[cabf_validation] [EXTERNAL]Re: Making progress on disclosures of data sources
Stephan Wolf
Stephan.Wolf at Gleif.org
Thu Apr 23 08:25:51 MST 2020
Ryan,
I understand that the CA’s lists must be much longer. You also validate individuals. However, have you seen any entry on the GLEIF list that wouldn’t find your support? Maybe that’s starting point …
Thx
Stephan
Von: Ryan Sleevi <sleevi at google.com>
Datum: Donnerstag, 23. April 2020 um 15:57
An: Stephan Wolf <Stephan.Wolf at Gleif.org>
Cc: CA/Browser Forum Validation SC List <validation at cabforum.org>
Betreff: Re: [cabf_validation] [EXTERNAL]Re: Making progress on disclosures of data sources
On Thu, Apr 23, 2020 at 1:19 AM Stephan Wolf <Stephan.Wolf at gleif.org> wrote:
If it helps, on GLEIF’s registration authorities list you’ll find 5 Swedish offices suited for validation.
https://www.gleif.org/en/about-lei/code-lists/gleif-registration-authorities-list
Yes, we previously discussed that - the message from me you're replying to had some links to that past discussion.
There was even discussion about whether or not it's appropriate to use GLEIF's list wholesale, shared both on the list and during our recent F2F in Bratislava. The concern is that the set of objectives with respect to Incorporating Agency and Registration Agency are somewhat different than GLEIF's RA list, and so while there's probably an 80% or more overlap, that's not 100%. The objective, which despite certain posts on the list was otherwise uncontroversial, as to get to a point where we could offer Relying Parties the same certainty, and consistency, and LEI ensures all of its LOUs offer.
In the end, whether or not the CA/Browser Forum is able to succeed as an organization, and whether CAs are able to be trusted to provide information about organizations, is largely dependent upon the ability to self-regulate and address the pernicious data quality issues, including the selection of data sources. Our goal here is to try and collaboratively move to a model of unambiguous requirements, where all CAs consistently provide a baseline level of quality and service. We've been trying, for half a year now, in response to the wide industry trends, to get to a point where CAs disclose their sources used, and that we can make progress on an approach similar to GLEIF, and potentially in collaboration with GLEIF and other international organizations.
However, thus far, all attempts at voluntary disclosure have been rebuffed, except for DigiCert. Despite commitments from other CAs in the past, including GlobalSign and Entrust Datacard, that they would work to disclose their data sources, we've not made progress. This ballot is an attempt to make forward progress here, while affording CAs the same flexibility in judgement and selection that they have today, but with simply added transparency to improve trust and build better industry awareness and understanding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20200423/c19b5ac9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5394 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20200423/c19b5ac9/attachment-0001.p7s>
More information about the Validation
mailing list