GlobalSign votes No.
I’m sorry I didn’t spend more time on this during the review period, but I
think it’s a mistake to define Domain Name to include wildcard values. I
understand the issues with saying “Domain Name and Wildcard FQDN ”
everywhere in the spec, but I’m sure we could have come
How would that be different than the table in 1.2.1?
On Fri, Jul 21, 2017 at 2:26 PM, Kirk Hall
wrote:
> Yes, or even a table at the end of the BRs - easy to do.
>
> -Original Message-
> From: Ben Wilson [mailto:ben.wil...@digicert.com]
> Sent: Friday, July
Yes, or even a table at the end of the BRs - easy to do.
-Original Message-
From: Ben Wilson [mailto:ben.wil...@digicert.com]
Sent: Friday, July 21, 2017 8:20 AM
To: Ryan Sleevi ; CA/Browser Forum Public Discussion List
; Kirk Hall
Symantec votes YES on Ballot 202.
Dean Coclin
-Original Message-
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling
via Public
Sent: Thursday, July 20, 2017 5:55 PM
To: public@cabforum.org
Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters
On Fri, Jul 21, 2017 at 12:03 PM, Wayne Thayer via Public
wrote:
> [WT] The creation of a new version of the BRs is always the result of a
> ballot, is it not? As a CA, we carefully monitor ballots that are approved
> because they tell us what we need to change and when the
On 7/21/17, 6:22 AM, "Ryan Sleevi" wrote:
On Fri, Jul 21, 2017 at 12:30 AM, Wayne Thayer via Public
> [WT]Gerv’s suggestion is a reasonable interpretation, but another reasonable
> interpretation is that CAs must increment the version number of the BRs that
> they log
I think that I broadly agree with Ryan on this but with possibly different
argument.
For me, the key issue is whether the validation mechanism provides evidence
that the request comes from the intended party. The burden of proof for any
validation mechanism is on the proposer. For HTTP
Maybe someone could provide an example of how the BR version number would
appear at the end of each validation method? For example, would it look like
this?
[BR 1.5.0] - with the implication that the method was allowed as of BR v.
1.5.0 going forward until the current version of the BRs? If
Thanks a ton for the reply, Ryan! {Didn't mean to make it sound urgent, but
that same question keeps arising during the verification process}
Your summary is correct, and my thinking aligned with yours - that we want a
single request/response for verification. I was surprised Let's Encyrpt
Hi Kirk,
As we saw from the discussions of Ballot 190, the inclusion of
additional information "for clarity's sake" can have the deleterious
side-effect of changing both the meaning and interpretation. The
clarifications that had previously been proposed had notable issues
they introduced.
So I
Hi Jeremy,
Apologies for the delay in responding. Would this be a correct summary
of the confusion:
In HTTP, it is a Request/Response protocol. A request is made for a
given resource, and a response is provided. Some responses include the
resource directly requested (e.g. the 200/2xx series),
Meant for public list -- see my response below.
-Original Message-
From: Ryan Sleevi [mailto:sle...@google.com]
Sent: Thursday, July 20, 2017 6:09 PM
To: Kirk Hall
Subject: Re: [EXTERNAL]Re: [cabfpub] Ballot 190 - Recording BR Version Number
Hi Kirk,
Did
Is the lack of additional response agreement that “on the Authorization Domain”
encompasses both the authorization domain names and redirects from an
authorization domain name?
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley
via Public
Sent: Thursday, July 20,
Le 20 juil. 2017 à 23:13, Peter Bowen > a
écrit :
On Jul 20, 2017, at 11:02 AM, Erwann Abalea
> wrote:
Le 20 juil. 2017 à 16:52, Ryan Sleevi
> a
On Fri, Jul 21, 2017 at 12:30 AM, Wayne Thayer via Public
wrote:
> given CAs are already required to annually review their CP/CPS
> [WT] I find it difficult to believe that it would be considered acceptable
> for a CA to wait [up to] a year to update the version number of a
15 matches
Mail list logo