[cabfpub] Draft Agenda for CA-Browser Forum conference call on January 7th

Gervase Markham gerv at mozilla.org
Thu Jan 7 15:16:27 UTC 2016

On 07/01/16 08:28, Sigbjørn Vik wrote:
> In the event that a CA issues a certificate in violation of these
> requirements, the CA SHALL publicly disclose a report within one week of
> becoming aware of the violation.

Technically, of course, no-one has to obey the BRs - they have to obey
root program rules, which may incorporate the BRs by reference.

I would be interested to hear from CAs as to whether they would prefer
disclosure requirements such as this to be centralised in the BRs or
whether they would prefer them to be defined by each root program.

> public at cabforum.org SHALL be informed about the report. If the CA cannot
> post directly, it SHALL inform questions at cabforum.org, and the CA/B
> Forum chair SHALL forward to the list.

The reason I ask this is that (as far as I am aware, although I may well
have missed something) currently the BRs are independent of the CAB
Forum itself - i.e. the text makes no reference to the Forum's
organizational structures. This ballot would change that. Is anyone
concerned that this change might lead to problems?


More information about the Public mailing list