[cabfpub] CA-Browser Forum conference call on January 7th - misissued certificates

Phillip Hallam-Baker philliph at comodo.com
Mon Jan 11 13:56:26 UTC 2016


> On Jan 8, 2016, at 1:00 PM, Ryan Sleevi <sleevi at google.com> wrote:
> 
> 
> 
> On Fri, Jan 8, 2016 at 4:26 AM, Sigbjørn Vik <sigbjorn at opera.com <mailto:sigbjorn at opera.com>> wrote:
> There were some concerns at yesterday's meeting that this ballot would
> make the CA/B Forum into a publisher of information, not just a
> standards organization. An alternative to ensuring public notification
> through a CA/B Forum operated mailing list, would be that CAs put a link
> in their CPS to where they will publish such information.
> 
> The downside is that there would then be no central offical list, but
> the information will still get out there. There might also be
> organizations which want to collect and publish a complete set from all CAs.
> 
> I hope this will allay concerns about the CA/B Forum being involved in
> the publications themselves.
> 
> This mostly seems like a way for CAs to avoid transparency; based on the current practices with respect to disclosing intermediates, it's clear that a number of CAs are having trouble following root program requirements with respect to disclosure and documentation.
> 
> I find it interesting that the CA/Browser Forum would have an entire workgroup dedicated to information sharing, but then be opposed to sharing information.

The issue is not the principle of sharing information but the question of who takes responsibility and whether they have the resources to ensure that the responsibility is carried out. CA/Browser forum doesn’t have a staff or any assets. The Web site is hosted pro bono. It isn’t necessary to be a member to operate as a CA.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160111/0db8c29f/attachment-0003.html>


More information about the Public mailing list