[cabfpub] Ballot 213 - Revocation Timeline Extension

Ryan Sleevi sleevi at google.com
Wed Sep 20 00:26:59 UTC 2017


On Mon, Sep 18, 2017 at 11:02 AM, Gervase Markham <gerv at mozilla.org> wrote:

> On 13/09/17 21:01, Ryan Sleevi via Public wrote:
> > So it seems reasonable - and important - to bring transparency to that.
>
> How about this? The BRs require that there be a report and that it be
> published (somewhere) - mandating transparency. And we can make a
> Mozilla root program requirement that "the report produced by the CA
> under section X.X.X of the BRs should be posted to m.d.s.p." or similar.
>
> That keeps the BRs in their place without overreaching, doesn't require
> the CABF to be an accumulator of information, and yet also makes sure
> all the reports end up in an analyzable place.
>
> Does that work?
>

Hi Gerv,

I appreciate your suggestion of a solution, but I'm not quite sure I
understand your concerns. Apologies for that, but it would be great if you
could elaborate why you feel it may be "overreaching". I had hoped my
explanation provided context how it's both relevant and applicable to the
activities of the CA/Browser Forum, and independent of any particular Root
Stores perspective.

As you personally known from efforts related to disclosures of CP, CPS, and
issued certificates, simply mandating transparency (for example, of CAA
domains, or of issued certificates) has been shown to be fundamentally
insufficient for the needs, hence why Mozilla has done things such as
require disclosure via its CA communications or the CCADB.

In this context, I think it's useful to consider what is fundamentally a
very simple proposal:
- the CA/B Forum can establish a list that allows publishing of such reports
- The Baseline Requirements require posting such results to that list

This allows the CA/B Forum to affirmatively self-regulate in this respect -
no external dependencies on other parties - while also providing a
consistent and reliable technical solution to achieving that transparency.

This seems very simple and easy, and given Mozilla's efforts for broader
transparency and greater consistency, uncontroversial, so I'm sure there
must be some concern of yours that I'm not understanding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170919/50e149ec/attachment-0003.html>


More information about the Public mailing list