[cabf_validation] Validation proposal edits

Richard Barnes rbarnes at mozilla.com
Thu Jul 23 09:50:28 MST 2015


Hey guys,

Last week, I promised edits on the validation proposal in about a week.  I
pulled the proposal into a Google doc, and started making some edits.  I
haven't done anything with the specific validation methods, but I've done
some stuff with the preamble that I would appreciate the group's feedback
on.

https://docs.google.com/document/d/1_myTluMpMD7vaBkjVEIFiI1Q8u7tWuzlvEvLF3oDCZ8/edit

Allow me to riff for a moment about the specific validation mechanisms:

I'm concerned about the descriptions of the more technical mechanisms (3,
5, 6, 7, 8, 9).  On the one hand, they're general enough that one could
implement them insecurely, and on the other hand, they're specific enough
that they rule out some valid techniques.

It seems like what we really need for this document to do is express the
security requirements for validation mechanisms, in a specific enough way
that it's difficult for CAs to do bad things.  If we only do that, though,
I'm worried that we won't be giving auditors enough tools to evaluate CAs;
we'll be requiring them to do technical analysis on CAs' validation
mechanisms to determine whether they meet the security requirements.  So it
would be good to provide specific examples of acceptable techniques.

It seems like if we do those two things (security requirements + specific
examples), we will strike a better balance between enhancing security and
allowing flexibility.  It basically gives CAs a choice between a fast path
and a slow path -- either use one of the approved methods, or do a lot of
work to convince your auditor that your custom thing is OK.

Does that seem like a sensible direction?

--Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150723/94103b54/attachment.html 


More information about the Validation mailing list