[cabfpub] Ballot 213 - Revocation Timeline Extension
Gervase Markham
gerv at mozilla.org
Wed Oct 11 10:03:37 UTC 2017
On 10/10/17 17:53, Ryan Sleevi wrote:
> Do you see a problem with the BRs requiring it be posted to a CABF list?
> That is, could you elaborate on what the advantages are of having
> multiple root programs require disclosure versus providing a central
> clearing house?
Well, from our perspective, we'll want it posted where we want it
anyway. Making the CAB Forum maintain a list (which can be posted to by
any CA, not just members, and so has to be spam-proofed, moderated etc.)
just seems like work that someone would have to do that would be of no
value to us.
> I see - so your position is that even in the existence of a mechanism to
> centrally disclose such events, you would still require independent
> disclosure?
Yep.
> Would you agree that there is separate value from having a root store
> disclosure (which can affect how the root program itself behaves with
> respect to a particular member) versus having an open, public disclosure
> in a vendor-neutral way (which can allow for improvements to the BRs and
> identifying problematic scenarios in a vendor-neutral way)?
I think improvements to the BRs will be driven by the root programs
anyway, so I'm not seeing significant value (and I do see significant
work for someone) in a vendor-neutral list. But if you can find someone
to run it, I wouldn't vote against a ballot which required it.
Gerv
More information about the Public
mailing list