[cabfpub] Ballot 105 Technical Constraints for Subordinate Certificate Authorities yielding broader and safer PKI adoption.
Gervase Markham
gerv at mozilla.org
Fri Jul 19 16:42:40 UTC 2013
On 18/07/13 19:23, Tom Albertson wrote:
> I wanted to comment on the question of industry support for Section
> 13.2.6, which this ballot builds upon. We may want to consider amending
> it now instead of proceeding further with the language in 13.2.6, as
> this ballot does. In fact ballot 105 compounds our earlier error in
> dictating product design details to OCSP responder vendors without
> thinking very heavilyabout the impact.
I would say it does the opposite; it reduces the impact of the earlier
change by making fewer OCSP responder operators need to care about the
need to hook up to a cert DB.
Of course, one person's "product design details" is another person's
"accurate security information" :-)
> It’s our collective mistake –
> let’s not make it worse.
I disagree it was a mistake, but if it was, this change makes it better,
not worse :-)
Gerv
More information about the Public
mailing list