[cabfpub] Reposts/Forwards to the Public List (Was: Re: FW: FW: downgrade DV UI RE: OIDs for DV and OV)

Ryan Sleevi sleevi at google.com
Mon Nov 10 13:06:40 MST 2014 

Hi Dean,

As a question regarding our bylaws, we setup the public list to be
write-only due to concerns about the IPR policy (
https://cabforum.org/ipr-policy/)

However, as we've done so, we've seen a varying degrees of participation
coming in through either our questions@ list (as Entrust used to do) or
through members reposting on behalf of others (as was originally done for
Entrust, and as you've done here). In both cases, the originator of the
message is not required to agree to the IPR policy.

I'm not sure that reposting to the public list is appropriate here. For
example, what if John has some IPR regarding the presentation of
certificates? We don't know, and his contributions - like Entrust's - are
not bound by the IPR policy, and AIUI, your reposting also can't bind their
IPR to the policy.

Understandably, we'd love to see full public participation in the
discussions, which we advocated for throughout the IPR discussions. But now
that the Forum has set our policies, should we adhere to them, as onerous
and unfortunate as we (Google) find them.

On Mon, Nov 10, 2014 at 11:57 AM, Dean Coclin <Dean_Coclin at symantec.com>
wrote:

> Re-posting to the list by permission of the author...
>
> -----Original Message-----
> From: John Nagle [mailto:nagle at sitetruth.com]
> Sent: Friday, November 07, 2014 12:07 AM
> To: Dean Coclin
> Subject: Re: [cabfpub] FW: downgrade DV UI RE: OIDs for DV and OV
>
>     The significant benefit of an EV certificate is a stronger financial
> guarantee made by the CA to the relying party.  Here are Symantec's
> guaranties:
>
> http://www.symantec.com/content/en/us/about/media/repository/stn-cp.pdf
>
> Table 9 - Class Liability Caps
> Class 1 One Hundred U.S. Dollars ($ 100.00 US) Class 2 Five Thousand U.S.
> Dollars ($ 5,000.00 US) Class 3 One Hundred Thousand U.S. Dollars ($
> 100,000.00 US)
>
> These classes seem to correspond to DV, OV, and EV certs.
> (Task for CA/Browser Forum - standardize that terminology).
> That's the real difference between OV and EV.  OV should be considered the
> minimum for submitting a credit card number.
> That's the message to get across to the end user via the browser.
>
> It's also a marketing point that the CA industry is not making.
>
>                                 John Nagle
>                                 SiteTruth
>
> (feel free to repost this to the list.)
>
>
>
> On 11/05/2014 11:35 AM, Dean Coclin wrote:
> > Reposting to the list (with permission of the author)...
> >
> >> -----Original Message-----
> >> From: Matt Palmer [mailto:mpalmer at hezmatt.org]
> >> Sent: Wednesday, November 05, 2014 4:17 PM
> >> To: Dean Coclin
> >> Subject: Re: downgrade DV UI RE: OIDs for DV and OV
> >>
> >> [Replying privately, since I'm not privileged enough to post to the
> >> list]
> >>
> >> On Tue, Nov 04, 2014 at 06:07:17PM -0800, Dean Coclin wrote:
> >>> More specifically, is DV a sufficient use case for the majority of
> >>> Internet e-commerce?
> >>
> >> No, it isn't.  However, Internet e-commerce is not the use case for
> >> the majority of HTTPS traffic, let alone the majority of
> >> communication on the Internet which would benefit from being
> TLS-protected.
> >>
> >> - Matt
> >>
> >
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141110/5d40ccf3/attachment.html

More information about the Public mailing list