[cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements

Ryan Sleevi sleevi at google.com
Wed Mar 1 05:27:41 UTC 2017


Google votes NO

In voting no, we recognize it is an important task to resolve, and we are
appreciative of the effort that has gone in so far, as this has been no
simple matter. Unfortunately, we believe that many of these proposals
meaningfully and measurably alter the Baseline Requirements in ways that
are detrimental to security or clarity.

Should this Ballot fail, as we believe these issues are significant enough
that we hope other CAs and Browsers carefully consider the impact, we look
forward to continuing the discussions during our next F2F about effective
strategies on how to address these issues in a way that best meets the
goals of all participants.

In reviewing the discussions, to better understand and appreciate the
intent behind the various proposals found within this Ballot, it's quite
clear that suggestions such as those offered in
https://cabforum.org/pipermail/policyreview/2016-November/000358.html would
have significantly avoided these issues, while still achieving their goal
of providing greater clarity for both CAs and auditors.

Unquestionably, our biggest concern with this ballot is the apparent and
significant divergence in approach from the underlying specifications of
X.509 and RFC 5280. From the replies, this was clearly intentional to
choose terminology that conflicts, but as a consequence, creates issues not
just through the Baseline Requirements, but in the application of these
specifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170228/53fd690a/attachment.html>


More information about the Public mailing list