Re: [cabfpub] [EXTERNAL] Ballot 212: Canonicalise formal name of the Baseline Requirements

I think it’s important to have effective dates in the ballots. This one isn’t that important but for others, I think it would benefit all to have it explicitly stated. Dean From: Kirk Hall [mailto:kirk.h...@entrustdatacard.com] Sent: Monday, August 21, 2017 2:47 PM To: Dean Coclin

Re: [cabfpub] [EXTERNAL] Ballot 212: Canonicalise formal name of the Baseline Requirements

What is the effective date? From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: Monday, August 21, 2017 2:03 PM To: Kirk Hall ; CA/Browser Forum Public Discussion List Subject: Re: [cabfpub] [EXTERNAL]

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Symantec votes YES on Ballot 202. Dean Coclin -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling via Public Sent: Thursday, July 20, 2017 5:55 PM To: public@cabforum.org Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Re: [cabfpub] Ballot 192 - Notary revision

Symantec votes YES on Ballot 192 Dean Coclin From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley via Public Sent: Wednesday, June 14, 2017 10:01 AM To: CA/Browser Forum Public Discussion List Cc: Jeremy Rowley Subject:

Re: [cabfpub] Ballot 203: Formation of Network Security Working Group (v2)

Symantec votes YES on ballot 203 On Jun 19, 2017, at 9:39 PM, Moudrick M. Dadashov via Public > wrote: SSC votes: "Yes". Thanks, M.D. Sent from Samsung tablet. Original message From: Peter Miškovič via Public

Re: [cabfpub] CA/Browser Face to Face Meeting 41 Agenda – Berlin

We put it at the end of the day so Virginia can join from Seattle. Dean -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, June 12, 2017 7:23 AM To: CA/Browser Forum Public Discussion List Cc:

Re: [cabfpub] Send us you list of current problems with the Network Security Guidelines

One specific complaint from the auditors I believe was the specific time requirements in the document. For example, if it said you have to change the password at 90 days, and you did it on day 91, it would be an audit failure. I think Don has better examples but that's one I recall. Sent from

Re: [cabfpub] Ballot 201 - .onion Revisions

Symantec votes ABSTAIN on Ballot 201. On May 25, 2017, at 12:50 PM, Ben Wilson via Public > wrote: Ballot 201 - .Onion Revisions This ballot is meant to cure any potential problems with Ballot 198, which may have been invalid due to

Re: [cabfpub] Fairly Urgent: Draft Network Security Working Group charter ballot

To be clear, I wasn’t suggesting a delay, rather, something that would be done in parallel. But your call, either way is fine with me. -Original Message- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Saturday, June 3, 2017 5:12 PM To: Dean Coclin ;

Re: [cabfpub] Fairly Urgent: Draft Network Security Working Group charter ballot

Very good Gerv. It might also be useful to get a show of hands as to who would participate in this WG as it wouldn't make sense to form it if we don't get enough participants. My sense from the last F2F is that we will, but perhaps a poll would give the group a better indication as to who would

Re: [cabfpub] Voting has started on Ballot 200 - Amendment of Bylaws to add Code of Conduct

Symantec votes YES on Ballot 200. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Tuesday, May 23, 2017 4:07 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Voting has

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Symantec votes YES on Ballot 191 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Curt Spann via Public Sent: Tuesday, May 23, 2017 12:22 PM To: CA/Browser Forum Public Discussion List Cc: Curt Spann Subject: Re: [cabfpub] Ballot 191 -

Re: [cabfpub] [EXTERNAL]Re: ]RE: Ballot 194 - Effective Date of Ballot 193 Provisions is in the VOTING period (ends April 16)

EXTERNAL]Re: ]RE: Ballot 194 - Effective Date of Ballot 193 Provisions is in the VOTING period (ends April 16) On Mon, Apr 17, 2017 at 11:06 AM, Dean Coclin via Public <public@cabforum.org<mailto:public@cabforum.org>> wrote: Speaking as former chair, I would like to offer my observati

Re: [cabfpub] [EXTERNAL]Re: ]RE: Ballot 194 - Effective Date of Ballot 193 Provisions is in the VOTING period (ends April 16)

Speaking as former chair, I would like to offer my observations on this: 1. I think everyone was unaware and surprised to see that a vote was counted from Microsoft since it did not appear on the public list 2. Kirk, being cc’d on the message, would have no idea that the message

Re: [cabfpub] Ballot 194 - Effective Date of Ballot 193 Provisions is in the VOTING period (ends April 16)

Symantec votes ABSTAIN to Ballot 194 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Sunday, April 9, 2017 7:30 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Ballot

Re: [cabfpub] Ballot 196 – Define “Audit Period” is in the DISCUSSION period (ends April 10)

Symantec votes YES on Ballot 196 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Sunday, April 9, 2017 7:30 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Ballot 196 –

Re: [cabfpub] Ballot 195 – CAA Fixup is in the DISCUSSION period (ends April 10)

Symantec votes YES on Ballot 195. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Sunday, April 9, 2017 7:30 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Ballot 195

Re: [cabfpub] Results on Ballot 193

I think you made a mistake on the vote totals in bold. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Friday, March 17, 2017 7:02 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject:

Re: [cabfpub] Voting has started on Ballot 193 - 825-day Certificate Lifetimes

Symantec votes YES. On 2017-Mar-11, 12:20, "Public on behalf of Kirk Hall via Public" on behalf of public@cabforum.org> wrote: Voting has started on Ballot 193 - 825-day Certificate Lifetimes (shown

Re: [cabfpub] Ballot 187 - Make CAA Checking Mandatory

Symantec votes YES on Ballot 187 Dean Coclin From: Gervase Markham [mailto:g...@mozilla.org] Sent: Friday, March 3, 2017 4:18 AM To: Dean Coclin ; CABFPub Subject: Re: [cabfpub] Ballot 187 - Make CAA Checking Mandatory On 03/03/17 02:06, Dean

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

relevant - I haven't heard any suggestion that this is about ensuring frequent key rotation, as opposed to all the other policies and practices being attested to in conjunction with the keys. On Tue, Feb 21, 2017 at 10:52 AM, Dean Coclin via Public <public@cabforum.org<mailto:public@cabforum.org>&g

Re: [cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

Subject: Re: [cabfpub] Ballot 185 - Limiting the Lifetime of Certificates On Wed, Feb 15, 2017 at 5:54 PM, Dean Coclin via Public <public@cabforum.org<mailto:public@cabforum.org>> wrote: This is still a relatively short implementation time for the change being considered, especiall

Re: [cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

This is still a relatively short implementation time for the change being considered, especially given product roadmaps handling other high impact items (i.e. CT) in the same time window. Also, I don't think anyone disagrees with the "shorter is better" argument but "how short" still seems to

Re: [cabfpub] Future changes in the WebPKI

Bowen <p...@amzn.com<mailto:p...@amzn.com>> Subject: [cabfpub] Future changes in the WebPKI On Feb 10, 2017, at 11:51 AM, Dean Coclin via Public <public@cabforum.org<mailto:public@cabforum.org>> wrote: Building consensus in meetings is different than building consensus for a

Re: [cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

Minor changes to ballots have traditionally been allowed in the forum. "Minor" has been left to the discretion of the ballot producer/endorsers but we've seldom seen controversy over that. -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Scott Rea via

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

I think many people support that idea Eric and I apologize if my use of that word was uncalled for. I’ve clarified it in a subsequent note. Looking forward to having you as a guest speaker. From: Eric Mill [mailto:e...@konklone.com] Sent: Friday, February 10, 2017 3:11 PM To: Dean Coclin

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Building consensus in meetings is different than building consensus for a ballot. Discussions happen in meetings without concrete proposals, as was shown in the chart I posted earlier from the Zurich meeting. I can’t recall anyone coming out before this ballot seeking consensus for a 1 year

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

We’ve always allowed minor changes in ballots after being proposed and this would fall into that category. However, I strongly believe time spent gathering consensus would be of value. I disagree that the forum is not a consensus driven organization. Sure there have been disagreements on some

Re: [cabfpub] F2F topic proposal - future thoughts

Actually we did something similar to this in Phoenix where I passed out paper and each person wrote down 1 thing they would like to see changed by the end of the year. I then grouped the results and shared at the end of the meeting. I still have those and am happy to summarize. Off the top of

Re: [cabfpub] Seeking comments on Governance Change outline

arkham <g...@mozilla.org> Subject: Re: [cabfpub] Seeking comments on Governance Change outline Hi Dean, On 17/01/17 20:55, Dean Coclin via Public wrote: > Attached is the outline (pdf) which we are seeking comments, > suggestions, recommendations (and criticism) from members and the

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Jody, I don't think you will get too many people disagreeing with your statement. But I think the issue for most is the implementation timeline, in light of other programmed roadmap actions and customer education/notification which must accompany this. That seems to be ignored by the

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

Without discussing product roadmaps or timelines, can you help me understand what you believe is challenging about such a change or why it might take anything more than a week or two to implement? >>This solely focuses on the technical implementation and unfortunately misses >>the greater

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

Reviewing the mins from meeting 35 (which I vividly recall chairing), I note: Ryan proposed annual revetting for domain and every second year for organization. Do domain revalidation every year in case the domain has ceased. If something changes, you have to revoke that certificate. If I want

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

ilto:p...@amzn.com] Sent: Friday, February 3, 2017 8:34 PM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Dean Coclin <dean_coc...@symantec.com> Subject: Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates On Feb 1, 2017, at 1:01 PM, Dean Coclin v

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

We’ve discussed certificate lifetimes at several F2F meetings and I especially recall the Zurich meeting where I tried to see where folks stand by putting up a chart with different options for cert lifetimes. As I recall , there was no consensus. Some CAs were in favor of extending EV to 3

Re: [cabfpub] An inconsistency for "Issuing CA" in BYLAWS and SSL BR

I don’t believe these need to be consistent as they serve 2 different purposes. One is for membership while the other is a technical reference. -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of realsky(CHT) via Public Sent: Tuesday, January 31, 2017 9:22

Re: [cabfpub] Draft CAA motion (3)

Just a friendly reminder that our bylaws specifically prohibit certain discussions: all participants agree not to discuss or exchange information related to: (a) Pricing policies, pricing formulas, prices or other terms of sale; (b) Costs, cost structures, profit margins, *(c) Pending or

Re: [cabfpub] Recap of Ballot 180, 181, and 182 results, and next steps

Don't forget to update the ballot tracker here with the results: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1 pCBo8uI/edit#gid=4 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Sunday, January 08, 2017 6:21 PM To:

Re: [cabfpub] Recap of Ballot 180, 181, and 182 results, and next steps

Kirk, Thank you for providing this detailed summary. It really helps explain things well. One slight correction to this statement: "We don't know, as we have never created a PAG before. The PAG will start its work soon." Actually we did create a PAG before (you were a member). See

Re: [cabfpub] [Corrected] Voting has started on Ballot 180 - ends January 7

Symantec Votes YES on Ballot 180 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Monday, January 02, 2017 1:30 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub]

Re: [cabfpub] Voting has started on Ballot 181 - ends January 7

Symantec votes YES on Ballot 181 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Monday, January 02, 2017 1:29 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Voting

Re: [cabfpub] Posted on behalf of customer

;dean_coc...@symantec.com>; Halliday, Morgan <morgan.halli...@firstdata.com> Subject: Re: [cabfpub] Posted on behalf of customer On 13/12/16 05:40, Dean Coclin via Public wrote: > I have been asked to post this request to the CA/B Forum, and > specifically the browsers, to exped

Re: [cabfpub] Posted on behalf of customer

ttacks. Y’all should do what you need to do, to allow the SYMC/FirstData request. Not doing so looks like, to me an outsider, as petulance and bullying for no justifiable reason than “because we said so.” On Mon, Dec 12, 2016 at 9:40 PM, Dean Coclin via Public <public@cabforum.org <ma

Re: [cabfpub] Posted on behalf of customer

ing so looks like, to me an outsider, as petulance and bullying for no justifiable reason than “because we said so.” On Mon, Dec 12, 2016 at 9:40 PM, Dean Coclin via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: I have been asked to post this request t

[cabfpub] Posted on behalf of customer

I have been asked to post this request to the CA/B Forum, and specifically the browsers, to expedite visibility on behalf of a customer. Responses should be addressed to the author, cc'd on this note: First Data is returning to the CA/B Forum to again request an extension of our SHA-1

Re: [cabfpub] Notice of Certificate Issuance

ecember 01, 2016 4:14 AM To: CA/Browser Forum Public Discussion List <public@cabforum.org> Cc: Dean Coclin <dean_coc...@symantec.com> Subject: Re: [cabfpub] Notice of Certificate Issuance Hi Dean, On 01/12/16 03:45, Dean Coclin via Public wrote: > For the past several years we have ma

Re: [cabfpub] Notice of Certificate Issuance

All questions acknowledged. I am pulling responses together and will advise soon. Thanks Dean -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Wednesday, November 30, 2016 10:40 AM To: CA/Browser Forum Public Discussion

[cabfpub] Notice of Certificate Issuance

On November 24, 2016 (Thanksgiving Day), an emergency situation arose whereby mobile application users of Barclays Bank would no longer be able to conduct transactions due to the pinning of an obsolete intermediate certificate in the application. The bank, through its application provider Axsy,

Re: [cabfpub] Validation WG

In my opinion, this working group was properly chartered in Ballot 143 (which I note Mozilla voted YES). The working group was never formally terminated but rather was put in a "dormant" status since the production of ballot 169. I think working group members needed a break after 1.5 years of

[cabfpub] Final minutes of CA/B Forum call October 13th 2016

Final Minutes October 13th, 2016 Attendees: Andrew Whalley (Google), Alex Wight (Cisco), Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Billy VanCannon (Trustwave), Bruce Morton (Entrust), Curt Spann (Apple), Dean Coclin (Symantec), Dimitris Zacharopoulos (Harica), Gervase Markham

Re: [cabfpub] SHA-1 exception request

<evan.sidor...@firstdata.com <mailto:evan.sidor...@firstdata.com> > Subject: Re: [cabfpub] SHA-1 exception request On Tue, Oct 18, 2016 at 4:10 PM, Dean Coclin via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: Given that the current TBS certs

Re: [cabfpub] [Suspected Spam detected by Symantec] Re: Application for SHA-1 Issuance

The burden is on the CA to insure they have the necessary approvals, else they can be subject to this in step 4: “Any Application Software Supplier who did not grant an exception may treat the issuance as they would any other mis-issuance and take whatever action they feel appropriate.”

Re: [cabfpub] SHA-1 exception request

rgan.halli...@firstdata.com>; Sidoriak, Evan S <evan.sidor...@firstdata.com> Subject: Re: [cabfpub] SHA-1 exception request On Tue, Oct 18, 2016 at 4:34 PM, Dean Coclin via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: While I'm not the technical expert

Re: [cabfpub] SHA-1 exception request

ervase Markham <g...@mozilla.org>; CABFPub <public@cabforum.org> Cc: Halliday, Morgan <morgan.halli...@firstdata.com>; Sidoriak, Evan S <evan.sidor...@firstdata.com> Subject: Re: [cabfpub] SHA-1 exception request On 19/10/16 00:10, Dean Coclin via Public wrote: > We don't rea

Re: [cabfpub] SHA-1 exception request

Although I had conversations with some folks over the meeting break today, I'm going to post my request here to follow the procedure on the public list. It's become abundantly clear that further attempts to get approval from 2 of the 4 browsers for a date beyond December 31st isn't going to

Re: [cabfpub] SHA-1 exception request

Gerv, Following up on my previous email and In addition the points posted there, I was reminded that the First Data TBS certs were issued with the expiration date in March as originally requested. Hence by Mozilla approving a different date, we would be producing certificates that do not

Re: [cabfpub] SHA-1 exception request

additional time is warranted -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dean Coclin via Public Sent: Thursday, October 13, 2016 4:58 PM To: Gervase Markham <g...@mozilla.org>; CABFPub <public@cabforum.org> Cc: Halliday, Morgan &

Re: [cabfpub] SHA-1 exception request

Gerv, Thank you for the prompt response to First Data's application. While we appreciate the approval and await responses from other browsers, I'd like to point out that this deadline doesn't really help First Data and the merchants much. As discussed during the TSYS exception in July, the

[cabfpub] FW: Revised Final Sept. 15 Minutes

Although these minutes were approved, some issues were noted after approval. Those corrections are included in this approved version. Final Minutes September 15, 2016 (v2, revised 9/29/2016) Attendees: Alex Wight (Cisco), Arno Fiedler (D-Trust), Atsushi Inaba (Globalsign), Ben Wilson

[cabfpub] Final minutes of CA/B Forum call September 29th 2016

Draft Minutes September 29, 2016 Attendees: Andrew Whalley (Google), Anuj Saxena (Network Solutions), Arno Fiedler (D-Trust), Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Billy VanCannon (Trustwave), Bruce Morton (Entrust), Connie Enke (SwissSign), Curt Spann (Apple), Dean Coclin

Re: [cabfpub] SHA-1 exception request

Responses from First Data posted below to Andrew Ayer's comments: > Most of these merchants simply need a software update. If devices > cannot be upgraded the POS vendor will need to provide a new device or > application. How many of the 300,000 terminals simply need a software update? What

Re: [cabfpub] Potential F2F Topics

Yes, there are open slots and I can add it. Assume you will lead the discussion. Dean -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling via Public Sent: Monday, October 10, 2016 5:30 PM To: Peter Bowen ; CABFPub

Re: [cabfpub] SHA-1 exception request

Responses submitted on behalf of First Data below: On 03/10/16 15:26, Dean Coclin wrote: > FD Response: We tested a private root and determined that this would > not work for all affected clients. Modern POS systems would not have > the pulled root and would need to manually add the private

<    1   2   3