[cabfpub] EV Gudelines section 9.2.5 & X.520

Rich Smith richard.smith at comodo.com
Wed Jul 13 11:08:50 MST 2016 

Ryan,
My suggestion was based purely on the fact that any documented use of 
these OIDs is, to the best of my knowledge, only in CA/B Forum work 
product, so it seemed a good idea to me, now that we can, to transition 
them to actually being CA/B Forum OIDs.  I don't have strong feelings on 
the matter, but I do think it makes things cleaner over the long haul, 
especially should we decide to add other related OIDs into future work 
product, to have them managed in house.  But I do take your point as to 
it being a lot of technical changes, both on browser/relying party side 
and CA side for what, at least at this moment in time, has pretty much 
zero need or payback aside from the above mentioned possible future 
'benefits'.
-Rich

On 7/13/2016 12:33 PM, Ryan Sleevi wrote:
>
>
> On Wed, Jul 13, 2016 at 10:26 AM, Rich Smith <richard.smith at comodo.com 
> <mailto:richard.smith at comodo.com>> wrote:
>
>     I don't have any concrete objection to these OIDs being maintained
>     under Microsoft's hierarchy, however as memory serves they were
>     put there because at the time the CA/B Forum did not have an OID
>     hierarchy of our own under which to create them.  Personally I
>     think it would be a good idea to duplicate these OIDs in house at
>     this point, and over time deprecate the use of the ones under the
>     Microsoft structure.  I don't think this is a pressing issue, and
>     probably not even strictly necessary, but I do see it as a matter
>     of good 'house-keeping'.  If they're under CA/B Forum control we
>     don't need to ask someone else to define them, and we don't have
>     to accept their definition if it's one we don't necessarily agree
>     with.
>
>
> I'm not sure I understand these last points, practically speaking.
>
> Why is it a matter of good-housekeeping? The counter-argument is it 
> sounds like NIH-syndrome.
>
> Why do we need to ask someone to define them, considering they're 
> defined already? Why do we need to worry about accepting the 
> definition, considering it's already been accepted?
>
> I'm explicitly opposed to the change as argued because it means 
> needless churn and complexity in software. If this were a fresh start, 
> I would be understanding - but even then, I'd be opposed to putting it 
> under a CA/B Forum arc 'simply because', if an alternative presented 
> itself. For example, if a member/vendor in possession of a small OID 
> arc were willing to 'donate' OIDs for future purposes that were 
> smaller, in their encoded form, then the OID arc of the CA/B Forum 
> (presently, 2.23.140, so I mean, it's unlikely but possible), then 
> great - let's do that instead.
>
> I'm also not opposed to moving to a CA/B Forum set of OIDs if there 
> were other compelling reasons to. But so far, it seems to solely be 
> about 'branding' than any concrete technical need. Am I missing something?
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160713/ecc64512/attachment.html

More information about the Public mailing list