Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

I'm not sure if this has been discussed before (sorry if I missed did), but I would like to bring up the fact that there might be Subscribers who suffer a Key Compromise (like the ones distributed with their own software or embedded within customer devices), who would be willing to leave the

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

Doug, On Thu, Aug 23, 2018 at 12:26 PM Doug Beattie wrote: > Wayne and Ryan, > > > > I received some good out-of-band suggestions so I’m passing those along. > > > > Generally - though not always (e.g. zero days) - attacks are seen as > 'possible', then 'feasible' before they become

Re: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group

Trustwave votes YES on Ballot FORUM-1 From: Public mailto:public-boun...@cabforum.org>> on behalf of CA/B Forum Public List mailto:public@cabforum.org>> Reply-To: "Jos Purvis (jopurvis)" mailto:jopur...@cisco.com>>, CA/B Forum Public List mailto:public@cabforum.org>> Date: Sunday, 12 August,

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

Wayne and Ryan, I received some good out-of-band suggestions so I’m passing those along. Generally - though not always (e.g. zero days) - attacks are seen as 'possible', then 'feasible' before they become 'demonstrable'; there's nothing stopping CAs (at their own discretion) from

[cabfpub] Final Minutes for Server Certificate Working Group Teleconference – 9 August 2018

Final Minutes for Server Certificate Working Group Teleconference - 9 August 2018 Attendees: 1. Roll Call. The roll call occurred on the previous Forum teleconference. 2. Read Antitrust Statement. Reading of the Antitrust Statement occurred on the previous Forum teleconference.

Re: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group

Buypass votes YES on ballot FORUM-1. Regards Mads From: Public On Behalf Of Jos Purvis (jopurvis) via Public Sent: mandag 20. august 2018 16:11 To: CA/B Forum Public List Subject: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group I didn’t receive any

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

Exactly, let’s try to improve the language. If anyone has some better idea for how to replace this with the intended purpose, let’s hear it! “A Private Key is also considered compromised if methods have been developed that can easily calculate it based on the Public Key (such as a Debian

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

So I think the intent here is to capture both structural weakness and known weakness. The framing of "has been exploited to disclose private keys" has the issue that it requires proof of demonstration. We saw that with Heartbleed, in which some CAs refused to revoke certificates until specific,

[cabfpub] Final Minutes for CA/Browser Forum Teleconference – 9 August 2018

Final Minutes for CA/Browser Forum Teleconference - 9 August 2018 Attendees: Arno Fiedler (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (DigiCert), Corey Bonnell (Trustwave),Daymion Reynolds (GoDaddy), Dean Coclin (DigiCert), Devon O'Brien (Google), Dimitris Zacharopoulos (HARICA), Doug

Re: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group

360 votes YES Regards De: Public [public-boun...@cabforum.org] en nombre de Peter Miškovič via Public [public@cabforum.org] Enviado: jueves, 23 de agosto de 2018 17:44 Para: Jos Purvis (jopurvis); CA/Browser Forum Public Discussion List Asunto: Re: [cabfpub]

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

Ryan, Yes, I mis-spoke and said the opposite of what I had intended. We should generalize this statement so it applies to the 24 hour rule. Change this: “ A Private Key is also considered compromised if methods have been developed that can easily calculate it based on the Public Key

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

Doug, I'm not sure I understand - how do you see them fitting under the 5 day rule? On Thu, Aug 23, 2018 at 11:40 AM Doug Beattie via Servercert-wg < servercert...@cabforum.org> wrote: > Wayne, > > > > I wanted to see if we we could trim down the definition of Key Compromise > a bit more to

Re: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group

Disig votes „YES“ on Ballot FORUM-1. Regards Peter From: Public mailto:public-boun...@cabforum.org>> on behalf of CA/B Forum Public List mailto:public@cabforum.org>> Reply-To: "Jos Purvis (jopurvis)" mailto:jopur...@cisco.com>>, CA/B Forum Public List mailto:public@cabforum.org>> Date:

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

Wayne, I wanted to see if we we could trim down the definition of Key Compromise a bit more to just this: **Key Compromise**: A Private Key is said to be compromised if its value has been disclosed to an unauthorized person or an unauthorized person has had access to it. I think we

Re: [cabfpub] [Servercert-wg] Ballot SC4: Version 3

Hi Tim, Thanks for incorporating my suggestions and sending out this update. I reviewed the ballot again have a few observations/suggestions based on the updated text: 1. Section 1.6.3 of the BRs needs to be updated with a reference to RFC 6532, as is done when an RFC (or other external

[cabfpub] Final CA/Browser Forum agenda - Thursday, August 23, 2018 at 11:00 am Eastern Time

Here is the final CA/Browser Forum agenda for our teleconference this Thursday, August 23, 2018 at 11:00 am Eastern Time. Time Start (ET) Stop Item Description Presenters CA/Browser Forum Agenda - Thursday, August 23, 2018 at 11:00 am Eastern Time 0:02 11:00 11:02 1. Roll Call Kirk