[cabfpub] Misissuance of certificates

Doug Beattie doug.beattie at globalsign.com
Mon Jan 18 17:16:43 UTC 2016

I thought the BRs only applied to SSL certificates, are you proposing that CAs track and report on more than just SSL certificates?  That surely goes beyond the BRs and the scope of CABF.

I personally feel strongly that the CABF, as a standards forum, should be focused on improving security and defining strong standards, but that compliance is a completely different group.  This is why we have WT for CA audits and also root programs which can levy compliance and reporting requirements on CAs.  If the Root store operators and WT want to get together and lead the definition of a compliance monitoring standard/initiative that's fine, but I'm against CABF getting into that business. 


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Monday, January 18, 2016 12:01 PM
To: Sigbjørn Vik <sigbjorn at opera.com>; public at cabforum.org
Subject: Re: [cabfpub] Misissuance of certificates

On 18/01/16 11:58, Sigbjørn Vik wrote:
> No. The current understanding of the scope is all certificates 
> chaining to a root embedded in public browsers. A CA can choose itself 
> which roots are in scope, but not individual certificates.

Technically constraining it _does_ change some things. But if I remember correctly, those relate to other root program requirements, rather than to the BRs.

Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4289 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160118/4d7ed6e3/attachment-0001.p7s>

More information about the Public mailing list