[cabfpub] Potential F2F Topics
Peter Bowen
pzb at amzn.com
Tue Oct 4 17:25:26 UTC 2016
Li-Chun,
If we removed the lines with “X520” from section 9.2.5 of the EV guidelines and added the following, would your concerns expressed in the Word document you attached be addressed?
id-evat OBJECT IDENTIIER ::= {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 311 60 2 1 }
id-evat-jurisdictionCountryName AttributeType ::= { id-evat 3 }
jurisdictionCountryName ATTRIBUTE ::= {
SUBTYPE OF name
WITH SYNTAX CountryName
SINGLE VALUE TRUE
LDAP-SYNTAX countryString.&id
LDAP-NAME {"jurisdictionC"}
ID id-evat-jurisdictionCountryName }
id-evat-jurisdictionStateOrProvinceName AttributeType ::= { id-evat 2 }
jurisdictionStateOrProvinceName ATTRIBUTE ::= {
SUBTYPE OF name
WITH SYNTAX DirectoryString {ub-state-name}
SINGLE VALUE TRUE
LDAP-SYNTAX directoryString.&id
LDAP-NAME {"jurisdictionST"}
ID id-evat-jurisdictionStateOrProvinceName }
id-evat-jurisdictionLocalityName AttributeType ::= { id-evat 1 }
jurisdictionLocalityName ATTRIBUTE ::= {
SUBTYPE OF name
WITH SYNTAX DirectoryString {ub-locality-name}
SINGLE VALUE TRUE
LDAP-SYNTAX directoryString.&id
LDAP-NAME {"jurisdictionL"}
ID id-evat-jurisdictionLocalityName }
Thanks,
Peter
> On Oct 4, 2016, at 9:23 AM, 陳立群 <realsky at cht.com.tw> wrote:
>
> I also want to hear the discussion of those 3 topics proposed by Gervase. As for my proposed topic on Oct 20, please see attached powerpoint file for discussion 1. Thanks for my colleague to use English windows to capture the image of details in subject DN of an EV SSL certificate.
>
> For example, could below partial DN of detailed information of an EV SSL certificate in https://github.com/
>
>
> 1.3.6.1.4.1.311.60.2.1.2 = Delaware
> 1.3.6.1.4.1.311.60.2.1.3 = US
> 2.5.4.15 = Private Organization
>
> Change to
>
> Jurisdiction of State or Province = Delaware
> Jurisdiction of Country= US
> Business Category= Private Organization
>
> I think it will be helpful for relying party to see the detailed information of this EV SSL certificate.
>
> It will greatly improve user experience to browser a important site installed by an EV SSL certificate
>
> For above topic, Could the browser vendors' representatives help to ask the programming team if/when this request is met?
>
> If there is time on October 20, for discussion 2 I have not finished the powerpoint file, but I have post the issue, please see attached word file. To solve EV Guideline section 9.2.5 using the proprietary Microsoft OIDs that don’t appear in X.520 and RFC 5280 as current EVGL's sentences to represent the level of the Incorporating Agency or Registration Agency, let's collect CAs' and Browsers' opinions.
>
> Sincerely Yours,
>
> Li-Chun CHEN
>
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Dean Coclin
> Sent: Tuesday, October 04, 2016 3:17 AM
> To: Gervase Markham; CABFPub
> Subject: Re: [cabfpub] Potential F2F Topics
>
> IPR is topic 13 on the agenda.
>
> CAA has been added. I put your name and Rick's on the list as discussion leaders.
>
> Google CT can be discussed in their browser update.
>
> Regarding Li-Chun's proposed topic on browser UIs, I'd let him present what he has to say before passing judgement.
>
> Thanks
> Dean
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
> Sent: Monday, October 03, 2016 10:26 AM
> To: CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Potential F2F Topics
>
> On 01/10/16 17:00, Peter Bowen wrote:
>> I haven’t seen much recent activity on topics for the F2F. It looks
>> like we still have most of the second day with placeholders to be
>> filled in.
>
> I would like to discuss the following topics:
>
> 1) IPR process. Is there any appetite in the Forum for changing the IPR rules to allow post-vote review (and, if the review turns up something, having the ballot be put in abeyance) rather than the current pre-vote review? I feel this would make the work of the Forum proceed much faster (as IPR review can happen in parallel with CAs preparing to implement the change), and it optimises for the common case, which is that no IPR declarations are filed.
>
> This could be discussed in the IPR WG but perhaps it would be better discussed in the whole forum to see if there was sufficient interest in making this change. Perhaps members could consult their legal counsel before the meeting to see what issues this might raise and how they could be solved.
>
> 2) CAA. Again. I think that we need to get to a place where we decide to have a ballot on CAA, and it should be the ballot with the greatest chance of passing. If it fails, it fails, but at the moment we just keep revisiting the issue and having to have the discussion again from scratch. So I'd like to have some time with the explicit goal of working out what form of CAA ballot is most likely to command the support of the forum. (TBH, if only 20 sites in the Alexa top 1M are using it, I doubt any CA should worry that it will end up being a restraint of trade!)
>
> 3) I'd like to hear from Google if they have any update on the timing of their plans for requiring CT in other parts of the ecosystem. As they are the ones running a large proportion of the servers, and whose browser has the most advanced implementation, we expect them to be the first to make such a requirement. I'd also, for my own interest, love to hear about their and others' experiences running CT logs, how difficult it has proved to be in practice to run one with 99%+ uptime, whether people are meeting various performance criteria and so on.
>
>
> Of course, saying I'd like these matters discussed doesn't necessarily mean I'm the right person to be responsible for the discussion. I'd be happy to lead 1), but 2) and 3) would be someone else.
>
> It's good that we now have an established practice of nominating discussion leaders for each slot. It would be good if the discussion leader for each slot could, _before_ we assemble, state in a couple of sentences what the goal of that slot is. If the chairman could perhaps try and elicit such statements from the relevant people, I feel sure that would enhance our efficiency.
>
> I would also note that there is currently an item on the agenda "Potential change to browser UI for Subject DN". It is a long-accepted truth that the CAB Forum does not place requirements on browser UI. It may be worth making that clear again now, so that we can use that time for other items.
>
> Gerv
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
> 本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
> Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
>
>
> <EVGLsection9.2.5_RFC5280_X.520.docx><Chunghwatelecom-cabforum20161020v1.pptx>_______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list