[cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

Ryan Sleevi sleevi at google.com
Wed Apr 26 18:12:03 MST 2017


On Wed, Apr 26, 2017 at 8:58 PM, Kirk Hall <Kirk.Hall at entrustdatacard.com>
wrote:

> Exactly, Geoff – that was my thinking.
>
>
>
> Ryan, no I wasn’t out of the room when you and Gerv were speaking (why
> would you ask something like that?),
>

Hi Kirk,

I didn't ask if you were, I mentioned that you were out, for part of the
discussion. I mentioned this because you requested that I explain the
motivation, but we did this at great length at the F2F, at least part of
which you were out of the room.


> and I’m aware that a particular non-US DTP made mistakes in domain
> verification (and apparently its audit was not sufficient).  But failure of
> one DTP and one audit does not mean that all DTPs and all audits have
> failed, and if I understand correctly, Google and Mozilla are holding the
> CA that used the DTP responsible for the problems.  So I’m not sure why
> that isn’t sufficient.
>

Unfortunately, I'm afraid you don't understand correctly. However, I don't
want that to cause us to rathole on the "why", when we can spend our time
so much more productively discussing the "How".

I'm hoping that, in the spirit of making meaningful substantive
contributions, that we can assume, for sake of discussion, that neither
Gerv and I are mistating the difficulty - that it is difficult, and that it
won't happen in a timely fashion to the security concerns, and that the
present process has a number of deficiencies - do you believe this ballot
would cause any harm to Entrust's operations that we should be aware of? Do
you believe this would present difficulty to adopt?

If so, that's useful and constructive feedback.
If not, that's also useful and constructive feedback.

By focusing on the impact to Entrust, and Entrust only, it allows us to
have a productive and thoughtful exchange of ideas, rather than worrying
about hypotheticals that might affect non-participant CAs that may, or may
not, exist.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170426/0b1fa0b8/attachment.html>


More information about the Public mailing list