[cabfpub] Ballot 190

Ryan Sleevi sleevi at google.com
Fri Apr 28 13:09:27 UTC 2017

On Fri, Apr 28, 2017 at 1:32 AM, Kirk Hall <Kirk.Hall at entrustdatacard.com>

> One other comment.  Remember that for the last few months, new Methods 1-4
> and 7-10 were actually included under Method 11 “any other method” after
> Ballot 181’s effective date, and that situation will continue until the
> effective date of Ballot 190.  Also, the same is true for any validations
> that followed old Method 7 “any other method” prior to the effective date
> of Ballot 169.  So be very careful in saying anything in Ballot 190 that
> would invalidate validations done prior to Ballot 190 under “any other
> method” so long as they complied with any of Methods 1-10 of the new
> methods or Methods 1-6 of the old methods.
> I would be open to saying that any prior vetting done under old Method 7
> or more recent Method 11 “any other method” must be revalidated upon the
> effective date of Ballot 190 IF they did not follow EITHER Methods 1-6 (as
> the existed before Ballot 169) or Methods 1-10 (as put forward in Ballot
> 169).  In other words, the ONLY validations that have to be redone before
> the expiration of the re-use period are validations that were done that did
> not comply with either old Methods 1-6 or new Methods 1-10.  That should
> flush out any unknown and unsecure validations that occurred in the past.

Not quite, because if you recall, Google's interest in reforming these
began with the fact that a website demonstration of control was not secure.
That is, under pre-169 is not acceptable.

Kirk, given your support for other forms of indicating that a CA has
performed extra diligence, such as the inclusion of OV certificates, would
you be supportive in general of a means of expressing, within a
certificate, conformance with the 'new' validation methods, so that
subscribers can have assurances of the security?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170428/92b8ff20/attachment-0003.html>

More information about the Public mailing list