[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements

Ryan Hurst ryan.hurst at globalsign.com
Wed Aug 7 12:03:59 MST 2013


Post from 2004 on this topic: http://unmitigatedrisk.com/?p=8

Ryan Hurst
Chief Technology Officer
GMO Globalsign

twitter: @rmhrisk
email: ryan.hurst at globalsign.com
phone: 206-650-7926

Sent from my phone, please forgive the brevity.

On Aug 7, 2013, at 11:58 AM, "Eddy Nigg (StartCom Ltd.)" <eddy_nigg at startcom.org> wrote:

> 
> On 08/07/2013 08:59 PM, From Ryan Sleevi:
>> 
>> The cited libraries will all treat the SGC EKUs as equivalent to Server Auth in that case. As such, certs with SGC EKUs would need to be in scope, because they'd be technically possible to be used as server certs.
> 
> You might be right - the concern is what Gerv already mentioned here: https://bugzilla.mozilla.org/show_bug.cgi?id=476807
> 
> Anyone still using "It supports SGC/Step Up" as a marketing mechanism is either a) encouraging the use of long-outdated, insecure and standards-incompliant browsers, or b) using FUD.
> 
> 
> 
> Regards 
>  
> Signer: 	Eddy Nigg, COO/CTO
>  	StartCom Ltd.
> XMPP: 	startcom at startcom.org
> Blog: 	Join the Revolution!
> Twitter: 	Follow Me
>  
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130807/1b6005d5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2098 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130807/1b6005d5/attachment.bin 


More information about the Public mailing list