[cabf_validation] Validation WG meeting minutes 2019-10-10

Ryan Sleevi sleevi at google.com
Sun Oct 13 09:12:11 MST 2019 

On Sun, Oct 13, 2019 at 10:25 AM Stephan Wolf <Stephan.Wolf at gleif.org>
wrote:

> Ryan,
>
>
>
> I leave it with the minute taker to go back to the recording.
>

Thanks.

This is somewhat unfortunate, since it means the proposed edits create
significantly more work, as you're insisting that you said these things,
but such is life.

We'll need someone to go over the recording to see if you said these things
and if they're accurately represented. I had hoped the explanation and
context might have avoided this, or led to corrections or clarifications
which might not require going back to the recording to confirm, but if you
feel that these views were captured on the call and not the minutes,
despite the concerns raised, then we can go and evaluate if that was the
case.


> I am still of the opinion that you have not answered my question why the
> inclusion of an LEI could cause security issues for the browser and its
> users.
>

While I don't want to conflate the minutes with a continuing discussion, I
can understand you're not satisfied with the answer, despite the many
attempts, from many people, publicly and privately, to explain to you the
concerns. Given how many people have engaged, publicly and privately, with
GLEIF to express and explain these concerns, I do agree that it's unlikely
that we'll make further progress with here, and that ultimately, it will be
up to browser root programs as to whether to accept the risk posed and to
permit that CAs within their respective programs to issue such
certificates. It does seem that we've likely exhausted the insight GLEIF
can provide, relative to the question of "why" in certificates, and it
seems we should continue that discussion to resolution. It also seems that
GLEIF does not have opinions on the validation aspect, which is essential
should they be allowed, and so if they are allowed, that will remain
something for the Forum to independently set.

Again, I think there's great benefit in LEIs, but that benefit does not
exactly transcribe to certificates, particularly when they cause real,
meaningful, and lasting harm to a more secure, more agile, more robust Web
PKI.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20191013/89413e05/attachment.html>

More information about the Validation mailing list