing the discussions, to better understand and appreciate the intent behind the various proposals found within this Ballot, it's quite clear that suggestions such as those offered in https://cabforum.org/pipermail/policyreview/2016-November/000358.html would have significantly avoided these issues, while still achieving their goal of providing greater clarity for both CAs and auditors.



Unquestionably, our biggest concern with this ballot is the apparent and significant divergence in approach from the underlying specifications of X.509 and RFC 5280. From the replies, this was clearly intentional to choose terminology that conflicts, but as a consequence, creates issues not just through the Baseline Requirements, but in the application of these specifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20170427/a68ac4e7/attachment.html>