[cabf_validation] [EXTERNAL]Re: Suggested edits to draft Minutes of the September 12, 2019 Validation Subcommittee Call

Ryan Sleevi sleevi at google.com
Wed Sep 18 16:51:26 MST 2019


Replies inline.

On Wed, Sep 18, 2019 at 6:51 PM Kirk Hall via Validation <
validation at cabforum.org> wrote:

> On the call, you stated the following about Googles position on LEIs in EV
> certificates, as I included in my edits to the Minutes:
>

>
> “***Google’s position is, again, that it would be actively harmful to
> include LEI numbers in EV certificates and Google doesn’t see a path
> forward at present to allow the issuance in TLS certificates without
> potentially blocking those certificates or even blocking the CA, and that’s
> a very serious thing but that’s the ecosystem harm that Google see by
> putting LEI numbers in EV certificates.”
>
>
>
> You have said this before, and many CAs are wondering what the “ecosystem
> harm” is that you see from adding an organization’s LEI to an EV
> certificate as an extension after proper validation by the CA (that is the
> goal of the draft ballot we are working on now).  You have also said that
> validated LEIs added as extensions to EV certificates would be “actively
> harmful” to Chrome users.
>

Thanks, this is really helpful to understand your goals.

I must admit, I'm a little worried there that in the excitement to continue
the conversation from the call, you might have forgotten what your proposed
edits were, which I still have objections to. To help refresh your memory,
and hopefully show how your goals were already addressed, the originally
proposed minutes stated, with an added "***" to help highlight for you
where the information was captured.

---
Ryan indicated that with only a few minutes left on the call, he didn’t
think it would be a productive conversation to try and have with so little
time. Kirk asked about adding it to the agenda of the next call, and Ryan
said it would be better to continue the conversation with Stephan and GLEIF
to better understand LEIs in TLS certificates used by browsers. Ryan was
surprised by the difficulty CAs had in understanding the benefits to
reduced certificate lifetimes, and given the nuances and complexities,
suggested it would be much more difficult.

Kirk wanted to understand the concerns to try and address them. Ryan
suggested it would be better to continue the conversation with Stephan and
GLEIF, to see if productive solutions might be identified, rather than
simply listing concerns that might not be understood.
---

Similarly, the related section originally read:
---
Wayne suggested it’s unlikely we’d have a constructive conversation for the
remainder of the call, and said that it sounded like a follow-up call with
Stephan and Ryan might be valuable to address the concerns. Stephan
clarified that GLEIF does not normally engage in 1:1s, and asked if would
it make sense to have another broad call with CAs. ***Ryan said he did not
think a broad call would be as productive as needed, given that the current
position of Chrome is that it would be actively harmful to include LEIs in
TLS certificates, and may require Chrome potentially needing to block the
certificates or even the CA that issued them.*** Because of how serious
that would be, Ryan wanted to try and find a way to avoid that, by making
sure there’s a better understanding about why LEIs should be in TLS
certificates, relative to the risks.
---

This seems to have captured the information you highlighted is important to
you, as highlighted in ***. If you look carefully at your edits, it seems
one simply reworded a sentence to be longer, but without changing
substance, while another introduced a section to highlight your repeated
insistence on an answer to a complex question on a call with only 4 minutes
left.

Do you believe the minutes are incorrect in what they capture? I think the
proposed minutes accurately capture your concern that you did not
understand the problem, and that you wanted to try to address them, and
that we disagreed on the most productive way to resolve your confusion,
which seemed to be the important part of that conversation.

I highlight this because a number of your edits appear to be edits to what
I said, and don't appear to be corrections, but appear to be expansions
that don't add any new information not already captured in the draft
minutes. As the point of the draft minutes is to allow folks to correct and
clarify what they said, it's a bit odd to insist on corrections to the
speaker themselves, and so I was rather surprised by your proposed edits.
As the person who was speaking, it's still not clear to me what you feel
was lacking.

I've elided the rest of your discussion that is unrelated to the minutes,
or confusion about what was meant, as it doesn't seem to be tied to the
approval of the minutes, but about trying to understand and continue the
conversation. That seems like it might be more productive by starting a new
thread, so that it doesn't disrupt or side-track our discussion above. If
you do that, it'd based on your remarks, it's probably helpful to read the
previous minutes, at
https://cabforum.org/pipermail/validation/2019-August/001306.html , to
understand the discussion and context you missed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20190918/d1ac66d0/attachment.html>


More information about the Validation mailing list