[cabfpub] [EXTERNAL] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft

Gervase Markham gerv at mozilla.org
Thu Apr 27 16:57:52 UTC 2017


On 27/04/17 01:58, Kirk Hall via Public wrote:
> Ryan, no I wasn’t out of the room when you and Gerv were speaking (why
> would you ask something like that?), 

Perhaps because he wants to not attribute any malice to your claims that
you are entirely unfamiliar with this discussion, and therefore it has
to be restarted to bring you up to speed? :-)

> and I’m aware that a particular
> non-US DTP made mistakes in domain verification (and apparently its
> audit was not sufficient).  But failure of one DTP and one audit does
> not mean that all DTPs and all audits have failed, and if I understand
> correctly, Google and Mozilla are holding the CA that used the DTP
> responsible for the problems.  So I’m not sure why that isn’t sufficient. 

Because the audit of this DTP was not reported to us in the normal
course of operations; it came to light only somewhat by chance.
Therefore, we have no assurance of the scope of this problem.

As noted previous, no CA at the face-to-face said this would be a
problem for them, so unless there were CAs not in attendance who would
like to make their feelings known, I hope that the principle of this
ballot will not prove problematic. (Yes, we need to fix the Enterprise
RA case.)

Gerv



More information about the Public mailing list