[Servercert-wg] Displaying secure sites to Internet users

Paul Walsh paul at metacert.com
Fri Nov 15 12:15:59 MST 2019


> This is a very long response, but it's not clear to me you read the related issues. I'm afraid much of what you said was unrelated, and so it's unclear to find out how this relates. It sounds like you may not have any suggestions for how CAs might better validate identity, which may further the idea that CAs are poorly placed to validate identity, and that the EV guidelines are woefully inadequate. There's always opportunities to discuss something new, but that seems to further emphasize that the CA/Browser Forum is hardly the place to do it, if many of the members don't have the necessary technological skills to articulate a clear and consistent identity validation process.

[PW] I’m not commenting on Christian’s words, but I will say this; it’s not wise or helpful to make assumptions about every CA on the basis of what one person or what one CA says or does. 

I certainly wouldn’t make assumptions about every browser vendor’s approach to privacy based on what Google does with Chrome. For example, Google is the *only* browser vendor trying to actively block web privacy proposals at the W3C, the Standards body you respect. [1] <https://www.cpomagazine.com/data-privacy/google-blocking-web-privacy-proposals-at-w3c/>

Kirk, I accept your request for me to write a problem statement. I would like to invite anyone on this list to contact me directly in confidence, or in the open, should they wish to help. I’m equally happy to write the first draft myself, even if it ends up being completely different post review. 

But I would like to kindly ask the Chair and other appropriate parties to engage with browser vendors to invite the right people to participate in this particular work. 

I’m assuming there’s no debate or vote required as this is one of the two main reason the forum exists. And I don’t anticipate a separate/new group either.

[1] https://www.cpomagazine.com/data-privacy/google-blocking-web-privacy-proposals-at-w3c/ <https://www.cpomagazine.com/data-privacy/google-blocking-web-privacy-proposals-at-w3c/>

- Paul

> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191115/b44e8b2a/attachment.html>

More information about the Servercert-wg mailing list