[cabfpub] Naming rules
Moudrick M. Dadashov
md at ssc.lt
Mon Mar 6 07:27:25 UTC 2017
+1.
Thanks,
M.D.
On 3/6/2017 8:37 AM, Kirk Hall via Public wrote:
>
> I disagree.
>
> BR 9.16.3 was intended to let applicable law supersede the BRs (of
> course), and therefore the WebTrust / ETSI audit standards for the BRs
> as well, so that a CA that is following applicable law (which we all
> must do) will NOT receive a qualified audit, so long as the CA calls
> out the divergence from the BRs due to applicable law – that’s the
> point of BR 9.16.3. The resulting audit (so long as it notes this
> divergence due to local law) should be unqualified, not qualified. In
> my opinion, any other interpretation is dead wrong.
>
> Take a look at all of our Terms of Service / User Agreements, etc.
> They typically say that in the event of a conflict between local law
> and the terms of our agreement, local law will prevail (i.e., the
> agreement will be modified to the minimum extent necessary to comply
> with local law). If you don’t believe me, please consult with your
> own legal departments to confirm.
>
> The same should apply to the BRs and the WebTrust / ETSI BR
> requirements – they must be reformed (waived, modified) to the extent
> necessary to comply with local law, so long as the modification is
> called out to the public. Anything else is picking a fight with
> governments for no good reason.
>
> Why don’t we ask the WebTrust / ETSI auditors how they recommend we
> deal with conflicts between the BRs and applicable law? They are the
> experts on audit processes – not the rest of us.
>
> *From:*Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Sunday, March 5, 2017 6:08 PM
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Cc:* Peter Bowen <pzb at amzn.com>; Kirk Hall
> <Kirk.Hall at entrustdatacard.com>
> *Subject:* Re: [cabfpub] Naming rules
>
> On Sun, Mar 5, 2017 at 5:18 PM, Kirk Hall via Public
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
> +1. Seems like a good resolution to me - full disclosure to users
> and browsers, deference to local law where applicable as provided
> in BR 9.16.3 (local users are probably already used to any local
> customs on naming rules), and avoids the need for the Forum to try
> to understand and approve/disapprove local naming rules one by
> one. Allows auditors to complete successful audits with
> disclosure, and the trust list maintainers receive notice and can
> make their own decisions.
>
> I think it's worth pointing out, again, that deference to local law,
> as you suggested, only applies in exceptionally limited cases - and on
> the basis of the provided evidence, does not apply.
>
> I think this is crucial for the Forum's members - and auditors who may
> be following - to understand and appreciate.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170306/1b9820d7/attachment-0003.html>
More information about the Public
mailing list