[cabfpub] Ballot 106 - Extended deadline to prohibit OCSP good response for non-issued certificates

Robin Alden robin at comodo.com
Fri Jul 26 09:25:36 UTC 2013 

Comodo ABSTAINs from voting.

 

It is regrettable that this deficiency of OCSP should remain exploitable
with responders apparently being used by some CAs almost two years after
exactly this same flaw was plugged at DigiNotar as part of the response
to the breach there.

We understand that the BRs should not set unattainable standards, but
feel that more rapid progress should be made.

We would vote in favour of future motions to shorten the timescale in
which this deficiency should be addressed.

We will vote against future motions to lengthen the timescale in which
this deficiency should be addressed.

 

Regards
Robin Alden

Comodo

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org]
On Behalf Of Ben Wilson
Sent: 23 July 2013 17:44
To: public at cabforum.org
Subject: [cabfpub] Ballot 106 - Extended deadline to prohibit OCSP good
response for non-issued certificates

 

Ballot 106 - Extended Deadline to Prohibit OCSP "Good" Response for
Non-Issued Certificates

 

Given that several CAs have notified the CA/Browser Forum that they will
be unable to comply with the 1-August-2013 deadline by which OCSP
responders MUST NOT respond with a "good" status for unissued
certificates, and that a one-year extension of this deadline is an
appropriate timeframe by which these CAs should be able to come into
compliance;

 

Kelvin Yiu made the following motion, and Eddy Nigg from StartCom,  Ryan
Hurst from GlobalSign,  and Iida Yosiaki from SECOM [snip] endorsed it: 

etc

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130726/f2808b1b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5246 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130726/f2808b1b/attachment-0001.p7s>

More information about the Public mailing list