[cabfpub] Preballot - Revised Ballot 190

Ryan Sleevi sleevi at google.com
Thu May 18 14:28:54 UTC 2017


On Thu, May 18, 2017 at 10:16 AM, Gervase Markham <gerv at mozilla.org> wrote:

> On 17/05/17 19:33, Ryan Sleevi wrote:
> > On Wed, May 17, 2017 at 2:23 PM, Gervase Markham <gerv at mozilla.org
> > <mailto:gerv at mozilla.org>> wrote:
> >     What's the alternative proposal, given that many or most CAs can't do
> >     per-method rules right now?
> >
> > The proposed extension would be simply that the CAs which haven't
> > maintained those records can still signal a BR version 1.4.2 (or 1.4.1
> > or equivalent). As they gather/complete such records, they can signal a
> > BR version 1.4.x.
>
> You misunderstand me. If you want different data reuse rules (a separate
> question from encoding BR version in the certs), what would they be and
> how would they work? Or are you happy with the data reuse rules proposed?
>

I'm suggesting that we can support the data reuse rules as proposed -
arguably, a weakening of the current requirements - provided that we also
specify a way for CAs to affirmatively attest that they have not reused
problematic data.

This seems to provide a reasonable compromise - it permits insecure
practices, provided that CAs are transparent about them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170518/a2ffd32f/attachment-0003.html>


More information about the Public mailing list