[cabf_validation] Certificate usages/issuance flows to model for the F2F

Corey Bonnell Corey.Bonnell at digicert.com
Wed Feb 22 18:25:34 UTC 2023


I now have a link to a draft of a representative “Traditional hosting provider” flow available on the Validation-sc Wiki page (https://wiki.cabforum.org/validation). I’m not going to directly link to the draft document in this email for fear of attracting bots.

 

I plan to refine the flow description this week so the text may change, but I wanted to share this as a potential template for modeling these flows. Also, I would welcome comments and suggestions on improving the “numbered-list” format.

 

Thanks,

Corey

 

From: Validation <validation-bounces at cabforum.org> On Behalf Of Corey Bonnell via Validation
Sent: Thursday, February 16, 2023 2:37 PM
To: Wayne Thayer <wthayer at gmail.com>; CABforum3 <validation at cabforum.org>
Subject: Re: [cabf_validation] Certificate usages/issuance flows to model for the F2F

 

Hi Wayne,

Thanks for volunteering to take the CDN flow.

 

We didn’t have time on last week’s call to define a format for describing these flows, so the format is open-ended at this point. For the two flows that I’m going to model, I was thinking of a numbered list of steps with sub-bullet points that further describes the step with references to specific BR sections that may govern that step.

 

I’m planning to write up one of the flows by end of day Tuesday and can share with the group unless we determine a better format in the meantime.

 

Thanks,

Corey

 

From: Wayne Thayer <wthayer at gmail.com <mailto:wthayer at gmail.com> > 
Sent: Wednesday, February 15, 2023 5:31 PM
To: Corey Bonnell <Corey.Bonnell at digicert.com <mailto:Corey.Bonnell at digicert.com> >; CABforum3 <validation at cabforum.org <mailto:validation at cabforum.org> >
Subject: Re: [cabf_validation] Certificate usages/issuance flows to model for the F2F

 

I will volunteer to describe the CDN flow (#2).

 

I wasn't on last week's call, so I'm wondering how best to represent these models (Bullet points? Flow charts? Include renewals?) and what level of detail we're looking for. It would be helpful if someone could share a draft so that the other volunteers can use a similar format.

 

Thanks,

 

Wayne

 

On Wed, Feb 15, 2023 at 12:55 PM Corey Bonnell via Validation <validation at cabforum.org <mailto:validation at cabforum.org> > wrote:

Hello,

I received an off-list email with a few excellent suggestions to improve the collaboration process:

 

1.	Allow for multiple people to model the same flow. Additionally, the same person can model multiple flows.
2.	Create separate Google Docs for each person and each flow to keep the document sizes manageable. I’ll send out sharing links to the volunteers.

 

To kick things off, I’ll volunteer to model “Traditional hosting provider” and “ACME”.

 

Thanks,

Corey

 

From: Validation <validation-bounces at cabforum.org <mailto:validation-bounces at cabforum.org> > On Behalf Of Corey Bonnell via Validation
Sent: Thursday, February 9, 2023 12:16 PM
To: CABforum3 <validation at cabforum.org <mailto:validation at cabforum.org> >
Subject: [cabf_validation] Certificate usages/issuance flows to model for the F2F

 

Hello,

As discussed on the call today, we developed a list of 5 different issuance flows that we’d like to model in preparation for the F2F discussion:

 

1.	ACME model

2. CDN

3. "Traditional" hosting provider

               - "user"/admin makes the CSR

4. Reseller/partners

5. "Cloud" provider

               - makes CSR for web server

 

To help prepare for the F2F discussion, we’d like to call for volunteers to develop a model for each of these different issuance flows. Specifically, each step of the validation and issuance process should be enumerated. If possible, each step should also reference the relevant BR section.

 

If you’d like to work on one of these items, please reply to this email with the number of the flow that you’d like to model.

 

I’ll work on spinning up a Google Docs page for each of these items and follow up on this list when this has been done.

 

Thanks,

Corey

_______________________________________________
Validation mailing list
Validation at cabforum.org <mailto:Validation at cabforum.org> 
https://lists.cabforum.org/mailman/listinfo/validation <https://url.avanan.click/v2/___https:/lists.cabforum.org/mailman/listinfo/validation___.YXAzOmRpZ2ljZXJ0OmE6bzo1MDZiM2NkZDM2NjFlNjU2ZjVhODk5ZWMxYTAzYjE4ZDo2OmE3MWQ6OWNjMWJlMzAyODg2M2ZjMWI5NGE5ZDlhNzMzNTg1NzI3M2NjOTg5ZmU2MmNiYTE1OWJiYjQ1OGFiZWY5MWFmNTpoOkY> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230222/873992ba/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230222/873992ba/attachment-0001.p7s>


More information about the Validation mailing list