[cabfpub] Naming rules

Moudrick M. Dadashov md at ssc.lt
Mon Mar 6 07:27:25 UTC 2017


+1.

Thanks,
M.D.

On 3/6/2017 8:37 AM, Kirk Hall via Public wrote:
>
> I disagree.
>
> BR 9.16.3 was intended to let applicable law supersede the BRs (of 
> course), and therefore the WebTrust / ETSI audit standards for the BRs 
> as well, so that a CA that is following applicable law (which we all 
> must do) will NOT receive a qualified audit, so long as the CA calls 
> out the divergence from the BRs due to applicable law – that’s the 
> point of BR 9.16.3.  The resulting audit (so long as it notes this 
> divergence due to local law) should be unqualified, not qualified.  In 
> my opinion, any other interpretation is dead wrong.
>
> Take a look at all of our Terms of Service / User Agreements, etc.  
> They typically say that in the event of a conflict between local law 
> and the terms of our agreement, local law will prevail (i.e., the 
> agreement will be modified to the minimum extent necessary to comply 
> with local law).  If you don’t believe me, please consult with your 
> own legal departments to confirm.
>
> The same should apply to the BRs and the WebTrust / ETSI BR 
> requirements – they must be reformed (waived, modified) to the extent 
> necessary to comply with local law, so long as the modification is 
> called out to the public.  Anything else is picking a fight with 
> governments for no good reason.
>
> Why don’t we ask the WebTrust / ETSI auditors how they recommend we 
> deal with conflicts between the BRs and applicable law? They are the 
> experts on audit processes – not the rest of us.
>
> *From:*Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Sunday, March 5, 2017 6:08 PM
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Cc:* Peter Bowen <pzb at amzn.com>; Kirk Hall 
> <Kirk.Hall at entrustdatacard.com>
> *Subject:* Re: [cabfpub] Naming rules
>
> On Sun, Mar 5, 2017 at 5:18 PM, Kirk Hall via Public 
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
>     +1.  Seems like a good resolution to me - full disclosure to users
>     and browsers, deference to local law where applicable as provided
>     in BR 9.16.3 (local users are probably already used to any local
>     customs on naming rules), and avoids the need for the Forum to try
>     to understand and approve/disapprove local naming rules one by
>     one. Allows auditors to complete successful audits with
>     disclosure, and the trust list maintainers receive notice and can
>     make their own decisions.
>
> I think it's worth pointing out, again, that deference to local law, 
> as you suggested, only applies in exceptionally limited cases - and on 
> the basis of the provided evidence, does not apply.
>
> I think this is crucial for the Forum's members - and auditors who may 
> be following - to understand and appreciate.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170306/1b9820d7/attachment-0003.html>


More information about the Public mailing list