[cabfpub] C=GR, C=UK exceptions in BRs

Ryan Sleevi sleevi at google.com
Fri Mar 17 13:12:29 MST 2017


On Fri, Mar 17, 2017 at 4:08 PM, Ryan Sleevi <sleevi at google.com> wrote:
>
> On Fri, Mar 17, 2017 at 3:01 PM, Dimitris Zacharopoulos <jimmy at it.auth.gr>
> wrote:
>>
>> The "spirit" of 9.16.3 is also to bring conflicting requirements to the
>> CA/B Forum to consider possible revisions accordingly. This is exactly what
>> I am doing, without violating the current BRs, but hoping that the CA/B
>> Forum will read this as a conflicting requirement which could be resolved
>> by adding a simple exception, without creating any risk in current
>> practices.
>>
>
For what it's worth - I agree with this sentiment, and it's worth
considering, separate of 9.16.3, whether to _revise_ the BRs to accomodate
this case. Such revisions must account for ambiguity. In many ways, the BRs
strive to eliminate the rampant ambiguity that existed due to CAs' various
practices, as a whole (since no two CAs really have the same CP/CPS), and
so we should strive, as much as possible, to unambiguously represent the
information that members see as valuable.

Of course, it might be that identity information in certificates is not
valuable, precisely because of ambiguities and conflicts that naturally
emerge from CAs. In that case, it might be worthwhile to simply stop trying
to represent identity information within certificates, and accept that
ambiguity, rather than try to carve it up. However, since the Forum values
identity information at present, it makes sense to opt for strictness as
much as possible, or to explicitly describe the deviations permitted and
assess their risk, as you propose doing and is worth at least discussing :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170317/f43b81d8/attachment.html>


More information about the Public mailing list