[cabfpub] Use of wildcard certificates by cloud operators
Geoff Keating
geoffk at apple.com
Wed May 7 07:02:27 MST 2014
On 6 May 2014, at 12:58 pm, Kelvin Yiu <kelviny at exchange.microsoft.com> wrote:
> It sounds like we have some consensus to move forward on the issue. I can draft a proposal that include the following:
>
> 1. Update Section 11.1.3 to clarify that wildcard is allowed for domains for cloud operators. I hear that when the forum last updated section 11.1.3, there was a lot of headache involved, so I will try to be precise and keep the changes to a minimum.
> 2. Update Section 13.1.5 to allow cloud operators a chance to remedy fraudulent sub domains and within a reasonable time period. The idea is that CAs would still be required to contact the cloud operator. But if the cloud operator can take down any fraudulent site within n days (I think n should be less than 7 days) and can attest the private key is not compromised, revocation is not necessary.
I'd like to also see some kind of filtering for phishing-related domains, some kind of 'best effort' to keep misleading names out in the first place.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140507/0903f180/attachment.bin
More information about the Public
mailing list