[cabfpub] Ballot 122 - Verified Method of Communication

Ben Wilson ben at digicert.com
Wed Jun 11 17:49:57 UTC 2014


Aside from the mention of "email address" in the proposed definition of
"verified method of communication", which could be made more secure with a
method that mitigates interception, I don't understand why this ballot
didn't pass.  Arguments about NSA aside, the use of an ITU-T E.164 phone
number is not "usually" intercepted without a court-issued search warrant.
I'll admit that the explanation of what "ITU-T .164-compliant" means could
have been better, but I think the Wikipedia article explains it pretty well.
http://en.wikipedia.org/wiki/E.164  -  E.164 defines a general format for
international telephone numbers. Plan-conforming numbers are limited to a
maximum of 15 digits.[1] The presentation of numbers is usually prefixed
with the character + (plus sign), indicating that the number includes the
international country calling code (country code), and must typically be
prefixed when dialing with the appropriate international call prefix, which
is a trunk code to reach an international circuit from within the country of
call origination.
The title of the original version and first revision of the E.164 standard
was "Numbering Plan for the ISDN Era".
If there are spoofing concerns in unidirectional phone calls from CA to
Applicant and it needs to be tied down by VOIP experts, then let's get them
involved in the conversation.  Let's discuss this at the F2F.

,

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of i-barreira at izenpe.net
Sent: Tuesday, May 27, 2014 7:29 AM
To: steve.roylance at globalsign.com
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 122 - Verified Method of Communication

Hi Steve,

Not sure exactly what you mean with the official e-mail channel. What we
have in Spain is a list of places where to find this relevant information to
provide a reliable identification of the requester.

For example, if the requester is a "private" company, then you can search
for all the information in the official link (www.registradores.es) which is
managed by the government. You can also check out in English.
Here you get all the information of the company, its official name, company
ID code, address, etc.

If the requester is a "public" organization, then you can seach in some of
the public websites or official bulletins of the different governments
(local, autonomic, national), but there´s another online option like
www.060.es in which you can have for example of all the electronic sites of
the public administrations at the so called "common electronic registry".
Another option is to check the official Data protection agencies in which
all the companies have to register their files.

So, basically, two places where to get official, reliable and up to date
information of the requester.

Is this what you were asking for?

Regards

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net
945067705


ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.

-----Mensaje original-----
De: Steve Roylance [mailto:steve.roylance at globalsign.com]
Enviado el: martes, 27 de mayo de 2014 9:46
Para: Barreira Iglesias, Iñigo
CC: public at cabforum.org; 'Jeremy Rowley'; 'Moudrick M. Dadashov';
richard.smith at comodo.com; 'Kelvin Yiu'; 'Ryan Sleevi'; 'Gervase Markham'
Asunto: RE: [cabfpub] Ballot 122 - Verified Method of Communication

Hi Inigo,

Gerv wrote:-

> It's fairly hard for a non-government to intercept and redirect a 
> letter,
or a call
> made from a landline phone to another one. Do we have the same level 
> of confidence about mobile phones, email addresses etc.?

As I mentioned, I know that Italy has an official e-mail communication path
but I'd need to consult people to be able to tell the group how it works
exactly. 

I wonder if you would be so kind as to explain the use of the official
e-mail channel in Spain?   

Steve


_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5442 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140611/fbf0501e/attachment.p7s>


More information about the Public mailing list