Re: [cabfpub] CAA working group description

I know there’s a CAA document going through ACME. Is this also going LAMPS? The ACME WG is already working on account UIR and validation-methods parameters. Given that this represents two of the four parameters suggested during the F2F, should we add the other two there? From: Public

Re: [cabfpub] Short-lived certs

Sure. Think of them as one time use certs. They aren't replacing them every 15 min. They're just good for 15 min. On Oct 6, 2017, at 5:49 AM, Tim Hollebeek > wrote: Are 15 minute certs a good idea in a CT world? -Tim From: Public

Re: [cabfpub] Short-lived certs

Are 15 minute certs a good idea in a CT world? -Tim From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley via Public Sent: Thursday, October 5, 2017 3:23 PM To: Ryan Sleevi Cc: CA/Browser Forum Public Discussion List Subject: Re:

Re: [cabfpub] CAA working group description

Yes, I agree that it seems IETF has left portions of the spec under defined, for example how to look up and validate CAA records given all of the types of errors that could be encountered. Do we expect the IETF WG to focus more heavily on those, or should this be done in CABForum? I think a

Re: [cabfpub] CAA working group description

On Thu, Oct 5, 2017 at 11:09 AM, Phillip wrote: > What somewhat worries me is a situation in which I have ten CABForum > members tell me that they really want X in a CABForum group and then I > report that into the IETF WG and three people say they have other ideas and >

Re: [cabfpub] CAA working group description

I can well imagine a possibility where the IETF WG might leave some parts of the specification specified in less detail than would be desirable for compliance purposes and thus make work in CABForum desirable. But lets cross that bridge if we come to it. What somewhat worries me is a

Re: [cabfpub] CAA working group description

I agree with both Phillip and Jacob here. I think LAMPS is a great venue for working out the technical issues of discussion - and identifying where policy flexibility is needed or the challenges - and then bringing that as maybe one or two more ballots into the Forum. I think the technical

Re: [cabfpub] CAA working group description

With respect, I would suggest that there is already a CAA working group: the IETF LAMPS WG at https://datatracker.ietf.org/wg/lamps/charter/. It has the advantage of being open for anyone to join and post, so CAs can more easily have conversations with Subscribers and Relying Parties. If half of

[cabfpub] Missing Failed Ballots results on webpage

Thanks, Ben – you do a lot for the Forum From: Ben Wilson [mailto:ben.wil...@digicert.com] Sent: Thursday, October 5, 2017 4:13 PM To: Ryan Sleevi ; CA/Browser Forum Public Discussion List ; Kirk Hall Subject: RE:

Re: [cabfpub] [EXTERNAL]Missing Failed Ballots results on webpage

Ryan and Kirk, I’ve posted the three failed ballots to the CA/Browser Forum website now. https://cabforum.org/2017/02/24/ballot-185-limiting-lifetime-certificates/

Re: [cabfpub] Short-lived certs

For a short-lived cert that is truly short-lived, you never deliver a meaningful response. Of course, there’s always an initial “good” response for an initially issued cert, but that only tells me it was issued. By the time I sign a new response, the cert is expired. I’m not sure why