[cabfpub] Preballot - Revised Ballot 190

Gervase Markham gerv at mozilla.org
Wed May 17 18:23:21 UTC 2017


On 17/05/17 18:04, Ryan Sleevi via Public wrote:
> I totally appreciate that sentiment, but you realize one area of the
> concern and issues has been the proposal - made by Kirk, Gerv, and
> Jeremy - to allow the reuse of insecurely-validated domain names. 

This is why I am proposing this. Not because I like it, but because CAs
have not kept records of which method was used, any per-method variance
would require them to redo all validations. (And I'm not up for
requiring every CA to redo every validation, either, and it wouldn't
pass even if I was.) So we sigh, grandfather everything in one last
time, and make it a requirement that CAs record the method used so that
in future, we can do method-specific rules.

What's the alternative proposal, given that many or most CAs can't do
per-method rules right now?

Gerv




More information about the Public mailing list