[cabfpub] Ballot 105 Technical Constraints for Subordinate Certificate Authorities yielding broader and safer PKI adoption.

Ryan Hurst ryan.hurst at globalsign.com
Fri Jul 19 18:42:38 UTC 2013


I agree, the problem Microsoft is concerned with here is the decision to require the new OCSP behavior (which I believe they voted for) all this one clause does is lessen the impact of that prior decision in a sane way and does not preclude lessening the impact further via another ballot.

If folks want to revisit he date for the OCSP behavior change I would understand why and depending on the nature of the proposal I would likely be in support but that seems orthogonal to this ballot.

Ryan Hurst
Chief Technology Officer
GMO Globalsign

twitter: @rmhrisk
email: ryan.hurst at globalsign.com
phone: 206-650-7926

Sent from my phone, please forgive the brevity.

On Jul 19, 2013, at 8:42 PM, Gervase Markham <gerv at mozilla.org> wrote:

> On 18/07/13 19:23, Tom Albertson wrote:
>> I wanted to comment on the question of industry support for Section
>> 13.2.6, which this ballot builds upon. We may want to consider amending
>> it now instead of proceeding further with the language in 13.2.6, as
>> this ballot does.  In fact ballot 105 compounds our earlier error in
>> dictating product design details to OCSP responder vendors without
>> thinking very heavilyabout the impact.
> 
> I would say it does the opposite; it reduces the impact of the earlier
> change by making fewer OCSP responder operators need to care about the
> need to hook up to a cert DB.
> 
> Of course, one person's "product design details" is another person's
> "accurate security information" :-)
> 
>> It’s our collective mistake –
>> let’s not make it worse.
> 
> I disagree it was a mistake, but if it was, this change makes it better,
> not worse :-)
> 
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2098 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130719/ef00b577/attachment-0001.p7s>


More information about the Public mailing list