[cabfpub] Potential F2F Topics
gerv at mozilla.org
Mon Oct 3 07:05:27 MST 2016
On 01/10/16 17:00, Peter Bowen wrote:
> The Network and Certificate Systems Security Requirements (NCSSR)
> were discussed at the last F2F but it was kind of dropped. What
> challenges are CAs finding? Are there places where they are not
> clear or where they can be interpreted to ban practices the Forum
> feels are appropriate? As they are a separate document from the BRs,
> do trust store maintainers expect that all CAs (whether for SSL or
> not) are audited as meeting the requirements or do they only apply to
> “SSL” CAs?
Mozilla's current view on this document is that we are not convinced
that the CAB Forum is the right body to be maintaining a document with
these contents. We feel network security is very important, but best
practices change much faster than the document has.
If anyone wanted to take up the task, we would support replacing it with
references to guides maintained by better-qualified parties.
More information about the Public