[cabfpub] Return of SRV names

Tim Hollebeek tim.hollebeek at digicert.com
Fri Mar 2 23:42:08 UTC 2018 

No problem, I knew what you meant.  I just wanted to fish the topic out of your long email and emphasize it.

 

Since I’m on a plane on a Friday afternoon, and need some mindless work, I collected some references to refresh people’s memories:

 

https://cabforum.org/pipermail/public/2016-April/007402.html

https://cabforum.org/pipermail/public/2016-September/008473.html

https://cabforum.org/pipermail/public/2017-January/009104.html

https://cabforum.org/pipermail/public/2017-January/009105.html

https://cabforum.org/pipermail/public/2017-January/009114.html

https://cabforum.org/pipermail/validation/2016-June/000319.html

 

Maybe on my flight on Tuesday I’ll have time to actually READ the links instead of just collecting them and posting them 😊

 

-Tim

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Friday, March 2, 2018 9:24 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>; Paul Hoffman <paul.hoffman at icann.org>
Subject: Re: [cabfpub] [Ext] BR Authorized Ports, add 8443

 

For sure. Apologies if that was worded confusing - we're hugely supportive of SRVNames, but solving the technical and policy issues around them is thorny and will require technical expertise, and I think most of the technical expertise of the Forum has been otherwise occupied by a number of more pressing matters (adoption of Certificate Transparency, strengthening of validation methods, reducing certificate lifetimes, etc)

 

On Fri, Mar 2, 2018 at 11:20 AM, Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> > wrote:

We’re willing to continue talking through those issues in an attempt to reach a solution.  I do think SRVNames would be a useful improvement.  For us, the lack of movement has had more to do with time constraints than technical constraints!

 

While SRVNames do offer a way to scope the authority to a particular service (on any port), there's been no movement towards adopting them in the CA/Browser Forum, due to the issues they would have with technically constrained sub-CAs. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180302/58e3fe5a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180302/58e3fe5a/attachment-0001.p7s>

More information about the Public mailing list