[Servercert-wg] FW: [EXTERNAL] Soliciting feedback on potential changes to Qualified Website Authentication Certificates

Mike Reilly (GRC) Mike.Reilly at microsoft.com
Thu Feb 20 01:16:34 MST 2020


SCWG members:  forwarding the mail Ryan sent out on 15 January for review.  We will discuss this later today.  Thanks, Mike

From: Ryan Sleevi <sleevi at google.com>
Sent: Wednesday, January 15, 2020 12:01 AM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Cc: Mike Reilly (GRC) <Mike.Reilly at microsoft.com>; Wayne Thayer <wthayer at mozilla.com>; Clint Wilson <clintw at apple.com>; Yngve N. Pettersen <yngve at vivaldi.com>; Michael Markevich <mmarkevich at opera.com>; Andrew Whalley <awhalley at google.com>
Subject: [EXTERNAL] Soliciting feedback on potential changes to Qualified Website Authentication Certificates

Hi all,

As some members of the Forum are familiar, since 2015, representatives from a variety of operating system and browser vendors have been engaged in informal meetings with representatives from the Directorate-General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Cybersecurity (ENISA), and ETSI regarding the use and recognition of QWACs within these software vendors’ products. Many members likely recall the guest talk from Andrea Servida at the CA/B Forum F2F in Istanbul for Meeting 36, on eIDAS and its potential.

Recently, as an output of these informal meetings, discussion with various browsers and operating system vendors led to a proposal that may reduce the the interoperability challenges that TSPs face that prevent wider and interoperable use of QWACs with existing software, an ongoing pain point for those issuing QWACs.

This proposal is fairly lightweight, a very small change to the existing profile for QWACs, when embodied by ETSI ESI's set of documents, that is believed will facilitate easier interoperability of QWACs with existing software, as well as unlock new possibilities for the interoperable use of QWACs. It does so by removing a currently mandatory requirement for QWACs, making it an optional requirement instead, in order to promote greater interoperability and ease of use.

In consultation with DG CONNECT, we wanted to share this proposal, previously circulated among the aforementioned discussion participants, to gather wider feedback and input from CAs, both that are members of the Forum directly, as well as within respective member Root Programs but which may not yet be members of the Forum.

I've attached as a PDF that describes the proposal, as well as its context and history, which hopefully the new mailing list will not eat. If the attachment has issues and isn't delivered, I'll see what can be done to make it accessible for both Forum members and interested parties/non-members alike and will update this thread.

For Forum members as well as interested parties (aka, those who have posting privileges), the best way to send feedback would be on this list.

Alternatively, sending feedback to those included on the CC line, which have participated in these discussions, is a great way to make sure feedback is recorded and shared. It also works for those CAs that are not members with posting privileges that are subscribed to this list.

Thanks, and we look forward to folks' input!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200220/8afebbc7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Unified Technical Proposal and Q&A.pdf
Type: application/pdf
Size: 126432 bytes
Desc: Unified Technical Proposal and Q&A.pdf
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200220/8afebbc7/attachment-0001.pdf>


More information about the Servercert-wg mailing list