[cabfpub] Baseline Requirements as part of browers programs

Rich Smith richard.smith at comodo.com
Thu Apr 3 20:10:15 UTC 2014

It's not any kind of success to those who contributed substantial time and
resources to a work product that was only ever created in the first place at
the request of that single adopter, only to have that single adopter take
the resulting work product and create a closed program which only allows a
very small minority of those who gave their time and effort to benefit from


For one in that minority, I guess it's a resounding success, for the rest it
was and continues to be a complete waste of time and resources, and a
distraction from matters this Forum SHOULD be engaged in which benefit the
entire ecosystem.


Down the road should there either be additional adopters of the
specification, or should the single adopter choose to open their program,
then it may be in this Forum's wider interest to engage in further activity
to revise and improve the specification.  At present, it is not, and it is
IMO in contravention of the Forum bylaws to continue ongoing work unless and
until one of the above conditions is met.


Don't get me wrong, if a vendor wants to run a closed program, that is their
prerogative, but it is not the Forum's job, nor in the interests of the
Forum to do the work to design it for them without some benefit to the wider





From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Jeremy Rowley
Sent: Thursday, April 03, 2014 3:37 PM
To: 'Robin Alden'
Cc: 'CABFPub'
Subject: Re: [cabfpub] Baseline Requirements as part of browers programs


Thanks Robin.  I missed that.  


Still, my underlying point remains the same – a single adopter in a space
where there are only 3-4 major players is a huge success.  The fact that
Microsoft is using the CAB Forum’s EV Guidelines, and choosing to improve
them through that same venue, is a huge success and a tribute to the Forum’s
ability to product relevant and quality work product.  




From: Robin Alden [mailto:robin at comodo.com] 
Sent: Thursday, April 3, 2014 11:07 AM
To: Jeremy Rowley
Subject: Baseline Requirements as part of browers programs


Hi Jeremy,

                You mentioned on today’s call that you thought only Mozilla
had adopted the BRs as part of their CA program.


After refreshing my memory, I believe Microsoft also require compliance with
the BRs – at least for CAs following the WebTrust audit route.


Search for “Qualified Audit Regime”.


They are also replacing the current standard for government CAs with a BR
audit equivalency standard. 


There are a number of other references to the BRs on that page, too.







Robin Alden  M.Sc.  FRI  MIET

CTO -- Comodo

Invent ² Secure

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140403/de01d9ed/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6391 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140403/de01d9ed/attachment-0003.bin>

More information about the Public mailing list