[cabf_validation] May 24 Validation WG Meeting Notes

Thu May 24 09:24:08 MST 2018

Attendees: Tim Hollebeek, Ben Wilson, Bruce Morton, Corey Bonnell, Doug
Beattie, Robin Alden, Shelley Brewer, Tim Shirley, Tyler Myers, Frank
Corday, Joanna Fox, Kirk Hall, Li-Chun Chen, Cecilia Cam

Invited Interested Party: James Burton

1. Discuss proposal from Arno and Nick about the ETSI usage or
organizationIdentifier (OID 2.5.4.97) - neither Nick or Arno was on the
call, so this item was deferred
2. Draft ballot for improving EV - Chris Bailey -
https://cabforum.org/pipermail/validation/2018-May/000882.html
* James asked why 18 months?
* Chris answered that 18 months is a middle ground, starting point.
* James asked why not more checks such as F2F for new companies. It’d be
better than banning companies completely
* Tim - we oppose the 18 months of existence requirement
* Ben - is 18 months a hard and fast requirement? Chris - yes. Ben - Legal
existence or operational existence? Wayne - ballot says Legal. Ben - why
not just make that the only requirement for establishing operational
existence? Tim - then I just have to register my fake company and wait 18
months.
* Wayne - likes the idea of giving young companies some alternative path
than waiting 18 months, but not convinced that there is a method that would
work. Ben - we just need to discuss what that would be? A bank account?
* James - for a young company, why not validate the individual? Chris -
validating an individual is is hard, and not allowed for EV. James - I’m
talking about using the individual to establish the legitimacy of the
company.
* James - what about companies that you can buy for 22 GBP that have been
in existence for a while and come with a bank account? Chris - these
“warmed up” companies could be used to get an EV cert in their original
name, but changing the name should trigger additional requirements.
3. Validation summit outputs: (
https://docs.google.com/document/d/1aJiOzYVTpoAPVWDucnp20cTO2PR_cRsHncvkhlrcR10/edit?usp=sharing
)
* Bruce’s ballot proposal - need to work on that
* Tim - actively working on short-term fix for GDPR compliant email
validation
* Doug’s ballot proposal - with WHOIS going away due to GDPR, seems less
important but still contains some good concepts. Doug will update the
proposal.
* Tim - need someone to volunteer to take other ideas from Validation
Summit and put them into one or more ballots. Wayne - could we break up
into smaller groups at the F2F to work on individual methods? Tim - let’s
take 30 mins from future calls to focus on specific methods. Then spend
time at the F2F on other topics
4. F2F Prep - what topics do we want to discuss?
* Chris - what about Bruce & Tim’s WHOIS/GDPR ballot?
* Tim - we're short on time, so let’s discuss the agenda on the list
5. GDPR
* Kirk - this has been a highly contested topic at ICANN, leading to their
recently published interim plan. Kirk doesn’t see anything happening that
will open up the data to CAs. Kirk made an argument that CAs should have
“researcher” access but he received no response.
* Tim - RDAP deadline is later this year, but it’s just the RDAP protocol
accessing the available data. The implementation date is for
unauthenticated access, so it doesn’t help much.
* Tim & Kirk - it’s unlikely that CAs can make any progress on data access
via ICANN
* Tim - working with registrars to implement obfuscated email is a more
productive approach. Chris - doesn’t work well for larger companies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180524/0bb8b0d3/attachment.html>