[cabfpub] [cabfman] Ballot 92 - Subject Alternative Names

Steve Roylance steve.roylance at globalsign.com
Fri Nov 16 19:12:13 UTC 2012 

Hi Kirk,

No it would not.   It would depend on the certificate they requested.   I
assume that shop keepers in the US don't card 9 year olds buying chocolates
but if they asked for alcohol the situation changes.

It would only be applicable in the 3 instances shown (Which are not the
majority of cases) and in one of those would not be necessary if the domain
registration information all aligned.  They could then choose to include it
or not.

If Trend does not offer DV certificates then it might be best to abstain
from this one rather than confusing the rest of the members who also may/may
not have experience here.

Steve

From:  "kirk_hall at trendmicro.com" <kirk_hall at trendmicro.com>
Date:  Friday, 16 November 2012 18:06
To:  Steve Roylance <steve.roylance at globalsign.com>
Cc:  CABForum Management <management at cabforum.org>, "public at cabforum.org"
<public at cabforum.org>
Subject:  RE: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names

The only way a CA could comply with your rules would be to do an OV
authentication for every customer before deciding whether or not to issue a
DV SANs cert.  That¹s pretty much the same as outlawing DV SANs certs
 

From: Steve Roylance [mailto:steve.roylance at globalsign.com]
Sent: Friday, November 16, 2012 9:33 AM
To: Kirk Hall (RD-US)
Cc: 'CABForum Management'; public at cabforum.org
Subject: Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names
 

Kirk,

 

It is NOT meant to prohibit  all types of DV SANs

 

It is meant to prohibit DV SANs under certain conditions i.e. where non
unique information is contained, or Public IPs are used, or there is a
mixture of owners as detailed by the domain registration.

 

If you own kirk.com and finewineexpert.com then you can have both inside if
they are registered to you.

 

Please read the text again carefully and highlight which situation you
specifically don't agree with and why you feel it's acceptable to continue.

 

Steve

 

From: "kirk_hall at trendmicro.com" <kirk_hall at trendmicro.com>
Date: Friday, 16 November 2012 17:24
To: CABForum Management <management at cabforum.org>, "public at cabforum.org"
<public at cabforum.org>
Subject: Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names

 

To help members evaluate Ballot 92 we are attaching a side-by-side
comparison of current Baseline Requirements language with the proposed new
language.  As before, the intent of this ballot is to prohibit DV SANs
certificates, which we will oppose.
 
Trend Micro does not issue DV certificates, but we think they serve a
valuable security function in increasing the use of SSL.  Forcing customers
to buy OV certs instead is anti-competitive and will likely lead to less use
of SSL to secure sites.
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is
confidentialand may be subject to copyright or other intellectual property
protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail
or
telephone and delete the original message from your mail system.
_______________________________________________ Management mailing list
Management at cabforum.org https://cabforum.org/mailman/listinfo/management
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail
or
telephone and delete the original message from your mail system.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121116/dfa699f1/attachment-0004.html>

More information about the Public mailing list