[cabfpub] [CABFORUM] Re: Bylaw update proposal
Dean_Coclin at symantec.com
Mon Mar 23 17:27:49 UTC 2015
They could not become full members until they have satisfied the requirement. That's what our bylaws say today. I'm not changing that.
Our model is that they can become "observers" until they can satisfy that requirement. Observer means they can participate in meetings, conference calls, working groups, etc but cannot vote.
From: Peter Bowen [mailto:pzbowen at gmail.com]
Sent: Monday, March 23, 2015 1:26 PM
To: Dean Coclin
Cc: Ryan Sleevi; public at cabforum.org
Subject: Re: [CABFORUM] Re: [cabfpub] Bylaw update proposal
On Mon, Mar 23, 2015 at 10:21 AM, Dean Coclin <Dean_Coclin at symantec.com> wrote:
> We're not looking for the candidate CA to provide test web pages. We're looking for actual company URLs that they've provided SSL certificates to. This is to prove that they "actively issue certificates to web servers that are openly accessible from the Internet..."
So then the expectation is that a new CA who has not yet been included in browser trust stores, but has passed WebTrust audits and applied to browser programs, could not join? Or they would be admitted as an Associate Member until they either were included in at least one Browser or got a cross-sign from an existing CA?
> -----Original Message-----
> From: Peter Bowen [mailto:pzbowen at gmail.com]
> Sent: Monday, March 23, 2015 1:06 PM
> To: Dean Coclin; Ryan Sleevi
> Cc: public at cabforum.org
> Subject: [CABFORUM] Re: [cabfpub] Bylaw update proposal
> On Mon, Mar 23, 2015 at 8:27 AM, Dean Coclin <Dean_Coclin at symantec.com> wrote:
>> I would like to propose a slight update to the bylaws to reflect our
>> membership requirements. Section 2.1, part (b) talks about what
>> applicants need to provide when requesting membership. As you know,
>> one of the requirements in section (a) is that if a CA, they
>> “…actively issue certificates to Web servers that are openly
>> accessible from the Internet using any of the mainstream browsers”
>> (Ref 2.1 (a) (1+2))
>> “(7) For Issuing and Root CA applicants, provide a URL of at least
>> one website visible on the public Internet which contains an SSL
>> certificate issued by your Issuing CA.”
>> Before I make this a ballot, are there any questions or objections to
>> this clarification?
> How about aligning this with the BR Appendix C and saying:
> (7) For CA applications, provide URLs for your test Web pages that allow Application Software Suppliers to test their software with Subscriber Certificates that chain up to each publicly trusted Root Certificate. At a minimum, this includes separate Web pages using Subscriber Certificates that are (i) valid, (ii) revoked, and (iii) expired.
> Appendix C is normative, so each CA company should be able to provide at least three URLs.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6130 bytes
Desc: not available
More information about the Public