[cabfpub] RFC5280

Ryan Sleevi sleevi at google.com
Wed Feb 24 19:57:36 UTC 2016


On Wed, Feb 24, 2016 at 11:17 AM, Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:

> Thanks Ryan. I wouldn’t say these are proposals. Mostly questions about
> why things are set the way they are. I figured it’d be faster to ask here
> than do a lot of digging.
>
>
>
> #1 - Since we are only talking about browsers in the CAB Forum (as the
> browsers have made absolutely clear many times), does the forum care if it
> breaks non-browser software? Seems irrelevant at the current CAB Forum
> level.
>

While I can't speak for the Forum, we do.

Our concerns include:
- Making sure that browsers are not exposed to security risk from
non-browser use cases (whether payment terminals, S/MIME, or EID)
- Making sure that the amount of black magic / standards violation is kept
to a minimum, so that anyone that wishes to enter in to the browser market,
or be compatible with existing, doesn't have to invoke undocumented arcana
or learn all of the exceptions to the rules, unless there is strong
security benefit given the deployed market (e.x. nameConstraints as
non-critical).
- Within the confines of the first two, making sure that we don't break
other applications needlessly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160224/c7df0c7c/attachment-0003.html>


More information about the Public mailing list