[cabfpub] [cabfman] Ballot 92 - Subject Alternative Names

Brian Trzupek BTrzupek at trustwave.com
Fri Nov 16 22:31:53 UTC 2012

So, is it a fair summary to say:

A) with the baselines we have blessed methods to validate domains.

B) we can have multiple domains (San) in those certs.

C) when we try an issue an OV cert, now there is a perceived confusion of the relying party in instances where there are multiple organizations for the included domains?

Maybe this is over simplifying, but with baseline Multi org DV is just fine because the cert presents no org, but we are trying to nail down who the org "should" be in the OV equivalent?

(I know there are other potential items in this ballot, but this is of the most interest to me)


Sent from my iPhone

On Nov 16, 2012, at 3:57 PM, "Eddy Nigg (StartCom Ltd.)" <eddy_nigg at startcom.org<mailto:eddy_nigg at startcom.org>> wrote:

On 11/16/2012 11:36 PM, From Eddy Nigg (StartCom Ltd.):

As long as there are CAs that will sign just anything and everything (for pay), what does it matter if there are revocation capabilities?

Don't make EV weaker than it is already, we have enough trouble earning some credibility in the other settings, we don't need more of that.

Having said that, even though I'm in disagreement with Gerv about his perception regarding OV certificates, it's still troubling to hear that there is still no confidence in the work and diligence most of us probably do.

If we can change this perception by raising the bar with serious and reasonable improvements, we probably should do it. We certainly should eliminate well known risk first.


Signer:         Eddy Nigg, COO/CTO
        StartCom Ltd.<http://www.startcom.org>
XMPP:   startcom at startcom.org
Blog:   Join the Revolution!<http://blog.startcom.org>
Twitter:        Follow Me<http://twitter.com/eddy_nigg>

Management mailing list
Management at cabforum.org<mailto:Management at cabforum.org>


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121116/5fbd1a0b/attachment-0004.html>

More information about the Public mailing list