[cabfpub] Use of wildcard certificates by cloud operators

Geoff Keating geoffk at apple.com
Wed May 7 14:02:27 UTC 2014

On 6 May 2014, at 12:58 pm, Kelvin Yiu <kelviny at exchange.microsoft.com> wrote:

> It sounds like we have some consensus to move forward on the issue. I can draft a proposal that include the following:
> 1. Update Section 11.1.3 to clarify that wildcard is allowed for domains for cloud operators. I hear that when the forum last updated section 11.1.3, there was a lot of headache involved, so I will try to be precise and keep the changes to a minimum. 
> 2. Update Section 13.1.5 to allow cloud operators a chance to remedy fraudulent sub domains and within a reasonable time period. The idea is that CAs would still be required to contact the cloud operator. But if the cloud operator can take down any fraudulent site within n days (I think n should be less than 7 days) and can attest the private key is not compromised, revocation is not necessary. 

I'd like to also see some kind of filtering for phishing-related domains, some kind of 'best effort' to keep misleading names out in the first place.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140507/0903f180/attachment-0001.p7s>

More information about the Public mailing list