[cabfpub] Fwd: automation Re: Draft Ballot 186 - Limiting the Reuse of Validation Information
gerv at mozilla.org
Sat Feb 4 09:44:18 UTC 2017
Forwarding as requested.
-------- Forwarded Message --------
Subject: automation Re: [cabfpub] Draft Ballot 186 - Limiting the Reuse
of Validation Information
Date: Fri, 3 Feb 2017 17:59:58 +0100
From: Jürgen Brauckmann <brauckmann at dfn-cert.de>
Organisation: DFN-CERT Services GmbH
To: CA/Browser Forum Public Discussion List <questions at cabforum.org>,
Dimitris Zacharopoulos <jimmy at it.auth.gr>
CC: Gervase Markham <gerv at mozilla.org>
Gervase Markham via Public schrieb:
> Right. So my point is, we should be moving the ecosystem towards
> automation for certificate renewals.
> My view is that CAs would be serving their customers well if it were
> arranged that any customer could renew all of their certificates in a
> matter of hours if necessary.
Thats not necessarily only on the CAs. The hardest support cases are
certificates for fancy expensive boxes by Cisco et al (don't want to
particulary pick on Cisco, they are all the same in regards to
certificates). It hurts to install certificates on them, and nobody
likes to touch them because it creates operational risks.
Letsencrypt has done a really great job to show how automation works
with apache, nginx.
How is that automation supposed to spread to those fancy boxes?
The current discussions can lead to a situation where CAs and users are
squashed between browsers and vendors of those boxes. Maybe the vendors
move, maybe they don't.
[My be reposted to public list, thanks]
More information about the Public