[cabfpub] Proposed Ballot 183 - Allowing 822 Names and (limited) otherNames

Ryan Sleevi sleevi at google.com
Tue Jan 3 20:53:58 UTC 2017

On Tue, Jan 3, 2017 at 12:46 PM, Jeremy Rowley <jeremy.rowley at digicert.com>

> There is a public file (in the link I provided), but it requires filling
> out information to access. It’s the HotSpot 2.0 Technical documentation,
> which includes the Certificate Policy (“Hostspot 2-0 (R2) OSU Certificate
> Policy Specification”).  The documentation is already free to anyone who
> wants to enter information and agree to the terms of use.

Ah, the many meanings of free ;) I suppose it wasn't clear that I was
talking more about freedom than beer there :)

> We essentially already have a liaison member from the WFA (DigiCert,
> Microsoft, Apple, and Google are all members).

I wouldn't put Google in that list - none of Google's CA/B Forum
participants participate in HotSpot 2.0 nor communicate developments on
either side of that profile to the other party. I would suggest, to date,
only DigiCert does, and only to the extent you've shared anything to the

Obviously, the context was that we shouldn't be introducing this to the Web
PKI unless we're sure we're not going to repeat all the same mistakes we're
currently going through the SHA-1 exception process - or at least trying to
learn from them. It would be foolish to ignore the feedback we've received
from those affected by SHA-1 when considering expanding that scope.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170103/2161b6e3/attachment-0003.html>

More information about the Public mailing list