[cabf_validation] Using 3.2.2.4.2/.3 for future domains

Ryan Sleevi sleevi at google.com
Sat Mar 17 12:46:48 MST 2018


On Sat, Mar 17, 2018 at 3:29 PM, Peter Bowen <pzb at amzn.com> wrote:

>
> I think you have confused different proposals.  I was not talking about
> the Applicant/Subscriber, as defined in the BRs.
>
> Consider the following example:
>

While we can discuss via analogy, that does not help us move forward into
meaningful conclusion.


>
> The USPTO says “Example Technology Inc, +1-206-166-1000” is the owner of a
> trademark.  You contact them at that phone number to discuss licensing
> their trademark and they tell you that Dewey, Chetham, and Howe LLP is
> their agent for trademark licensing.  Now you contact DCH and work on
> negotiating a licensing deal.  If the deal ends up covering multiple
> trademarks all owned by "Example Technology Inc, +1-206-266-1000
> <(206)%20266-1000>", you don’t call back Example Technology for each
> additional trademark to confirm DCH is the agent for that mark as well.
>

Yet in this model, the presumption here is that you don't need to look up
who the owners for *other* trademarks are, and you're assuming that Dewey,
Chetham, and Howe is the authorized representatives for all trademarks. In
the contract model, you're relying on DCH to self-assert that they're
authorized for all possible trademarks, without verifying that. Further,
you're assuming that for perpetuity, without regard to whether DCH has been
dismissed, nor by checking with the USPTO to make sure that "Example
Technology Inc" is still the trademark licensee.


> I’m assuming you mean §9.6.1(2).  My interpretation is that §9.6.1(2) does
> not apply to DV certificates — it only applies when a legal entity, natural
> person, or device is named in the subject; we know it is valid to have a DV
> certificate with an empty Subject.
>

I disagree with your interpretation that 9.6.1(2) only applies to OV/EV.
It's a critical part of the validation that the other methods established,
but the proposals discussed to date fail to do so.


> So yes, I disagree that a model of "right to use" and "authorization"
> based on assumptions and inferences such as "ownership" or "legal entity"
> is a sufficient level of assurance for the most critical portion of a
> certificate, the domain name. I do not disagree that these can be
> components, and particularly necessary components for models such as OV/EV,
> but they are not sufficient for the assertion of a domain name within a
> certificate.
>
>
> I think this is the core disagreement.  You are rejecting contract law and
> effectively asserting that possession is ten-tenths of the law.
>

I think this is a gross overstatement of what I'm rejecting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180317/9121f7db/attachment-0001.html>


More information about the Validation mailing list