[cabfpub] Ballot 213 - Revocation Timeline Extension

Jeremy Rowley jeremy.rowley at digicert.com
Wed Sep 13 12:10:52 MST 2017


Sure, but I plan on uploading all these to the Mozilla dev list.  Emailing the CAB Forum as well seems like duplicative effort, especially since the emails aren’t going to be readily collaborated.  If the CABForum is going to collect the problem reports, some format other than email would be much better for data collection.

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Wednesday, September 13, 2017 1:04 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Ballot 213 - Revocation Timeline Extension

 

 

 

On Wed, Sep 13, 2017 at 2:52 PM, Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com> > wrote:

I agree with the goal of getting this information out there, and using the CAB Forum this way seems in scope. Per the bylaws: “Members of the CA/Browser Forum have worked closely together in defining the guidelines and means of implementation for best practices as a way of providing a heightened security for Internet transactions and creating a more intuitive method of displaying secure sites to Internet users.” (Section 1)

 

However, I’m struggling to see why the CAB Forum would want to collect this info as a requirement rather than allowing CAs to submit the information voluntarily when there are questions.  Usually, we require the location of the disclosure be set in the CPS/CP, not as an email to the CAB Forum.  Shouldn’t we follow that format here?

 

Because this is an industry problem - and it's one that is either facilitated by or stymied by the collective Baseline Requirements and Root Program Requirements.

 

Our goals in Internet Security should be to establish a consistent baseline in the application of policies and practices. While we can disclose those in CP/CPS, that doesn't do anything to align consistency or promote information sharing. What we're discussing about is sharing information related to the challenges of adhering to the minimum required policies and practices, so we can improve both.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170913/8380a5ff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4984 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170913/8380a5ff/attachment.p7s>


More information about the Public mailing list