[cabfpub] Pre-ballot on membership requirement update

Dean Coclin Dean_Coclin at symantec.com
Sun Mar 27 16:58:45 UTC 2016


This was the original charter of the forum but it's something that this
working group will be re-looking at.

Dean

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Benedikt Heintel
Sent: Sunday, March 27, 2016 6:53 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Pre-ballot on membership requirement update

Reading this pre-ballot, I just wondered why the CA/B Forum limits its
membership to participants that issues certificates at least to Web servers
(vulgo HTTPS certificates).

There might be specialized CAs offering client, code signing, or object
certificates only possible to comply with the BR standards but not entitled
to apply for membership.

Are there any reasons for this limitation?

Regards
Benedikt

> With the tentative endorsements by Trend and Mozilla, the ballot reads 
> as follows:
> 
>  
> 
> Background:
> 
> Section 2.1 (a)(1) says that Issuing CAs "actively issue certificates 
> to Web servers."
> 
>  
> 
> Section 2.1(b) of the bylaws lists the items needed in a membership 
> application by CAs.
> 
> But that section does not ask the CA applicant to provide a 3^rd party 
> website where the CA/B Forum can validate that they are actively 
> issuing certs to web servers.  We do however ask the applicant this 
> question, after they have submitted their application. It would be 
> helpful to have this in the bylaws so we don't have to go back and ask
every time.
> 
>  
> 
> Specific change:
> 
>  
> 
> Add under 2.1(b)
> 
> (7) The URL of at least one third party website that is using includes 
> a certificate from issued by the Applicant CA which can be examined by 
> Forum membersin the certificate chain.
> 
>  
> 
> Any other comments?
> 
> Dean
> 
>  
> 
>  
> 
> *From:* public-bounces at cabforum.org 
> [mailto:public-bounces at cabforum.org]
> *On Behalf Of *Dean Coclin
> *Sent:* Thursday, March 17, 2016 11:29 AM
> *To:* CABFPub <public at cabforum.org>
> *Subject:* [cabfpub] Pre-ballot on membership requirement update
> 
>  
> 
> I am looking for 2 endorsers for the following:
> 
>  
> 
> Background:
> 
> Section 2.1 (a)(1) says that Issuing CAs "actively issue certificates 
> to Web servers."
> 
>  
> 
> Section 2.1(b) of the bylaws lists the items needed in a membership 
> application by CAs.
> 
> But that section does not ask the CA applicant to provide a 3^rd party 
> website where the CA/B Forum can validate that they are actively 
> issuing certs to web servers.  We do however ask the applicant this 
> question, after they have submitted their application. It would be 
> helpful to have this in the bylaws so we don't have to go back and ask
every time.
> 
>  
> 
> Specific change:
> 
>  
> 
> Add under 2.1(b)
> 
> (7) The URL of at least one third party website that is using includes 
> a certificate from issued by the Applicant CA which can be examined by 
> Forum membersin the certificate chain.
> 
>  
> 
> Thanks,
> Dean
> 
>  
> 
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160327/5250798e/attachment-0001.p7s>


More information about the Public mailing list