[cabf_validation] Validation WG meeting minutes 2019-10-10

Stephan Wolf Stephan.Wolf at Gleif.org
Thu Oct 17 00:44:10 MST 2019 

Ryan,

 

Please excuse my late response. I am pretty busy with preparing for large meetings next week in Washington.

 

As far as I recall, I insisted on public discussions on this list despite attempts to take it offline. All my comments and responses are recorded on this list and so are the statements of the participants.

 

To the best of my knowledge, I was approached by one individual who is neither an employee of a browser vendor not a CA. This individual suggested that I should not keep my position. I responded in accordance with my statements made in the CA/B Forum. Since this individual is on this list, please feel free to share your mail and my response with the group.

 

I am puzzled that we now act on hearsay. If anybody has to bring anything forward, he or she should do this openly.

 

Best,

Stephan

 

Von: Ryan Sleevi <sleevi at google.com>
Datum: Montag, 14. Oktober 2019 um 16:52
An: Kirk Hall <Kirk.Hall at entrustdatacard.com>
Cc: CA/Browser Forum Validation WG List <validation at cabforum.org>, Stephan Wolf <Stephan.Wolf at Gleif.org>
Betreff: Re: [cabf_validation] Validation WG meeting minutes 2019-10-10

 

Hi Kirk,

 

I'm afraid Stephan will be better positioned to share his public and private correspondence. I've been informed by multiple people involved in this space that they've expressed concern to GLEIF regarding the proposal to put LEIs in certificates, who do not participate in the CA/Browser Forum, so I stand confident in the statement.

 

On Sun, Oct 13, 2019 at 12:50 PM Kirk Hall <Kirk.Hall at entrustdatacard.com> wrote:

Ryan, in your response below to Stephan Wolf of GLEIF, you said “many people have engaged, publicly and privately, with GLEIF to express and explain these concerns” that including LEIs in server certificates could cause security issues for Chrome and its users.

 

I certainly am aware of your statements on this point – but I do not recall ever seeing similar statements of concern from anyone else.  

 

It would be useful to Forum members if you could point us to statements of concern over including LEIs in certificates from other people so we can evaluate them.

 

Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20191017/9f899475/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5394 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20191017/9f899475/attachment.p7s>

More information about the Validation mailing list