[cabfpub] [Ext] Re: List of which CAs use which methods from Section 3.2.2.4?

Paul Hoffman paul.hoffman at icann.org
Thu Jul 12 10:12:47 MST 2018


On Jul 12, 2018, at 12:51 PM, Wayne Thayer <wthayer at mozilla.com> wrote:
> Paul- can explain your use case for this information? That might help us determine if the proposal is worth pursuing.

There are communities who use certificates who trust some BR-allowed methods more than others. Some of the methods are more prone to BGP rerouting than others, for example.

At this point, I don't have any good estimates for them to indicate how many CAs use which method, much less how many certificates in common use are likely to use particular methods. As Ryan pointed out, transparency here is pretty low. That affects users' trust of CAs in general, and it would be grand if I could say "here's what the relying parties know about the certificates in use".

--Paul Hoffman


More information about the Public mailing list