[Servercert-wg] Displaying secure sites to Internet users

Ryan Sleevi sleevi at google.com
Sun Nov 17 16:04:21 MST 2019


On Sat, Nov 16, 2019 at 1:07 PM Kirk Hall via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> It’s clear from the discussion so far that there is lively interest by
> Members and Associate Members in the Forum’s stated Purpose of “***
> defining the guidelines and means of implementation for best practices as a
> way of *** creating a more intuitive method of displaying secure sites to
> Internet users.”  Bylaw 1.1..Some Members may not support this effort, but
> they have the option of simply not participating and letting others proceed.
>

I do believe this is fairly misrepresentative of the discussion to date.

There's certainly been no discussion about what Entrust proposed, or the
flaws of it. We've seen two interested parties express some interest in
tangentially-related things, but I think it's a fairly significant, and
flawed, mischaracterization, both in the nature of membership and the
nature of the discussion, especially since the discussion to date hasn't
even involved the suggestions.

Especially given that the discussion is how such work is outside of our
charter, I think it might be more prudent to continue discussion on a basic
problem statement, and perhaps a discussion of our past history in the
Forum. While I appreciate Entrust's attention to the Bylaws, as has been
pointed out several times, that's severely misrepresenting things as well.

We have, however, identified venues for those who would like to promote
ideas, which would have the necessary experts. We have also identified
several opportunities, within the scope of our charter and Bylaws, for CAs
to contribute to much-needed improvements to the existing Guidelines. I
look forward to seeing efforts at proposing ballots that ensure that,
regardless of the CA issuing the certificate, Relying Parties can be
confident in the assurance provided. We unfortunately know that, today, the
EV Guidelines simply don't provide that assurance, and the audits simply
don't provide the necessary oversight, and we know that those are necessary
preconditions before even beginning to discuss some of the items Entrust
Datacard has proposed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191117/d5bc7046/attachment-0001.html>


More information about the Servercert-wg mailing list