[cabfpub] SAN private extensions pursuant specific SSL/EV Spanish ruled profile

Ryan Sleevi sleevi at google.com
Fri Jul 15 15:52:48 MST 2016 

On Thu, Jul 14, 2016 at 11:08 AM, Kirk Hall <Kirk.Hall at entrust.com> wrote:

> To my mind, the provisions of BR Sec. 8 and 9.16.3, and EVGL Sec. 8.1,
> could be interpreted as allowing the laws and regulations of Spain
> concerning certificate profiles and content to override the requirements of
> the BRs and EVGL.
>
>
>
> Accordingly, there may be no need for Spanish CAs to do anything
> differently as to the earlier certs – they can assert to their auditors
> that Spanish law and regulation is allowed to control on this issue, and so
> they are in full compliance because of BR Sec. 8 and 9.16.3, and EVGL Sec.
> 8.1.  See below.
>

However, as we discussed in person at the CA/B Forum meeting in Scottsdale,
there is an obligation of CAs to disclose these regulations so that the
Forum can be so informed.

While Chema has now done this (and Inigo had previously), it can't be
argued these are apriori conforming and in full compliance.

I'm struggling to find this in the minutes, but if you'll recall, Gerv and
I discussed various interpretations of this. For example, if a US CA were
presented with an order to ignore domain validation and, say, issue a
certificate for www.google.com, would the CA be argued to be in full
compliance with the BRs for doing so? We discussed questions about what it
meant for the Forum to be notified - is this a public mailing list, a
management list, etc. We discussed the hypothetical concern about
government-issued gag notices as well.

Unfortunately, none of this was minuted. However, thankfully Gerv sent a
public mail shortly thereafter, which at least helps me make sure I'm not
misremembering things (although I could totally be missing where it appears
on the minutes in
https://cabforum.org/2016/02/17/2016-02-17-minutes-of-f2f-meeting-37/ ) -
but you can read the thread at
https://cabforum.org/pipermail/public/2016-April/007465.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160715/59e6b64d/attachment.html

More information about the Public mailing list