[cabfpub] Voting on Ballot 218

Tim Hollebeek tim.hollebeek at digicert.com
Tue Jan 30 07:27:13 MST 2018


> There have been no cases of misissuance using Method 1 over roughly 20
years

 

You guys have been told repeatedly that you have no evidence this statement
is true.  You need to stop saying it.

 

The truth is it is extremely hard to "misissue" a certificate using method
1, precisely because it is so weak.  Some of the certificates issued using
method 1 probably went to people they shouldn't have gone to.  We have no
idea how many, because the CAs used method 1, which doesn't validate much!

 

Symantec issued lots of certificates in full compliance with method 1 that
DigiCert would never have issued.  Attempting to spin that into a rosy
picture of 20 years of wonderfulness is a huge stretch.

 

-Tim

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180130/ed7439b7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180130/ed7439b7/attachment.p7s>


More information about the Public mailing list