[cabf_validation] [EXTERNAL]Re: Ballot Proposal: Validation Method in certificatePolicies

Tim Shirley TShirley at trustwave.com
Fri Aug 10 12:02:18 MST 2018

I’d agree that things necessary for connection establishment should ideally be in the certificate.  Putting aside for a second that the “level of assurance” is a subjective measure in the eye of the beholder and not what is actually proposed to be encoded in the certificate, I’m not sure what leads you to suggest that the domain validation method(s) used would “almost certainly” fall into that category.  Admittedly I wasn’t at the validation working group call last week, but the minutes there captured a sentiment that this information should not be used for making trust decisions.  Wouldn’t that thus make it unnecessary for connection establishment?

Tim Shirley
Software Architect
t: +1 412.395.2234


Recognized by industry analysts as a leader in managed security services<https://www.trustwave.com/Company/About-Us/Accolades/>.

From: Validation <validation-bounces at cabforum.org> on behalf of "validation at cabforum.org" <validation at cabforum.org>
Reply-To: "sleevi at google.com" <sleevi at google.com>, "validation at cabforum.org" <validation at cabforum.org>
Date: Thursday, August 9, 2018 at 2:10 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>
Cc: "validation at cabforum.org" <validation at cabforum.org>
Subject: Re: [cabf_validation] [EXTERNAL]Re: Ballot Proposal: Validation Method in certificatePolicies

This is why certificates encode information like, well, issuer, validity period, etc. So when folks propose new extensions to be introduced to certificates, its often because having that information readily available is essential to the trustworthiness of the connection. Does problem reporting email make sense for connection establishment? Maybe, maybe not. Do things like the level of assurance of the domain validation belong there? Almost certainly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180810/35700758/attachment.html>

More information about the Validation mailing list