[cabfpub] Ballot 185 - Next steps
sleevi at google.com
Fri Feb 24 07:59:32 UTC 2017
On Thu, Feb 23, 2017 at 10:41 PM, Dimitris Zacharopoulos <jimmy at it.auth.gr>
> As for the feedback, I didn't see any attempts from the CA/B Forum to
> organize something specific about this topic in order to get more feedback.
> Yes, we've been discussing it for three years but nobody did anything about
> it. I understand that each CA could create a questionnaire and send it to
> its customers, and browsers could have a public polls, etc. However, as we
> all know in such surveys, the way questions are formulated might "lead"
> people to specific answers. Even if that was the case, and CAs/Browsers had
> independent surveys, it would be very hard to compare the results. This is
> why we proposed agreeing on a "CA/B Forum questionnaire", roll it out in
> -say- a month, wait 2 months (or even less) for feedback and evaluate the
> results. Is anyone opposed to this?
1) Who do you see sending this to? It sounds like you think only site
operators, but that clearly has problematic biases.
2) How do you collect the results? If it goes through any member, they can
easily skew results?
3) How do you correct for methodological biases?
These aren't easy questions. Running a meaningful survey is not something
that takes a month, especially not at the speed of the Forum. Consider
validation methods took _two years_ to find consensus on what are all
common sense improvements - because it's hard to get the wording right.
So thank for you clarifying the position on 27 months. I hope Peter's
restating of my point explains the position and why 13 months is really not
something we can go beyond. I understand why as a CA you may not see it as
more secure, but as a browser, it's critical for our security and the
security of our users.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public