[cabfpub] [EXTERNAL] Bylaw interpretation: root store membership required?

Kirk Hall Kirk.Hall at entrustdatacard.com
Tue Apr 11 16:35:15 UTC 2017

As I think about it, maybe include language that a CA member must "own or control" at least one root (or sub-root) trusted by at least one browser member, as some CAs may rent but not own their root (or sub-root).

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham via Public
Sent: Tuesday, April 11, 2017 8:26 AM
To: CABFPub <public at cabforum.org>
Cc: Gervase Markham <gerv at mozilla.org>
Subject: [EXTERNAL][cabfpub] Bylaw interpretation: root store membership required?

The CA membership criteria say a member CA is one which:

"actively issues certificates to Web servers that are openly accessible from the Internet using a browser created by a Browser member".

What does "openly accessible" mean? Does it mean that the CA is included in at least one browser member's root store? After all, a website with a cert from an untrusted CA is still accessible in each of the browser member's browsers, after clicking through a warning.

If it does mean that, I need to update my membership ballot to take account of the fact that being in at least one root store is a membership criterion. I believe that in the past we've treated this as being a criterion for full membership, but it's not explicitly in there, so I wanted to check.

Public mailing list
Public at cabforum.org

More information about the Public mailing list