[cabfpub] Bylaw update proposal
kirk_hall at trendmicro.com
kirk_hall at trendmicro.com
Tue Mar 24 04:34:21 UTC 2015
If they “operate a certification authority,” have current WebTrust and BR WebTrust audits (or ETSI equivalents), and “actively issue certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers,” apply to join, and can otherwise demonstrate what we ask for in the Bylaws with their application, then I think the answer is yes.
I’m not sure if the companies listed below have unconstrained subCAs or constrained subCAs (or do they have their own roots?). If they only have constrained subCAs, then maybe they aren’t really “operating a certification authority” and would not qualify for membership.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Monday, March 23, 2015 7:22 PM
To: CABFPub
Subject: Re: [cabfpub] Bylaw update proposal
Reposting with permission
On Mar 23, 2015 7:01 PM, "Peter Bowen" <pzbowen at gmail.com<mailto:pzbowen at gmail.com>> wrote:
As the bylaw is written today, a number of companies could probably qualify to be voting members, including:
Adidas
Aetna
Bechtel
Dell
Disney
Domeny.pl
Eterna
Experian
Gandi
Globe Hosting
Intel
K Software
Marks and Spencer
Munich Re
SAIC
Siemens
Site Blindado
SSL.com
Unisys
I suspect a number of these are constrained CAs, either via technical or contract constraints. Are these all eligible to join?
Thanks,
Peter
On Mon, Mar 23, 2015 at 10:17 AM, Dean Coclin <Dean_Coclin at symantec.com<mailto:Dean_Coclin at symantec.com>> wrote:
Well, that’s all that we ask for today. But sure, I guess we could ask for a specific number.
Dean
From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org<mailto:public-bounces at cabforum.org>] On Behalf Of Eddy Nigg
Sent: Monday, March 23, 2015 1:01 PM
To: CABFPub
Subject: Re: [cabfpub] Bylaw update proposal
Hi Dean,
On 03/23/2015 05:27 PM, Dean Coclin wrote:
Therefore, I’d like to suggest we add a number (7) to section (b), Applicants should supply the following information:
ADD:
“(7) For Issuing and Root CA applicants, provide a URL of at least one website visible on the public Internet which contains an SSL certificate issued by your Issuing CA.”
Is one web site enough to satisfy the requirement of ...actively issue certificates to Web servers... ? Or is there another measurement we could take and define?
--
Regards
Signer:
Eddy Nigg, COO/CTO
StartCom Ltd.<http://www.startcom.org>
XMPP:
startcom at startcom.org<mailto:startcom at startcom.org>
Blog:
Join the Revolution!<http://blog.startcom.org>
Twitter:
Follow Me<http://twitter.com/eddy_nigg>
_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150324/6c3853ca/attachment-0003.html>
More information about the Public
mailing list