Re: [cabfpub] [EXTERNAL]Missing Failed Ballots results on webpage

Ryan and Kirk, I’ve posted the three failed ballots to the CA/Browser Forum website now. https://cabforum.org/2017/02/24/ballot-185-limiting-lifetime-certificates/

Re: [elixir-core:7468] [Proposal] Converting @type/@spec to contract/asserts at compile time?

No, there is intentionally no way to globally apply a macro. On Saturday, September 30, 2017 at 7:42:54 AM UTC-4, gasp...@gmail.com wrote: > > > > On Saturday, September 30, 2017 at 2:36:30 PM UTC+3, Louis Pilfold wrote: >> >> Heya >> >> You could write a library that does this rather than

[elixir-core:7449] Re: [Proposal] More intuitive import shadowing

Setting aside whether or not the existing functionality is intuitive or not, this isn't actually a proposal. You aren't suggesting an alternative. On Thursday, September 21, 2017 at 10:17:12 AM UTC-4, Krzysztof Wende wrote: > > Right now when we import a module A > > defmodule CurrentA do >

[cabfpub] Ballot 190 and BR v. 1.5.2

that the intent of Ballot 204 should supersede the contradictory language in Ballot 190. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 smime.p7s Description: S/MIME cryptographic signature ___ Public mailing list Public@cab

Re: [cabfpub] Voting has started on Ballot 190

DigiCert votes “yes” From: Public > on behalf of Kirk Hall via Public > Reply-To: Kirk Hall >, CA/Browser

RE: Old roots to new roots best practice?

Ryan, Could you please explain what you mean by saying that if you revoke a single certificate that it is akin to revoking all variations of that certificate? I don't think I agree. There are situations where the certificate is revoked for reasons (e.g. issues of certificate format/content) that

RE: Violations of Baseline Requirements 4.9.10

Hi Paul, In case you're not on the distribution for the DigiCert bug for this, here is my recent post. https://bugzilla.mozilla.org/show_bug.cgi?id=1398269#c2 Cheers, Ben -Original Message- From: dev-security-policy

RE: CAs not compliant with CAA CP/CPS requirement

Those are typos. See section 4.2.1 of our CPS posted here: https://www.digicert.com/wp-content/uploads/2017/09/DigiCert_CPS_v412.pdf -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On Behalf Of Samuel Pinder via

[cabfpub] Ballots 210 and 212

. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 smime.p7s Description: S/MIME cryptographic signature ___ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Ballot 212: Canonicalise formal name of the Baseline Requirements

DigiCert votes “yes” Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Friday, August 18, 2017 9:06 AM To: CABFPub <public@cabforum.org> Subject: [cabfpub] Ballot 212: Canoni

RE: Violations of Baseline Requirements 4.9.10

This CA is technically constrained: DN: C=CH, L=Zurich, O=ABB, CN=ABB Issuing CA 6 From: Paul Kehrer [mailto:paul.l.keh...@gmail.com] Sent: Tuesday, August 29, 2017 6:48 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Violations of Baseline Requirements 4.9.10 I've

RE: Violations of Baseline Requirements 4.9.10

This CA only issues client certificates: DN: CN=Cartão de Cidadão 001, OU=ECEstado, O=SCEE - Sistema de Certificação Electrónica do Estado, C=PT Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Paul Kehrer [mailto:paul.l.keh...@gmail.com] Sent: Tuesday, August

Re: [cabfpub] Voting has started on Ballot 210 (NetSec Revisions)

ions) Entrust votes yes From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Saturday, August 12, 2017 8:30 PM To: CABFPub <public@cabforum.org<mailto:public@cabforum.org>> Subject: cabfpub] Ballot 210: Misc. Changes to the Network and

RE: Certificate with invalid dnsName issued from Baltimore intermediate

Attached is an audit from 2016. They are due for another one for 2017. -Original Message- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Tuesday, August 15, 2017 6:55 AM To: Ben Wilson <ben.wil...@digicert.com>; mozilla-dev-security-pol...@lists.mozilla.org Subje

RE: Certificates with reserved IP addresses

Gerv, Yes. We'll be revoking both of those. A date is yet to be determined. Ben Gerv wrote: TI Trust Technologies has two intermediate certificates in the CCADB - the one mentioned above: https://ccadb.my.salesforce.com/001o00cdd4t and this one, serial number 0727bfc4:

RE: Certificate with invalid dnsName issued from Baltimore intermediate

the end of the contract, because it will cause several problems to the Bank and to our users (customers and colleagues). Sincerely yours, Ben -Original Message- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Tuesday, August 15, 2017 6:44 AM To: Ben Wilson <ben.wil...@digicert.

RE: Certificates with reserved IP addresses

yours, Ben Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Ryan Sleevi [mailto:r...@sleevi.com] Sent: Saturday, August 12, 2017 8:56 PM To: Ben Wilson <ben.wil...@digicert.com> Cc: Jonathan Rudenberg <jonat...@titanous.com>; mozilla-dev-security-pol...

RE: Certificates with less than 64 bits of entropy

are informed to renew). Obviously we will continue to evaluate DigiCert's response to this information from Siemens, but we figured that interim disclosure of this information to this list was important. Sincerely yours, Ben Wilson -Original Message- From: dev-security-policy

RE: Certificates with less than 64 bits of entropy

They are working on the issue and preparing a report. From: Eric Mill [mailto:e...@konklone.com] Sent: Saturday, August 12, 2017 9:03 PM To: Ben Wilson <ben.wil...@digicert.com> Cc: Alex Gaynor <agay...@mozilla.com>; Jonathan Rudenberg <jonat...@titanous.com>; mozill

RE: Certificates with reserved IP addresses

We’ll look into these on Monday and get back to you. From: Ryan Sleevi [mailto:r...@sleevi.com] Sent: Saturday, August 12, 2017 8:56 PM To: Ben Wilson <ben.wil...@digicert.com> Cc: Jonathan Rudenberg <jonat...@titanous.com>; mozilla-dev-security-pol...@lists.mozilla.org

RE: Certificates with reserved IP addresses

Thanks. We've sent an email to the operators of the first two CAs (TI Trust Technologies and Cybertrust Japan) that they need to revoke those certificates. Thanks again, Ben -Original Message- From: dev-security-policy

RE: Certificates with less than 64 bits of entropy

QuoVadis Enterprise Trust CA 2 G3 signed the Siemens Issuing CA Internet Server 2016. From: Jeremy Rowley Sent: Friday, August 11, 2017 8:36 AM To: Ben Wilson <ben.wil...@digicert.com> Cc: Alex Gaynor <agay...@mozilla.com>; Jonathan Rudenberg <jonat...@titanous.com>; mozill

RE: Certificates with less than 64 bits of entropy

Apparently they haven’t yet, but we’ll assume that they will. Does the community expect a remediation plan for their code and then a revocation-and-replacement plan? Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Alex Gaynor [mailto:agay...@mozilla.com] Sent

RE: Certificates with less than 64 bits of entropy

With regard to Siemens, given the large number of certificates and the disruption that massive revocations will have on their infrastructure, what does this community expect them to do? -Original Message- From: dev-security-policy

Re: [cabfpub] Random value reuse

Right. The definition should be rewritten without the "applicant" included. -Original Message- From: Peter Bowen [mailto:p...@amzn.com] Sent: Wednesday, August 9, 2017 3:49 PM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: Ben Wilson <ben.wil...@digicert.com>

Re: [cabfpub] Random value reuse

over an Authorized Port." The other methods seem to specify the process more thoroughly. -Original Message- From: geo...@apple.com [mailto:geo...@apple.com] Sent: Wednesday, August 9, 2017 3:11 PM To: Ben Wilson <ben.wil...@digicert.com>; CA/Browser Forum Public Discussi

Re: [cabfpub] Random value reuse

Putting the issue of "reuse" aside, do we need to clarify this issue of which random value methods can be used in combination with others? It seems that a random value could be provided to the domain contact / admin under methods 2, 3 (if you wanted) or 4 and then used within 30 days for

RE: Certificates with invalidly long serial numbers

FWIW - In the case of Telecom Italia, they have a commercial CA product has a bug in it that occasionally causes this issue. They may need some time for the software to be fixed/replaced. -Original Message- From: dev-security-policy

RE: Certificate with invalid dnsName issued from Baltimore intermediate

There are over 300 publicly visible servers, according to Censys.IO. From: Alex Gaynor [mailto:agay...@mozilla.com] Sent: Thursday, August 3, 2017 8:42 AM To: Ben Wilson <ben.wil...@digicert.com> Cc: Nick Lamb <tialara...@gmail.com>; mozilla-dev-security-pol...@lists.mozilla.org

RE: Certificate with invalid dnsName issued from Baltimore intermediate

@lists.mozilla.org] On Behalf Of Ben Wilson via dev-security-policy Sent: Thursday, August 3, 2017 7:33 AM To: Nick Lamb <tialara...@gmail.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: RE: Certificate with invalid dnsName issued from Baltimore intermediate That would be fine. Al

RE: Certificate with invalid dnsName issued from Baltimore intermediate

-security-policy Sent: Wednesday, August 2, 2017 10:34 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Certificate with invalid dnsName issued from Baltimore intermediate On Monday, 24 July 2017 17:34:03 UTC+1, Ben Wilson wrote: > Nick, > We are in discussions with Intesa Sanpaolo

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

Wayne, Can you give an example of what embedding would look like? Thanks, Ben From: Wayne Thayer<mailto:wtha...@godaddy.com> Sent: ‎8/‎1/‎2017 3:58 PM To: Ben Wilson<mailto:ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List&l

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

. -Original Message- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Tuesday, August 1, 2017 10:06 AM To: Ben Wilson <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org>; Kirk Hall <kirk.h...@entrustdatacard.com> Subject: Re: [cabfpub] [EXTER

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

Are we talking about what the CA records in its database for the validation method used, or are we talking about annotating the BRs with a record of when a change was made? -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent:

Re: [cabfpub] Pre-Ballot 209 EV Liability

31, 2017 9:27 AM To: Ben Wilson <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org> Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability On 25/07/17 21:59, Ben Wilson via Public wrote: > Here is another pre-ballot for discussion. Can you explai

Re: [elixir-core:7347] Automatic inspect interpolation

Agreed. Inspect can leak sensitive information easily, and I think it's important to annotate that a structure will be using its debug representation in a string. On Sunday, July 30, 2017 at 3:31:57 AM UTC-4, José Valim wrote: > > I personally prefer the clearer approach of calling "inspect"

Re: [cabfpub] Pre-Ballot 209 EV Liability

. From: Moudrick M. Dadashov [mailto:m...@ssc.lt] Sent: Tuesday, July 25, 2017 5:48 PM To: Ben Wilson <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org> Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability Would you mind to show how it wou

Re: [cabfpub] Pre-Ballot 209 EV Liability

And it should be an “and” or a “but”, but rephrased nevertheless. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Ben Wilson Sent: Tuesday, July 25, 2017 5:11 PM To: Ben Wilson <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <public@cab

Re: [cabfpub] Pre-Ballot 209 EV Liability

Never mind – I think I now see your point. Not “up to” it needs to be “not less than $5 million.” Would that make it clearer? Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Tuesday

Re: [cabfpub] Pre-Ballot 209 EV Liability

All of the provisions would provide optional caps that CAs could place on EV liability. The 12-month $5 Million cap allows a CA to cap all EV liability to all those EV certificates issued within a single year. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From

RE: Certificate with invalid dnsName issued from Baltimore intermediate

Nick, We are in discussions with Intesa Sanpaolo about implementing/pursuing OneCRL or a similar approach (e.g. outright revocation of the CAs). Thanks, Ben -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On Behalf Of

RE: Certificate with invalid dnsName issued from Baltimore intermediate

b Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 17/07/2017 21:27, Nick Lamb wrote: > > On Monday, 17 July 2017 16:22:22 UTC+1, Ben Wilson wrote: > >> Thank you for bringing this to our attention. We have contacted > >> Intesa &

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

Maybe someone could provide an example of how the BR version number would appear at the end of each validation method? For example, would it look like this? [BR 1.5.0] - with the implication that the method was allowed as of BR v. 1.5.0 going forward until the current version of the BRs? If

[cabfpub] CABF Plenary Teleconference Calls

All, If it's alright, and for the benefit of members located in Asia, I'm going to start posting the WebEx recordings of CAB Forum plenary meeting calls to the wiki. Access to the recording of today's call is available here: https://cabforum.org/wiki/Teleconference%20recordings Ben

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

DigiCert votes “Yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Wednesday, July 19, 2017 4:34 PM To: Peter Bowen <p...@amzn.com>; CA/Browser Forum Public Discussion List <public@cabforum.org>; Ryan Sleevi <sle...@google.c

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Shortly I’ll circulate a full version of the Baseline Requirements redlined with the changes made by this ballot. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Peter Bowen via Public Sent: Wednesday, July 19

RE: Certificate with invalid dnsName issued from Baltimore intermediate

Dear Jonathan, Thank you for bringing this to our attention. We have contacted Intesa Sanpaolo regarding this error and have asked them to correct it as soon as possible. Sincerely yours, Ben Wilson, JD, CISA, CISSP DigiCert VP of Compliance -Original Message- From: dev-security

RE: How long to resolve unaudited unconstrained intermediates?

/ETSI audit (and not on the BR audit since email certificates aren’t covered by BR audits)? Thanks, Ben From: Alex Gaynor [mailto:agay...@mozilla.com] Sent: Tuesday, July 11, 2017 1:24 PM To: Ben Wilson <ben.wil...@digicert.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: H

Re: [cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation

DigiCert votes “yes” on Ballot 204. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, June 26, 2017 8:18 AM To: CABFPub > Subject: [cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP

Re: [cabfpub] Ballot 205: Membership-Related Clarifications

DigiCert votes “yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Thursday, June 22, 2017 5:43 AM To: CABFPub Subject: [cabfpub] Ballot 205: Membership-Related Clarifications Ballot 205: Membership-Related

Re: [cabfpub] Four sets of changes for proposed ballots

I’m helping to prepare ballots for these four sets of changes. So far, here are the anticipated endorsers: Peter B., Ryan S. and I intend to present the “underscores” ballot shortly (Ballot 202). I believe that Peter and Li Chun Chen will be presenting the ASN1 ballot, and I’m willing to

RE: DigiCert policy violation - non-disclosure of https://crt.sh/?id=160110886

We've now uploaded the self-signed root into the CCADB as a subordinate CA to the same self-signed root, if that makes sense. -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On Behalf Of Jeremy Rowley via

Re: [cabfpub] Updated Ballot 190 v2 dated June 29, 2017

Here is the comment tracking document. https://docs.google.com/spreadsheets/d/1uhKyrW9v9dDqgo4sVxoRx5e7sw0GE6zDoYqe EoE1WiI/edit?usp=sharing (If you make any changes, be sure to save a copy of

Re: [cabfpub] Voting on Ballot 192 ends tomorrow (Wed. June 28) at 22:00 UTC

Please vote so that we reach quorum From: Kirk Hall via Public Sent: ‎6/‎27/‎2017 2:54 PM To: CA/Browser Forum Public Discussion List Subject: [cabfpub] Voting on Ballot 192 ends tomorrow (Wed. June 28) at

Re: [cabfpub] Ballot 192 - Notary revision

Digicert votes "yes" From: Bruce Morton via Public Sent: ‎6/‎25/‎2017 3:56 PM To: CA/Browser Forum Public Discussion List Subject: Re: [cabfpub] Ballot 192 - Notary revision Entrust votes Yes to ballot 192.

Re: [cabfpub] Baseline Requirements "Certificate Policy" for the Issuance and Management of Publicly-Trusted Certificates

I’d support removing the words “Certificate Policy” from the document title, if that is the request, but I am fine with whatever the group decides. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rich Smith via Public Sent: Wednesday, June 21, 2017 5:51 PM To: 'Ryan Sleevi'

[cabfpub] Network Security Controls

One of the sources of external standards mentioned during our last face-to-face meeting was CIS' List of 20 Critical Security Controls, which I've uploaded here to the wiki for your reference - https://cabforum.org/wiki/Security. (Previous drafts of the network security requirements can be found

RE: New undisclosed intermediates

Sent: Thursday, June 8, 2017 8:17 PM To: Jonathan Rudenberg <jonat...@titanous.com> Cc: Ben Wilson <ben.wil...@digicert.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: New undisclosed intermediates On Thu, Jun 8, 2017 at 7:09 PM, Jonathan Rudenberg via

RE: New undisclosed intermediates

I don't believe that disclosure of root certificates is the responsibility of a CA that has cross-certified a key. For instance, the CCADB interface talks in terms of "Intermediate CAs". Root CAs are the responsibility of browsers to upload. I don't even have access to upload a "root"

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

OK – thanks. So Peter’s suggested improvement is appropriate and I’ll edit the draft of Ballot 202 accordingly, leaving these other issues for resolution by Ballot 184, or whichever. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Ryan Sleevi [mailto:sle

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

So, in order for this to happen, another ballot would subsequently be required that specifies the contents and validation for service names, correct? From: Peter Bowen [mailto:p...@amzn.com] Sent: Thursday, June 1, 2017 12:54 PM To: Ben Wilson <ben.wil...@digicert.com> Cc: CA/Browser

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

Let me word this another way. Who believes that an underscore character cannot be the first character in an FQDN? -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Thursday, June 1, 2017 12:22 PM To: Peter Bowen <p...@amzn.

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

I think that answers my question. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Ryan Sleevi [mailto:sle...@google.com] Sent: Thursday, June 1, 2017 12:34 PM To: Ben Wilson <ben.wil...@digicert.com> Cc: CA/Browser Forum Public Discussion List <public@cab

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

Does this position have something to do with SRV names vs. host names? Thanks, Ben From: Ryan Sleevi [mailto:sle...@google.com] Sent: Thursday, June 1, 2017 12:24 PM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Peter Bowen <p...@amzn.com>; Ben Wil

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

12 AM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject: Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs Ben, I would suggest a couple of changes: 1) Underscores should only be allowed where hyphens are allowed.

Re: [cabfpub] Ballot 200 - Amendment of Bylaws to add Code of Conduct

DigiCert votes “Yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Virginia Fournier via Public Sent: Tuesday, May 16, 2017 2:55 PM To: CA/Browser Forum Public Discussion List Cc: Virginia Fournier Subject: [cabfpub] Ballot 200 -

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

cleans up some of the language in Section 7.1.4.2.1 of the Baseline Requirements. The following motion has been proposed by Ben Wilson of DigiCert and endorsed by - and - to introduce new Final Maintenance Guidelines for the "Baseline Requirements Certificate Policy for the Issuance and Manag

[elixir-core:7150] Re: Proposal: pipe and assign syntax

This has been proposed before, and it was rejected then as well. You're only saving a few characters, and it obfuscates that two completely different things are happening (assignment, function calling). On Friday, May 19, 2017 at 1:27:29 PM UTC-4, OvermindDL1 wrote: > > Actually that specific

Re: [cabfpub] Preballot - Revised Ballot 190

completes any remaining validation steps and verifies that process has not exceeded any applicable timeframes 5 – CA issues certificate Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

DigiCert votes "yes" From: Bruce Morton [mailto:bruce.mor...@entrustdatacard.com] Sent: Thursday, May 18, 2017 9:59 AM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject: RE: Ballot 191 - Clarify Place o

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Just a clarification for everyone, the text below was copied out of the wiki with wiki markup language, so the following text is being deleted --(City, State, and country - Required; Street and postal code - Optional)-(the open and close parentheses with dashes indicates a deletion). From:

Re: [cabfpub] [EXTERNAL]Re: Revised Notice of Review Period - Ballot 198 - .Onion Revisions

lic@cabforum.org> and voted on - which included the redline changes). That is, it's unclear whether the text Kirk included in the Review Notice - which is different than the ballot (since it omits the redlines) - supersedes/replaces the Ballot itself. Does this capture every possible in

Re: [cabfpub] Revised Notice of Review Period - Ballot 198 - .Onion Revisions

Sleevi [mailto:sle...@google.com] Sent: Tuesday, May 16, 2017 12:39 PM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject: Re: [cabfpub] Revised Notice of Review Period - Ballot 198 - .Onion Revisions As Ben has

RE: Hunting for intermediates that still haven't been disclosed to CCADB

Both sets had been publicly disclosed through affirmative publishing in the repositories of the respective CAs--that's probably how your crawler found them, because I don't believe they are issuing SSL/TLS certificates. I thought I had disclosed the ones chaining to the DigiCert Orion Health

Re: [cabfpub] Profiling OCSP & CRLs

Oh. OK. Never mind then. As long as it’s allowed. I wasn’t aware that so much had been done on GitHub. From: Ryan Sleevi [mailto:sle...@google.com] Sent: Wednesday, May 10, 2017 3:15 PM To: Ben Wilson <ben.wil...@digicert.com> Cc: CA/Browser Forum Public Discussion List <public@cab

Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

DigiCert votes yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Doug Beattie via Public Sent: Friday, May 5, 2017 12:42 PM To: CA/Browser Forum Public Discussion List Cc: Doug Beattie Subject: Re: [cabfpub] Ballot 199 -

Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

Two questions, Gerv. 1 - Does this ballot rule out “vanity CAs” – CAs with customer names in the subject field, even though the key is held by the root CA? (I can provide further clarification, and/or examples, if necessary. 2- What is the full current wording of Ballot 199? Thanks,

Re: [cabfpub] Revocation Timeframe Ballot Language

Thanks. I’ll take a look at it and see about merging the two. Ben From: Ryan Sleevi [mailto:sle...@google.com] Sent: Tuesday, May 2, 2017 5:56 PM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject: Re: [cabfpub

Re: [cabfpub] Baseline Requirements v. 1.4.6

All versions are now posted here - <https://cabforum.org/baseline-requirements-documents/> https://cabforum.org/baseline-requirements-documents/ I will upload them to the wiki and update the GitHub version. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via

Re: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (amended April 26)

Ballot 193 is completed (assuming no Exclusion Notices are filed). The following motion has been proposed by Chris Bailey of Entrust Datacard and endorsed by Ben Wilson of DigiCert, and Wayne Thayer of GoDaddy to introduce new Final Maintenance Guidelines for the "Baseline Requirements Certificate P

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

Thanks. I’ll rework this with the language suggested and re-circulate. Ben From: Ryan Sleevi [mailto:sle...@google.com] Sent: Thursday, April 20, 2017 11:36 AM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject:

[cabfpub] Pre-Ballot: Underscore Characters in SANs

card FQDNs and underscores in FQDNs (encoded as IA5 strings) are permitted. CAs SHALL NOT issue a certificate with a subjectAlternativeName extension or Subject commonName field containing a Reserved IP Address or Internal Name. Thanks, Ben Ben Wilson, JD, CISA, CISSP VP Compliance +1 80

Re: [cabfpub] RFC5280-related Ballot - For Discussion

I got confused with other strings that are in certificates. With the change, as noted, would you be willing to endorse? Anyone else? Thanks, Ben Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Peter Bowen

Re: [cabfpub] RFC5280-related Ballot - For Discussion

...@redhoundsoftware.com] Sent: Thursday, April 13, 2017 10:56 AM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion Why don't you define new OIDs for the RDNs you want to change th

Re: [cabfpub] RFC5280-related Ballot - For Discussion

Thanks Ryan. I can make that change. From: Ryan Sleevi [mailto:sle...@google.com] Sent: Tuesday, April 11, 2017 2:43 PM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject: Re: [cabfpub] RFC5280-related Ballot - Fo

Re: [cabfpub] Ballot 196: Define "Audit Period"

DigiCert votes “yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, April 3, 2017 12:06 PM To: CABFPub Cc: Gervase Markham Subject: [cabfpub] Ballot 196: Define "Audit Period" Ballot 196 -

Re: [cabfpub] Ballot 195: CAA Fixup

DigiCert votes “yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, April 3, 2017 11:58 AM To: CABFPub Cc: Gervase Markham Subject: [cabfpub] Ballot 195: CAA Fixup Ballot 195 - CAA Fixup

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

oposed), and also (2) a comparison of the changes to BR 4.2.1 as it will exist after the Review Period for Ballot 193 is completed (assuming no Exclusion Notices are filed). The following motion has been proposed by Chris Bailey of Entrust Datacard and endorsed by Ben Wilson of DigiCert, and Wayne

Re: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

DigiCert votes “Yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public Sent: Wednesday, April 5, 2017 1:47 AM To: public@cabforum.org Cc: Dimitris Zacharopoulos Subject: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of

Re: [cabfpub] RFC5280-related Ballot - For Discussion

If the ballot were amended to address only underscore characters (and delete outdated content), would there be any endorsers? See attached. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Peter Bowen via Public

Re: [cabfpub] RFC5280-related Ballot - For Discussion

] Sent: Monday, April 3, 2017 9:59 AM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben Wilson <ben.wil...@digicert.com> Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion For those who want to understand why the IETF rejected this change, the th

[cabfpub] RFC5280-related Ballot - For Discussion

. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 RFC5280-related-amendments.pdf Description: Adobe PDF document smime.p7s Description: S/MIME cryptographic signature ___ Public mailing list Public@cabforum.org https://cabforum.org

Re: [cabfpub] Naming rules

Ryan, I suppose you are unwilling to suggest language that would correct this perceived flaw in the proposal? Ben From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: Tuesday, March 28, 2017 8:17 AM To: Rich Smith Cc: Ryan

Re: [cabfpub] CAB Forum membership criteria

What about "While suspended, CAs may attend meetings but not vote." ? If someone makes a Contribution, I see that as something positive, because under 6.4.c. of the IPR Policy, "CAB Forum Participants that submit Contributions, by making a Contribution, represent and warrant that, to the

Re: [cabfpub] Naming rules

attribute.” From: Ryan Sleevi [mailto:sle...@google.com] Sent: Friday, March 24, 2017 10:28 PM To: Moudrick M. Dadashov <m...@ssc.lt> Cc: CA/Browser Forum Public Discussion List <public@cabforum.org>; Ben Wilson <ben.wil...@digicert.com> Subject: Re: [cabfpub] Namin

Re: [cabfpub] Naming rules

I don’t have an answer for that one except let the CA assert that it is uniquely identifiable and let the auditor examine it. From: Ryan Sleevi [mailto:sle...@google.com] Sent: Friday, March 24, 2017 4:20 PM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Ben

Re: [cabfpub] Question on form of Review Notices

Just in case a "full" copy of the EV Guidelines or Baseline Requirements is deemed necessary, redlined versions have now been posted at https://cabforum.org/baseline-requirements-documents/ and

Re: [elixir-core:7026] Passing the map to Map.get_lazy's function

Can you elaborate on the code you have in mind? This sounds like a general characteristic of pipes and not something specific to Map.get_lazy. On Monday, March 20, 2017 at 6:48:46 AM UTC-4, David Long wrote: > > That's not entirely accurate. In my case I was using a series of pipes so > I did

Re: [cabfpub] Voting has started on Ballot 193 - 825-day Certificate Lifetimes

or DV and OV certificates from 39 months to 27 months. The following motion has been proposed by Chris Bailey of Entrust Datacard and endorsed by the following CA/B Forum member representatives (listed in alphabetical order) Robin Alden of Comodo, Ben Wilson of DigiCert, and Doug Beattie o

Re: [cabfpub] Life after Ballot 188 - Clarify use of term "CA" in Baseline Requirements

Previously Ryan raised several concerns he had regarding Ballot 188. As discussed below, some of those concerns were not germane to the ballot, but were suggestions for future policy changes because the Working Group endeavored that the ballot be policy-neutral. I am not arguing that we were

<    3   4   5   6   7   8   9   10   11   12   >