[cabfpub] Ballot 193 - 825-day Certificate Lifetimes

Ryan Sleevi sleevi at google.com
Thu Mar 2 02:43:52 UTC 2017


On Wed, Mar 1, 2017 at 4:50 PM, Ryan Sleevi <sleevi at google.com> wrote:

> It's unclear whether you disagree with the substance of my analysis, and
> are thus stating it was intentional to weaken the Baseline Requirements, or
> if you're simply providing clarification for the intent, for which the
> weakening of the Baseline Requirements was unintentional?
>
> If this was unintentional, we can work to resolve this in a way that
> achieves the intended resolve. However, if this was intentional, we will
> continue to disagree, and thus will find it necessary to vote against this
> ballot. I can only hope that, like Ballot 188, this was merely an
> unintentional side-effect, and hopefully one we can resolve through
> collaboration.
>

In the ever-optimistic hope that such issues were unintentional, I have
created five new threads to discuss distinct and specific issues with this
proposal, in the hopes of sparking solutions. My hope is that we might find
an acceptable and realistic compromise on solely focusing on the
certificate lifetime, and thus nimbly sidestep such other issues until we
have the opportunity to discuss further in person.

I have focused only on the Baseline Requirements, as it is the only
document meaningful for discussions of online security. Given the issues
present, it would not be surprising to find similar issues with the
proposed modifications for the EVGL, but I'm sure members would find such
discussions as exhausting as I do, given the many issues I've raised.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170301/0a32a00e/attachment-0003.html>


More information about the Public mailing list