[cabfpub] Reposts/Forwards to the Public List (Was: Re: FW: FW: downgrade DV UI RE: OIDs for DV and OV)

Ryan Sleevi sleevi at google.com
Mon Nov 10 20:20:42 UTC 2014 

As discussed in the past, it'd be great if we could find a way to welcome
this participation. For example, through the IETF Note Well process (
https://www.ietf.org/about/note-well.html ), in which any of the
contributions are subject to the IPR policy, without bringing about the
entire IPR commitment that some organizations had issue with.

As I am most certainly not a lawyer, it'd be great to hear from those who
were most concerned about the IPR about this, without having to re-open the
entire IPR policy discussion.

On Mon, Nov 10, 2014 at 12:17 PM, Dean Coclin <Dean_Coclin at symantec.com>
wrote:

> Thanks for bringing that up. The thought crossed my mind before I
> re-posted this and the message from Matt but I recalled (as you did) what
> used to happen with Entrust. For those unfamiliar, Entrust (who at the time
> were not CA/B members) would post to: questions at cabforum.org and I
> believe a member would reply to the public list with Entrust’s comments
> below it. So that message was effectively “re-posted” to the public list.
>
>
>
> Now, I didn’t realize (or take into account) any IPR issues. If this is an
> issue, then I won’t re-post any messages. But the public can still post to
> questions at cabforum.org.
>
>
>
> Thanks,
> Dean
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Monday, November 10, 2014 3:07 PM
> *To:* Dean Coclin
> *Cc:* public at cabforum.org
> *Subject:* Reposts/Forwards to the Public List (Was: Re: [cabfpub] FW:
> FW: downgrade DV UI RE: OIDs for DV and OV)
>
>
>
> Hi Dean,
>
>
>
> As a question regarding our bylaws, we setup the public list to be
> write-only due to concerns about the IPR policy (
> https://cabforum.org/ipr-policy/)
>
>
>
> However, as we've done so, we've seen a varying degrees of participation
> coming in through either our questions@ list (as Entrust used to do) or
> through members reposting on behalf of others (as was originally done for
> Entrust, and as you've done here). In both cases, the originator of the
> message is not required to agree to the IPR policy.
>
>
>
> I'm not sure that reposting to the public list is appropriate here. For
> example, what if John has some IPR regarding the presentation of
> certificates? We don't know, and his contributions - like Entrust's - are
> not bound by the IPR policy, and AIUI, your reposting also can't bind their
> IPR to the policy.
>
>
>
> Understandably, we'd love to see full public participation in the
> discussions, which we advocated for throughout the IPR discussions. But now
> that the Forum has set our policies, should we adhere to them, as onerous
> and unfortunate as we (Google) find them.
>
>
>
> On Mon, Nov 10, 2014 at 11:57 AM, Dean Coclin <Dean_Coclin at symantec.com>
> wrote:
>
> Re-posting to the list by permission of the author...
>
> -----Original Message-----
> From: John Nagle [mailto:nagle at sitetruth.com]
> Sent: Friday, November 07, 2014 12:07 AM
> To: Dean Coclin
> Subject: Re: [cabfpub] FW: downgrade DV UI RE: OIDs for DV and OV
>
>     The significant benefit of an EV certificate is a stronger financial
> guarantee made by the CA to the relying party.  Here are Symantec's
> guaranties:
>
> http://www.symantec.com/content/en/us/about/media/repository/stn-cp.pdf
>
> Table 9 - Class Liability Caps
> Class 1 One Hundred U.S. Dollars ($ 100.00 US) Class 2 Five Thousand U.S.
> Dollars ($ 5,000.00 US) Class 3 One Hundred Thousand U.S. Dollars ($
> 100,000.00 US)
>
> These classes seem to correspond to DV, OV, and EV certs.
> (Task for CA/Browser Forum - standardize that terminology).
> That's the real difference between OV and EV.  OV should be considered the
> minimum for submitting a credit card number.
> That's the message to get across to the end user via the browser.
>
> It's also a marketing point that the CA industry is not making.
>
>                                 John Nagle
>                                 SiteTruth
>
> (feel free to repost this to the list.)
>
>
>
>
> On 11/05/2014 11:35 AM, Dean Coclin wrote:
> > Reposting to the list (with permission of the author)...
> >
> >> -----Original Message-----
> >> From: Matt Palmer [mailto:mpalmer at hezmatt.org]
> >> Sent: Wednesday, November 05, 2014 4:17 PM
> >> To: Dean Coclin
> >> Subject: Re: downgrade DV UI RE: OIDs for DV and OV
> >>
> >> [Replying privately, since I'm not privileged enough to post to the
> >> list]
> >>
> >> On Tue, Nov 04, 2014 at 06:07:17PM -0800, Dean Coclin wrote:
> >>> More specifically, is DV a sufficient use case for the majority of
> >>> Internet e-commerce?
> >>
> >> No, it isn't.  However, Internet e-commerce is not the use case for
> >> the majority of HTTPS traffic, let alone the majority of
> >> communication on the Internet which would benefit from being
> TLS-protected.
> >>
> >> - Matt
> >>
> >
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141110/a662b507/attachment-0003.html>

More information about the Public mailing list