[cabfpub] Draft SMIME Working Group Charter

Ryan Sleevi sleevi at google.com
Mon Jan 28 13:31:32 MST 2019


On Mon, Jan 28, 2019 at 3:28 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> Because diverse and sometimes even contradictory root program requirements
> are not a good thing.  It seems like we should be able to reach agreement
> on what the minimum criteria should be, just as we have for TLS.
>

I'm not sure which part you're replying to, but the diversity of audit
requirements is already something we already have with TLS, and I don't see
any signs of that changing.

Perhaps you can help me understand how a normative membership requirement
on audits furthers that goal.


>
>
> -Tim
>
>
>
> *From:* Ryan Sleevi <sleevi at google.com>
> *Sent:* Monday, January 28, 2019 3:14 PM
> *To:* Tim Hollebeek <tim.hollebeek at digicert.com>
> *Cc:* Wayne Thayer <wthayer at mozilla.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> *Subject:* Re: [cabfpub] Draft SMIME Working Group Charter
>
>
>
>
>
>
>
> On Mon, Jan 28, 2019 at 2:44 PM Tim Hollebeek <tim.hollebeek at digicert.com>
> wrote:
>
> I’m fine with “or equivalent” exceptions for various use cases, as long as
> we specify what those are and they accomplish the same goals.  I do have
> strong opinions about how “*.gov” should be managed, specifically that I
> don’t think it’s possible to assure that the domain portion of the email is
> being consistently validated, absent some oversight by some independent
> entity.
>
>
>
> I suppose this will be a core part of the discussion, then. I will,
> however, note that ICANN has adopted a very different philosophy than you
> with respect to domain names, and similarly, Microsoft has recognized the
> distinction with how they manage their program. This also aligns with a
> variety of other technology and non-technology sectors, and is, perhaps, a
> core part of disagreement.
>
>
>
> Could you help me understand why, for purposes of CA/B Forum membership,
> you believe they should be overseen by someone that the CA/B Forum
> designates, rather than by an entity that a root program designates?
> Perhaps I'm missing why it's important to exclude these parties from the
> Forum, as that might help clarify the language.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190128/1be65f01/attachment-0001.html>


More information about the Public mailing list