[cabfpub] [cabfman] Ballot 92 - Subject Alternative Names

[Jeremy Rowley]

I believe you mean MDCs.  No one is trying to outlaw SANs.  In fact, all certs are SANs certs since subject alternative names are required under the baseline requirements.  I disagree that OV is required in almost any case:  

 

For example, a DV cert could contain:

Example.com

Mail.example.com

Domain.example.com

Secure.example.com 

 

Similarly, an MDC containing the following domain names would not require subject identity vetting:

Paypal.com

Ebay.com

 

Nothing would prevent separate DV certs from being issued to:

DigiCert.com

Trendmicro.com

Symantec.com

 

Thanks,

Jeremy

 

 

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Friday, November 16, 2012 11:06 AM
To: Steve Roylance
Cc: 'CABForum Management'; public at cabforum.org
Subject: Re: [cabfpub] [cabfman] Ballot 92 - Subject Alternative Names

 

The only way a CA could comply with your rules would be to do an OV authentication for every customer before deciding whether or not to issue a DV SANs cert.  That’s pretty much the same as outlawing DV SANs certs

 

From: Steve Roylance [mailto:steve.roylance at globalsign.com] 
Sent: Friday, November 16, 2012 9:33 AM
To: Kirk Hall (RD-US)
Cc: 'CABForum Management'; public at cabforum.org
Subject: Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names

 

Kirk,

 

It is NOT meant to prohibit  all types of DV SANs

 

It is meant to prohibit DV SANs under certain conditions i.e. where non unique information is contained, or Public IPs are used, or there is a mixture of owners as detailed by the domain registration.

 

If you own kirk.com and finewineexpert.com then you can have both inside if they are registered to you.

 

Please read the text again carefully and highlight which situation you specifically don't agree with and why you feel it's acceptable to continue.

 

Steve

 

From: "kirk_hall at trendmicro.com" <kirk_hall at trendmicro.com>
Date: Friday, 16 November 2012 17:24
To: CABForum Management <management at cabforum.org>, "public at cabforum.org" <public at cabforum.org>
Subject: Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names

 

To help members evaluate Ballot 92 we are attaching a side-by-side comparison of current Baseline Requirements language with the proposed new language.  As before, the intent of this ballot is to prohibit DV SANs certificates, which we will oppose.

 

Trend Micro does not issue DV certificates, but we think they serve a valuable security function in increasing the use of SSL.  Forcing customers to buy OV certs instead is anti-competitive and will likely lead to less use of SSL to secure sites.



TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidentialand may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

_______________________________________________ Management mailing list Management at cabforum.org https://cabforum.org/mailman/listinfo/management 



 
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121116/33bf22b0/attachment-0004.html>