[cabfpub] Draft Agenda for CA-Browser Forum conference call on January 7th

Doug Beattie doug.beattie at globalsign.com
Thu Jan 7 04:16:28 MST 2016 

Do we have a clear definition of what we mean by mississued?  For the most
part I understand, but here's one topic I'm not sure about: Peter posted a
list of certificates didn’t exactly follow proper encoding of IP addresses,
are all of these in violation of the BRs and would these need to be
reported?
 
https://docs.google.com/spreadsheets/d/1lJt-1tkgKcbw5woEr4-tcpqB-M-HKwjFNSdX
2jla2EU/edit#gid=1516961828

Doug




-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Sigbjørn Vik
Sent: Thursday, January 7, 2016 3:28 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Draft Agenda for CA-Browser Forum conference call on
January 7th

Some background on the misissuance ballot, before the discussion in the
meeting today.

This proposal has several intended benefits, and publication of misissued
certificates is key to achieving these:
* Openness and transparency benefits the industry at large, in particular in
getting the public to trust it.
* Full details allows researchers to look for patterns and find weak spots,
or tempting targets.
* It allows e.g. browsers to implement targeted protections.
* It allows stakeholders to better understand what happened, and ask
relevant follow-up questions.
* It allows CAs to learn from each other, which will strengthen the overall
industry.
* It gives CAs a real incentive to avoid misissuance.
* It gives subscribers a way to check on CAs past history.
* It gives subscribers an incentive to pick secure CAs over cheap CAs.

The ballot proposal:

2.2.1 Notification of incorrect issuance

In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation.

public at cabforum.org SHALL be informed about the report. If the CA cannot
post directly, it SHALL inform questions at cabforum.org, and the CA/B Forum
chair SHALL forward to the list.

The report SHALL publicize details about what the error was, what caused the
error, time of issuance and discovery, and public certificates for all
issuer certificates in the trust chain.

The report SHALL publicize the full public certificate, with the following
exception: For certificates issued prior to 01-Mar-16 the report MAY
truncate Subject Distinguished Name fields and subjectAltName extension
values to the registerable domain name.

The report SHALL be made available to the CAs Qualified Auditor for the next
Audit Report.


On 06-Jan-16 18:43, Dean Coclin wrote:
> I’ve added one item to the agenda during the former open slot.
> 
> 
> Dean
> 
>  
> 
> *From:* public-bounces at cabforum.org 
> [mailto:public-bounces at cabforum.org]
> *On Behalf Of *Dean Coclin
> *Sent:* Tuesday, January 05, 2016 10:10 AM
> *To:* CABFPub <public at cabforum.org>
> *Subject:* [cabfpub] Draft Agenda for CA-Browser Forum conference call 
> on January 7th
> 
>  
> 
> Here is the agenda for the first Forum call of 2016. We have one open 
> slot if someone has anything new to discuss.
> 
>  
> 
> *Note: Please announce yourself when dialing in. This helps in 
> documenting attendance when recording is played back later.*
> 
>  
> 
> /Antitrust Statement/: As you know, this meeting includes companies 
> that compete against one another. This meeting is intended to discuss 
> technical standards related to the provision of existing and new types 
> of digital certificates without restricting competition in developing 
> and marketing such certificates. This meeting is not intended to share 
> competitively-sensitive information among competitors, and therefore 
> all participants agree not to discuss or exchange information related to:
> 
> (a)  Pricing policies, pricing formulas, prices or other terms of 
> sale;
> 
> (b)  Costs, cost structures, profit margins,
> 
> (c)   Pending or planned service offerings,
> 
> (d)  Customers, business, or marketing plans; or
> 
> (e)  The allocation of customers, territories, or products in any way.
> 
>  
> 
>  
> 
> * *
> 
> *Here is the proposed agenda:*
> 
> / /
> 
>  
> 
> *Time*
> 
> 	
> 
> *Start(UTC)*
> 
> 	
> 
> *Stop*
> 
> 	
> 
> *Slot*
> 
> 	
> 
> *Description*
> 
> 	
> 
> *Notes / Presenters*
> 
> *(Thur) 7th January 2016*
> 
> 	
> 
>  
> 
> 0:01
> 
> 	
> 
> 16:00
> 
> 	
> 
> 16:01
> 
> 	
> 
> 1
> 
> 	
> 
> *Read Antitrust Statement *
> 
> 	
> 
> Robin
> 
> 0:02
> 
> 	
> 
> 16:01
> 
> 	
> 
> 16:03
> 
> 	
> 
> 2
> 
> 	
> 
> *Roll Call*
> 
> 	
> 
> Dean
> 
> 0:01
> 
> 	
> 
> 16:03
> 
> 	
> 
> 16:04
> 
> 	
> 
> 3
> 
> 	
> 
> *Review Agenda*
> 
> 	
> 
> Dean
> 
> 0:01
> 
> 	
> 
> 16:04
> 
> 	
> 
> 16:05
> 
> 	
> 
> 4
> 
> 	
> 
> *Approve Minutes of 10 Dec 2015*
> 
> 	
> 
> Sent by Dean on Dec 21st
> 
> 0:05
> 
> 	
> 
> 16:05
> 
> 	
> 
> 16:10
> 
> 	
> 
> 5
> 
> 	
> 
> *Upcoming Policy WG Ballots*
> 
> 	
> 
> Ben
> 
> 0:15
> 
> 	
> 
> 16:10
> 
> 	
> 
> 16:25
> 
> 	
> 
> 6
> 
> 	
> 
> *Any further discussion on LV certs?*
> 
> 	
> 
> Jeremy and potential guest speaker
> 
> 0:10
> 
> 	
> 
> 16:25
> 
> 	
> 
> 16:35
> 
> 	
> 
> 7
> 
> 	
> 
> *Proposed “Mis-issuance” Ballot from Opera*
> 
> 	
> 
> Sigbjorn
> 
> 0:05
> 
> 	
> 
> 16:35
> 
> 	
> 
> 16:40
> 
> 	
> 
> 8
> 
> 	
> 
> *Discussion of “generic names” as mentioned in BR 7.1.2.2.h*
> 
> 	
> 
> *Dean*
> 
> 0:05
> 
> 	
> 
> 16:40
> 
> 	
> 
> 16:45
> 
> 	
> 
> 9
> 
> 	
> 
> *PAG Status? and upcoming ballot*
> 
> 	
> 
> Ben
> 
> 0:05
> 
> 	
> 
> 16:45
> 
> 	
> 
> 16:50
> 
> 	
> 
> 10
> 
> 	
> 
> *Validation Working Group* *Status Update and proposed ballots*
> 
> 	
> 
> Jeremy/Kirk
> 
> 0:02
> 
> 	
> 
> 16:50
> 
> 	
> 
> 16:52
> 
> 	
> 
> 11
> 
> 	
> 
> *Code Signing Working Group* *Status: Ballot results and next steps*
> 
> 	
> 
> Dean
> 
> 0:02
> 
> 	
> 
> 16:52
> 
> 	
> 
> 16:54
> 
> 	
> 
> 12
> 
> 	
> 
> *Policy Review Working Group Status Update*
> 
> 	
> 
> Ben
> 
> 0:02
> 
> 	
> 
> 16:54
> 
> 	
> 
> 16:56
> 
> 	
> 
> 13
> 
> 	
> 
> *Information Sharing Working Group Update*
> 
> 	
> 
> Ben
> 
> 0:03
> 
> 	
> 
> 16:56
> 
> 	
> 
> 16:59
> 
> 	
> 
> 14
> 
> 	
> 
> *Any Other Business – Bilbao date adjustment, update on Feb F2F 
> meeting*
> 
> 	
> 
> Dean
> 
> 0:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 15
> 
> 	
> 
> *Next teleconference scheduled for Jan 21st.  *
> 
> 	
> 
> 0:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 17:00
> 
> 	
> 
> 16
> 
> 	
> 
> *Adjourn*
> 
> 	
> 
> 
>  
> 
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 


--
Sigbjørn Vik
Opera Software
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4289 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160107/0f8d96db/attachment-0001.bin

More information about the Public mailing list