[cabfpub] Baseline Requirements as part of browers programs

Moudrick M. Dadashov md at ssc.lt
Thu Apr 3 20:53:31 UTC 2014 

please can someone help me to understand why you call the EV CS program 
**closed**?

Thanks,
M.D.

On 4/3/2014 11:38 PM, Jeremy Rowley wrote:
>
> Again, I strongly disagree.  Implementers are free to adopt the 
> standards produced as they see fit.  For example, Mozilla chose to 
> implement different standards than the Forum's audit requirements.  
> That's great.  I'm just happy they are using the standard.
>
> Work in the forum is on an entirely a voluntary basis. If Comodo feels 
> that the Forum's code signing work is unproductive, a better approach 
> would be to simply stop following the working group rather than trying 
> to eliminate the entire project.  The attendance on the working group 
> calls indicates that many CAs find that  these guidelines have 
> significant potential to improve the security of the Internet as a whole.
>
> Jeremy
>
> *From:*public-bounces at cabforum.org 
> [mailto:public-bounces at cabforum.org] *On Behalf Of *Rich Smith
> *Sent:* Thursday, April 3, 2014 2:10 PM
> *To:* 'Jeremy Rowley'; 'Robin Alden'
> *Cc:* 'CABFPub'
> *Subject:* Re: [cabfpub] Baseline Requirements as part of browers programs
>
> It's not any kind of success to those who contributed substantial time 
> and resources to a work product that was only ever created in the 
> first place at the request of that single adopter, only to have that 
> single adopter take the resulting work product and create a closed 
> program which only allows a very small minority of those who gave 
> their time and effort to benefit from it.
>
> For one in that minority, I guess it's a resounding success, for the 
> rest it was and continues to be a complete waste of time and 
> resources, and a distraction from matters this Forum SHOULD be engaged 
> in which benefit the entire ecosystem.
>
> Down the road should there either be additional adopters of the 
> specification, or should the single adopter choose to open their 
> program, then it may be in this Forum's wider interest to engage in 
> further activity to revise and improve the specification.  At present, 
> it is not, and it is IMO in contravention of the Forum bylaws to 
> continue ongoing work unless and until one of the above conditions is met.
>
> Don't get me wrong, if a vendor wants to run a closed program, that is 
> their prerogative, but it is not the Forum's job, nor in the interests 
> of the Forum to do the work to design it for them without some benefit 
> to the wider Forum.
>
> Regards,
>
> Rich
>
> *From:*public-bounces at cabforum.org 
> <mailto:public-bounces at cabforum.org> 
> [mailto:public-bounces at cabforum.org] *On Behalf Of *Jeremy Rowley
> *Sent:* Thursday, April 03, 2014 3:37 PM
> *To:* 'Robin Alden'
> *Cc:* 'CABFPub'
> *Subject:* Re: [cabfpub] Baseline Requirements as part of browers programs
>
> Thanks Robin.  I missed that.
>
> Still, my underlying point remains the same -- a single adopter in a 
> space where there are only 3-4 major players is a huge success.  The 
> fact that Microsoft is using the CAB Forum's EV Guidelines, and 
> choosing to improve them through that same venue, is a huge success 
> and a tribute to the Forum's ability to product relevant and quality 
> work product.
>
> Jeremy
>
> *From:*Robin Alden [mailto:robin at comodo.com]
> *Sent:* Thursday, April 3, 2014 11:07 AM
> *To:* Jeremy Rowley
> *Cc:* CABFPub
> *Subject:* Baseline Requirements as part of browers programs
>
> Hi Jeremy,
>
>                 You mentioned on today's call that you thought only 
> Mozilla had adopted the BRs as part of their CA program.
>
> After refreshing my memory, I believe Microsoft also require 
> compliance with the BRs -- at least for CAs following the WebTrust 
> audit route.
>
> http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx
>
> Search for "Qualified Audit Regime".
>
> They are also replacing the current standard for government CAs with a 
> BR audit equivalency standard.
>
> There are a number of other references to the BRs on that page, too.
>
> Regards
>
> Robin
>
> Robin Alden  M.Sc. FRI  MIET
>
> CTO -- Comodo
>
> Invent ² Secure
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140403/5acd6867/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3663 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140403/5acd6867/attachment-0001.p7s>

More information about the Public mailing list