[cabfpub] Does the CA/Browser Forum provide guidance on the Baseline Requirements?

Ryan Sleevi sleevi at google.com
Sat Feb 25 02:54:42 UTC 2017


Recently, a question was received from an auditor requesting clarification
from the CA/Browser Forum about a specific requirement in the Baseline
Requirements.

At least two long-standing members advanced a position that the role of the
Forum is not to provide guidance or advice on the interpretation of the
Baseline Requirements. In effect, that it is up to individual readers - or,
for the sake of CAs, auditors - to determine what is meant by these
Requirements and how to apply them.

These members suggested that any guidance the Forum offers is non-binding,
in that it is ultimately up to auditors to determine what is meant.

I am deeply concerned and dismayed by such an answer, and expressed this to
these members. I believe that this is a core role of the CA/Browser Forum:
To ensure the Requirements are clear and unambiguous whenever possible, to
provide guidance as to the intent and interpretation when necessary, and to
strive to resolve any ambiguity in the documents themselves whenever
possible.

I'm curious if any other members share the viewpoint that the Forum does
not and should not provide guidance as to the meaning or intent with
respect to the documents, and if so, how best we can correct and resolve
this difference of viewpoints regarding the role and obligation of the
Forum.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170224/26b00128/attachment-0002.html>


More information about the Public mailing list