[cabfpub] FW: Bylaw update proposal

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Mon Mar 23 22:08:37 MST 2015 

Reposting for Peter.

You raise a good question (concern) – do the companies listed have valid and current WebTrust and BR WebTrust audits (or ETSI equivalents)?

Or are their operations covered by the WebTrust and BR WebTrust audits (or ETSI equivalents) of the root CAs that issued them their unconstrained subCA?

That’s a question for the browsers – Browsers, what do you say?

From: Peter Bowen [mailto:pzbowen at gmail.com]
Sent: Monday, March 23, 2015 9:53 PM
To: Kirk Hall (RD-US)
Cc: CABFPub
Subject: Re: [cabfpub] Bylaw update proposal

Every company I listed has at least one (usually several) CA:TRUE certs showing up in the CT logs.  Almost all of them have no name constraints, so that should mean there is a WebTrust or ETSI audit covering their CA cert.  Depending on the definition of "operates", then they probably all qualify.

On Mon, Mar 23, 2015 at 9:34 PM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> <kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>> wrote:
If they “operate a certification authority,” have current WebTrust and BR WebTrust audits (or ETSI equivalents), and “actively issue certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers,” apply to join, and can otherwise demonstrate what we ask for in the Bylaws with their application, then I think the answer is yes.

I’m not sure if the companies listed below have unconstrained subCAs or constrained subCAs (or do they have their own roots?).  If they only have constrained subCAs, then maybe they aren’t really “operating a certification authority” and would not qualify for membership.

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org<mailto:public-bounces at cabforum.org>] On Behalf Of Ryan Sleevi
Sent: Monday, March 23, 2015 7:22 PM

To: CABFPub
Subject: Re: [cabfpub] Bylaw update proposal


Reposting with permission
On Mar 23, 2015 7:01 PM, "Peter Bowen" <pzbowen at gmail.com<mailto:pzbowen at gmail.com>> wrote:
As the bylaw is written today, a number of companies could probably qualify to be voting members, including:

Adidas
Aetna
Bechtel
Dell
Disney
Domeny.pl
Eterna
Experian
Gandi
Globe Hosting
Intel
K Software
Marks and Spencer
Munich Re
SAIC
Siemens
Site Blindado
SSL.com
Unisys

I suspect a number of these are constrained CAs, either via technical or contract constraints.  Are these all eligible to join?

Thanks,
Peter


On Mon, Mar 23, 2015 at 10:17 AM, Dean Coclin <Dean_Coclin at symantec.com<mailto:Dean_Coclin at symantec.com>> wrote:
Well, that’s all that we ask for today. But sure, I guess we could ask for a specific number.
Dean

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org<mailto:public-bounces at cabforum.org>] On Behalf Of Eddy Nigg
Sent: Monday, March 23, 2015 1:01 PM
To: CABFPub
Subject: Re: [cabfpub] Bylaw update proposal

Hi Dean,
On 03/23/2015 05:27 PM, Dean Coclin wrote:
Therefore, I’d like to suggest we add a number (7) to section (b), Applicants should supply the following information:
ADD:
“(7) For Issuing and Root CA applicants, provide a URL of at least one website visible on the public Internet which contains an SSL certificate issued by your Issuing CA.”


Is one web site enough to satisfy the requirement of ...actively issue certificates to Web servers... ? Or is there another measurement we could take and define?
--
Regards



Signer:

Eddy Nigg, COO/CTO



StartCom Ltd.<http://www.startcom.org>

XMPP:

startcom at startcom.org<mailto:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Twitter:

Follow Me<http://twitter.com/eddy_nigg>





_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public


TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.



_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public


<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150324/5d358279/attachment-0001.html

More information about the Public mailing list