[cabfpub] Posted on behalf of customer
Eric Mill
eric at konklone.com
Thu Dec 15 16:18:51 MST 2016
On Thu, Dec 15, 2016 at 5:26 PM, Ryan Sleevi via Public <public at cabforum.org
> wrote:
>
>
> On Thu, Dec 15, 2016 at 2:05 PM, Dean Coclin via Public <
> public at cabforum.org> wrote:
>
>> The below was written by FD and I am posting on their behalf:
>>
>>
>>
>> When we requested our certificates previously, there was general
>> acknowledgment in the forum that December 31 was the most difficult time
>> for these certificates to expire. Even so, our request was limited so that
>> the certificates were set to expire at this time and others were extended
>> into 2017. The only justification for the difference in treatment was
>> unrelated to the application itself. We believe that the coordinated
>> decision to grant different extension dates was inappropriate for the
>> members of the CA/B Forum who are competing entities acting as a standards
>> setting organization. This individualized decision effectively prevents
>> merchants from reaching one provider over another.
>>
>
> To be clear: The CA/Browser Forum does not grand exceptions. Individual
> root stores do. And if a *single* root store disagrees to accept such a
> change, a CA issuing such a cert does so at their own peril of being
> removed from that root store for non-compliance with that root store.
>
> So the suggestion of coordination is both factually and materially
> incorrect and misleading, based on a misunderstanding of the exception
> process.
>
I don't think First Data's suggestion is all that misleading.
The process explicitly asks for the subscriber's CA to post to the CABF
public list, a CABF-members-only forum:
https://github.com/awhalley/docs-for-comment/blob/master/
SHA1RequestProcedure.MD#step-one-request
The Forum has consented to host this discussion process in its closed
environment, initiated by CAs that are Forum members. While individual
decisions are made by individual root stores, the decision making *process*
is clearly, to me, a Forum process. And while perhaps reasonable members of
the Forum may disagree that it is a Forum process, it is definitely going
to be *perceived* as a Forum process by everyone outside the Forum, and
that perception matters.
So yes, the Forum doesn't make the final decision, and indeed there is not
one final decision. But from an applicant's perspective, they are
approaching the Forum and asking for an answer, and then the answer affects
their business. The Forum and its members should be sensitive to the
overall impact and perception of their actions.
-- Eric
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
--
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20161215/8a7f3d9c/attachment.html>
More information about the Public
mailing list