[cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41 Agenda – Berlin

Rich Smith richard.smith at comodo.com
Thu Jun 15 09:03:05 MST 2017 

Ryan,

I’m not sure I see the point of hearing from those who have had no difficulty with our past timetables.  If they had no difficulties, then it seems, for them, our processes and timetables were perfectly acceptable, so what is it that we might learn from them, at least at this stage?  I think their feedback might be far more useful once we are all better informed as to the specific issues those who have had problems have faced.  At that point those who did not have a problem meeting our timetables might be able to look at the details and say, “Yes, we had a similar issue, but here’s how we solved it,” which would certainly be of benefit.  I just don’t see a lot of benefit of having someone come in at this point to say, “Everything is great for us, carry on.”

 

Regards,

Rich

 

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Wednesday, June 14, 2017 2:50 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>
Cc: Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41 Agenda – Berlin

 

Kirk,

 

While as you know, we are thrilled to see a proposal for greater participation of the public, a point that Google has supported for a number of years, but which TrendMicro and several other members of the Forum at the time opposed, it does bear highlighting that there's a selection bias being exercised. My hope is that by correcting for that selection bias, we might receive more useful, earnest, and valuable feedback for the Forum, if we are admitting that the Forum benefits from participation of more than just the CAs and browsers.

 

For example, you've proposed "major website users of certificates with complex infrastructures". We've previously heard from organizations who had difficulty replacing their SHA-1 certificates with SHA-256 certificates, but we did not afford much time for the many millions of users - and certificate holders - who either did not have such difficulty or who were put at risk from such difficulties.

 

My hope is that by being open in a way that is truly meaningful, we might have a more robust picture of the ecosystem. While I realize that major website users may represent CAs largest customers, either by volume or by cost, and thus there is a predisposition to those opinions, considering that we collectively are managing a global shared resource whose security is critical for the Internet, we should take into consideration a fullness of views.

 

As much as I appreciate your suggestion of a separate section, might I suggest that it might be more useful to focus on a single section, with open participation? That is, preselecting ontologies would only serve to alienate users, but it would seem your goal is a more robust participatory model.

 

On Wed, Jun 14, 2017 at 9:53 AM, Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> > wrote:

My intent is to allow major website users of certificates with complex infrastructures to tell us about their experiences with and comments on rule changes, and how they are implemented.  Right now, I’m not sure whether or not the enterprises will be available during our meeting, but if not we can schedule during a late teleconference call.

 

You can certainly approach this from another angle as well, and bring in users in general who have interesting and useful things to say to the Forum.  I think we still have some time slots available if you want to organize that as a separate session.  Let me know if you want to do that, and how much time you would like.

 

From: Ryan Sleevi [mailto:sleevi at google.com <mailto:sleevi at google.com> ] 
Sent: Wednesday, June 14, 2017 3:04 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Cc: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >


Subject: Re: [cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41 Agenda – Berlin

 

Kirk,

 

Could you clarify your intent? You mentioned "any other enterprise users" - but I believe the goal is certificate users in general (i.e. more broadly than just enterprise).

 

Is that correct?

 

On Tue, Jun 13, 2017 at 6:03 PM, Kirk Hall via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

I will present names and companies once their participation is confirmed.  Yes, at the Chair’s invitation, but I will additionally “invite” any other enterprise users others may propose to tell their stories.

 

I’d point out that over the years we have heard from many people and organizations at our meetings.  It’s been very useful.

 

From: Public [mailto:public-bounces at cabforum.org <mailto:public-bounces at cabforum.org> ] On Behalf Of Peter Bowen via Public
Sent: Tuesday, June 13, 2017 2:35 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Cc: Peter Bowen <pzb at amzn.com <mailto:pzb at amzn.com> >
Subject: Re: [cabfpub] [EXTERNAL]Re: CA/Browser Face to Face Meeting 41 Agenda – Berlin

 

 

On Jun 13, 2017, at 2:28 PM, Ryan Sleevi via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

 

 

 

On Tue, Jun 13, 2017 at 5:00 PM, Kirk Hall via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

On your first question - some major enterprise users would like to present their ideas and concerns about SSL certificate rules, changes, etc. from their perspective, which I know the browsers have wanted (rather than hearing it reported by the CAs who provide the certs to enterprise customers). 

 

To be clear: Several browsers have wanted open participation. I would suggest that having CA-selected participants, without explanation (as Gerv had to seek) is perhaps detrimental to the productive dialog, in as much as it allows the Chair - and CA members - to favour particular viewpoints to the detriment of the overall ecosystem.

 

Might I suggest that it might not be appropriate? 

 

I think we should welcome hearing from certificate users directly.

 

Kirk: Can you provide a list of certificate users who will be presenting, including their affiliation?  I’m assuming they are attending the F2F at the invitation of the Chair.

 

Thanks,

Peter


_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 
https://cabforum.org/mailman/listinfo/public

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170615/3823e482/attachment-0001.html>

More information about the Public mailing list