[cabf_validation] Validation Summit Takeaways

Doug Beattie doug.beattie at globalsign.com
Mon Mar 12 07:26:32 MST 2018

Hi Wayne,

During the meetings we discussed threats and vulnerabilities and we should continue documenting them per each method.  Since this won’t be a reflection of the meeting (can’t be in the meeting notes), where do you suggest we build on what was discussed so everyone understands the risks of the methods?

For example, I think if we better understand the attacks possible for method 1, we may be able to specify sufficient safeguards (same for methods 9 and 10 with the addition of ALPN).  I think your Google Doc jumps to the recommended solutions without discussing the issues with the method as it stands.  I recommend adding a table to each method before you get into the details with:

-          Risk – what can go wrong

-          Mitigation: How do you reduce the risk (which might contain the items you’ve listed already

-          Discussion – how we think this mitigation works, or doesn’t.

I’ll go ahead and do this for method 9 and you can accept, comment, or REJECT my suggestions ☺  If this is the way to proceed, then the person that presented the methods might want to do the same.


From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Wayne Thayer via Validation
Sent: Wednesday, March 7, 2018 9:26 AM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Subject: [cabf_validation] Validation Summit Takeaways

Thanks to everyone who participated in the validation summit yesterday. I've heard a number of positive remarks on the amount of progress we made.

The list of action items that we reviewed at the end of the day is at:


Feel free to add comments to the document.

The next step for the Validation Working Group is to prioritize the work and then begin drafting and discussing ballots that implement these improvements.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180312/ca9956d9/attachment-0001.html>

More information about the Validation mailing list