[cabfpub] Ballot 190
Ryan Sleevi
sleevi at google.com
Mon May 1 08:02:44 MST 2017
On Mon, May 1, 2017 at 8:41 AM, Gervase Markham via Public <
public at cabforum.org> wrote:
>
> > 2. On the idea of marker of some sort in new certs indicating whether or
> > not a newly-issued cert had been validated (or revalidated) in
> > accordance with the methods in Ballot 190 – how do you see users
> > actually using this information?
>
> Forgive me; I've not noticed anyone suggest this. Who did?
>
I did. It allows users to make an informed decision of the trustworthiness
of the information presented in the certificate, much like EV policy OIDs
and OV policy OIDs reportedly provide a stronger level of assertion.
Given the significant benefits it can bring to help identifying and
remedying certificate issues - much like technically identifying RAs - this
seems entirely within the realm of a significant improvement to ecosystem
security, with minimal impact to existing CAs. That is, they would only
need to do so for newly issued certificates, and hopefully CAs at least
have the existing technical capability to identify when they're reusing
information or how they're validating it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170501/77a89d78/attachment.html>
More information about the Public
mailing list