[cabfpub] [Ext] Re: List of which CAs use which methods from Section 3.2.2.4?

Tim Hollebeek tim.hollebeek at digicert.com
Fri Jul 13 12:07:32 UTC 2018


Also, in response to "any good estimates", just so relying parties have more
public information on this important issue, I can mention that Method 1 is
(in our case, was) absurdly common; far more common than most people think.

The rest is pretty evenly scattered across the methods you would expect
(DNS, email, phone).

-Tim

> -----Original Message-----
> From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Paul
> Hoffman via Public
> Sent: Thursday, July 12, 2018 1:13 PM
> To: CA/Browser Forum Public Discussion List <public at cabforum.org>
> Subject: Re: [cabfpub] [Ext] Re: List of which CAs use which methods from
> Section 3.2.2.4?
> 
> On Jul 12, 2018, at 12:51 PM, Wayne Thayer <wthayer at mozilla.com> wrote:
> > Paul- can explain your use case for this information? That might help us
> determine if the proposal is worth pursuing.
> 
> There are communities who use certificates who trust some BR-allowed
> methods more than others. Some of the methods are more prone to BGP
> rerouting than others, for example.
> 
> At this point, I don't have any good estimates for them to indicate how
many
> CAs use which method, much less how many certificates in common use are
> likely to use particular methods. As Ryan pointed out, transparency here
is
> pretty low. That affects users' trust of CAs in general, and it would be
grand if I
> could say "here's what the relying parties know about the certificates in
use".
> 
> --Paul Hoffman
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://clicktime.symantec.com/a/1/1kVJSPrvPO1NCgx0TAV0VA7VwN2tHYzrrg
> ZPFB7WGRk=?d=96uoE8KZaLGQTDiYffuzulg9lgr5FtS5CUtwYRiZ-
> hiVoILZRr9Zv_CpIaGbzyTUterSqsHJwA-o5L-dE-MLjHl6aqJ5G5n-cjbkA_nWYKsl-
> 9bgJX3ZHnFvWIRARmLSdQSlvCHw5OlLs9CLcUoGG_hqUFzSTcdA_kTzRtt8VqAO
> q8fTSjwkDlBzwFHjKoIaUAZX6LZiJ3IOdgA4zWy3C3fTeV3oNRHddgupQ3VnzAam
> ELWcZ4BosSjIzYl6XKVSrwrHPSsnPwsd2EwVooGfv3ETn54xgRdqV14vGX7SthjcF
> CYRK_R76kq3vbuZ9d6ktyOH-
> 2dRHcpEKbDZDEDgJAechi5ZQYLgbNNF98FHBX6bIAHLs4u73Treoc0p3np8aTnpY
> _bh1H8cvxvLavOYrFnzpEW-
> tn8ZwOo5OOkBbGlr3UirdpvdBMkPNTiL7YhxnA%3D%3D&u=https%3A%2F%2F
> cabforum.org%2Fmailman%2Flistinfo%2Fpublic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180713/d144865d/attachment-0003.p7s>


More information about the Public mailing list