[cabf_validation] [EXTERNAL]Re: Making progress on disclosures of data sources
Ryan Sleevi
sleevi at google.com
Thu Apr 23 06:56:57 MST 2020
On Thu, Apr 23, 2020 at 1:19 AM Stephan Wolf <Stephan.Wolf at gleif.org> wrote:
> If it helps, on GLEIF’s registration authorities list you’ll find 5
> Swedish offices suited for validation.
>
>
> https://www.gleif.org/en/about-lei/code-lists/gleif-registration-authorities-list
>
Yes, we previously discussed that - the message from me you're replying to
had some links to that past discussion.
There was even discussion about whether or not it's appropriate to use
GLEIF's list wholesale, shared both on the list and during our recent F2F
in Bratislava. The concern is that the set of objectives with respect to
Incorporating Agency and Registration Agency are somewhat different than
GLEIF's RA list, and so while there's probably an 80% or more overlap,
that's not 100%. The objective, which despite certain posts on the list was
otherwise uncontroversial, as to get to a point where we could offer
Relying Parties the same certainty, and consistency, and LEI ensures all of
its LOUs offer.
In the end, whether or not the CA/Browser Forum is able to succeed as an
organization, and whether CAs are able to be trusted to provide information
about organizations, is largely dependent upon the ability to self-regulate
and address the pernicious data quality issues, including the selection of
data sources. Our goal here is to try and collaboratively move to a model
of unambiguous requirements, where all CAs consistently provide a baseline
level of quality and service. We've been trying, for half a year now, in
response to the wide industry trends, to get to a point where CAs disclose
their sources used, and that we can make progress on an approach similar to
GLEIF, and potentially in collaboration with GLEIF and other international
organizations.
However, thus far, all attempts at voluntary disclosure have been rebuffed,
except for DigiCert. Despite commitments from other CAs in the past,
including GlobalSign and Entrust Datacard, that they would work to disclose
their data sources, we've not made progress. This ballot is an attempt to
make forward progress here, while affording CAs the same flexibility in
judgement and selection that they have today, but with simply added
transparency to improve trust and build better industry awareness and
understanding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20200423/acf419e6/attachment.html>
More information about the Validation
mailing list