[cabfpub] Application for SHA-1 Issuance
Ryan Sleevi
sleevi at google.com
Mon Jul 25 14:25:39 MST 2016
On Mon, Jul 25, 2016 at 2:20 PM, Rob Stradling <rob.stradling at comodo.com>
wrote:
> IINM, both Gerv and Ryan indicated (or at least strongly implied) that
> rigid construction was a prerequisite for their (Mozilla's and Google's)
> approval of TSYS's request. Did I misread something?
>
>From https://cabforum.org/pipermail/public/2016-July/008096.html
"Certificates whose contents are entirely predictable or in line with
precedent would also be acceptable; but it seemed like there were
several questions about that floating around, and doing the serial
numbers by strict construction makes them all moot. If you want to try
dealing with all the questions about the contents instead, you are
welcome to try."
> Also, I don't see the relevance of "strong consensus". AIUI, there must
> be unanimous agreement. If just one root program operator rejects
> TSYS's request, then you can't issue the SHA-1 certs. Similarly, if
> just one root program operator says rigidly constructed serial numbers
> are required, then you can't use random serial numbers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160725/abaad811/attachment.html
More information about the Public
mailing list