[cabfpub] Posted on behalf of customer
sleevi at google.com
Thu Dec 15 23:24:58 UTC 2016
On Thu, Dec 15, 2016 at 3:18 PM, Eric Mill <eric at konklone.com> wrote:
> I don't think First Data's suggestion is all that misleading.
> The process explicitly asks for the subscriber's CA to post to the CABF
> public list, a CABF-members-only forum:
> The Forum has consented to host this discussion process in its closed
> environment, initiated by CAs that are Forum members. While individual
> decisions are made by individual root stores, the decision making *process*
> is clearly, to me, a Forum process. And while perhaps reasonable members of
> the Forum may disagree that it is a Forum process, it is definitely going
> to be *perceived* as a Forum process by everyone outside the Forum, and
> that perception matters.
I think it's crucially important to dispell - every time it occurs or is
represented as so - the suggestion it's a Forum process. The choice of the
Forum of the venue was solely predicated on the basis of a pre-existing
public mailing list for which some (more active) root stores participate on.
Would it be a Google process if it was a public group hosted on Google
groups? Would it be a Giganews process if it had been hosted on an NNTP
newsgroup? Would it be a Github process if we simply created a Github
project with pull requests for SHA-1 issuance? The Forum is not the
responsible party, the public list simply serves as a technical means of
So yes, the Forum doesn't make the final decision, and indeed there is not
> one final decision. But from an applicant's perspective, they are
> approaching the Forum and asking for an answer, and then the answer affects
> their business. The Forum and its members should be sensitive to the
> overall impact and perception of their actions.
>From an applicant's perspective, they are approaching their CA.
Their CA is acting on their behalf, in a publicly transparent manner, for a
series of questions.
The choice of a public list is to provide both transparency and
accountability - for the CA and for the root stores - and in doing so,
reduces the work for the CA.
This is why it's critical to correct any misunderstandings that would
otherwise suggest it's a Forum process. It is not.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public