[cabfpub] Bergamo F2F Agenda Item

Tue May 14 15:43:17 UTC 2024

On 14/5/2024 6:36 μ.μ., Inigo Barreira wrote:
>
> I don´t have any issue to discuss this at the forum plenary but the 
> main difference between the TLS and the other cert types is the 
> accountability these have because being in the CT logs and anyone can 
> check/review. But, go ahead.
>

CT is not in the TLS BRs so they are not so much related. I also don't 
understand what you mean by "accountability" because all CAs are 
accountable for all types of publicly-trusted certificates they issue 
(TLS, Code Signing, S/MIME), and they all have -similar- rules for 
revocation.

Thanks,
Dimitris.

> *De:*Public <public-bounces at cabforum.org> *En nombre de *Dimitris 
> Zacharopoulos (HARICA) via Public
> *Enviado el:* martes, 14 de mayo de 2024 17:28
> *Para:* Ben Wilson <bwilson at mozilla.com>
> *CC:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Asunto:* Re: [cabfpub] Bergamo F2F Agenda Item
>
> CAUTION: This email originated from outside of the organization. Do 
> not click links or open attachments unless you recognize the sender 
> and know the content is safe.
>
> On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:
>
>     Hi Dimitris,
>
>     There appears to be an open slot on the F2F agenda - Wed. May 29th
>     at 9:05 a.m.  I was thinking we could use that time to discuss
>     revocation timelines and balancing the security provided by
>     revocation with the security/stability needed to support critical
>     infrastructure. In other words, we could discuss BR section 4.9.1
>     and  concerns about disruption of global/national operations in
>     banking/finance, transportation, government, telecommunications,
>     healthcare, and other key areas where certificate revocation might
>     cause key systems to fail.
>
>     Should I put this topic in that open slot on the wiki?
>
>     Thanks,
>
>     Ben
>
>
> Hi Ben,
>
> I think that would be great. I assume you will be leading this session.
>
> I think it's a great opportunity for CAs with past experience on 
> delayed revocations to share some insight about specific challenges in 
> the sectors you listed, and possibly add some that are missing.
>
> FYI, public evidence for delayed revocation incidents (open and 
> closed, based on specific tags) is available in this link 
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fbuglist.cgi%3Ff1%3DOP%26f4%3DCP%26v2%3Dca-compliance%26f2%3Dstatus_whiteboard%26o2%3Dallwordssubstr%26component%3DCA%2520Certificate%2520Compliance%26query_format%3Dadvanced%26list_id%3D17029100%26bug_status%3DNEW%26bug_status%3DASSIGNED%26bug_status%3DREOPENED%26bug_status%3DRESOLVED%26v3%3Ddelayed-revocation%2520leaf-revocation-delay%26resolution%3D---%26resolution%3DFIXED%26resolution%3DINVALID%26resolution%3DWONTFIX%26resolution%3DDUPLICATE%26resolution%3DWORKSFORME%26o3%3Danywordssubstr%26f3%3Dstatus_whiteboard&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C359a894ee455450d700308dc742a7c05%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638512973035813492%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ksZzBYz0sq06L0qwEvCZcdOe3UTCuUO5%2F4m8sn%2FIZgw%3D&reserved=0>.
>
> Although you mentioned that this affects the BR section 4.9.1, this 
> topic affects all Working Groups because all the WG BRs have a section 
> 4.9.1 that is pretty much similar with the TLS BRs. With that said, I 
> would like to ask if Members have any objections for discussing this 
> topic as part of the Forum plenary.
>
>
> Thank you,
> Dimitris
> CA/B Forum Chair
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20240514/78442edb/attachment.html>