[cabfpub] Ballot 129 - Update PSL language in BR 11.1.3

Ben Wilson Ben.Wilson at digicert.com
Thu Jul 24 17:50:34 UTC 2014


Rick,
As the other endorser on this ballot, do you consent to this amendment?
Thanks,
Ben

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Monday, July 21, 2014 9:28 AM
To: Gervase Markham; Brian Smith
Cc: CABFPub
Subject: Re: [cabfpub] Ballot 129 - Update PSL language in BR 11.1.3

I have no objection.

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Monday, July 21, 2014 3:32 AM
To: Brian Smith
Cc: CABFPub
Subject: Re: [cabfpub] Ballot 129 - Update PSL language in BR 11.1.3

On 20/07/14 02:34, Brian Smith wrote:
> On Fri, Jul 18, 2014 at 3:56 AM, Gervase Markham <gerv at mozilla.org> wrote:
>> If the process for making this determination is standardized by an 
>> RFC, then such a procedure SHOULD be preferred.
> 
> I think that this part is very problematic.

I would note that this part is already in the document, and has been since we wrote this section. Of course, that doesn't mean we can't change it.

> Firstly, there are lots of kinds of RFCs; presumably you mean "IETF 
> proposed standard or IETF standard."

Probably; I think the chances of people going off and following some random RFC on this topic which wasn't meant for that purpose are low.

> Secondly, it also assumes that any IETF standard will be a good one 
> that is reasonable for us all to implement (and also that there is 
> only one such standard). I don't think that is a safe assumption. It 
> is far from clear that any DNS-based solution will have good enough 
> performance characteristics, and more generally it isn't clear that a 
> standardized mechanism will be technically superior to the use of the 
> PSL for the same purpose, though of course we would hope that would be 
> the case.

The issues which might prevent such a standard being used in real time by browsers probably are not nearly as great for certificate issuance.

Having said that, you are right that it is at least possible that the ICANN/PRIVATE split might not make it into an IETF standard, which would mean further guidance would be needed anyway.

Would anyone object to removing this sentence?

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public



More information about the Public mailing list