Re: [cabfpub] [EXTERNAL] Voting Period Begins: Ballot FORUM-022: Establish Forum IPR Subcommittee

Entrust votes Yes to ballot FORUM-022. Bruce. From: Public On Behalf Of Ben Wilson via Public Sent: Wednesday, May 15, 2024 11:02 AM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL] [cabfpub] Voting Period Begins: Ballot FORUM-022: Establish Forum IPR Subcommittee Ballot

Re: [cabfpub] [EXTERNAL] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

Entrust would like to participate in the Definitions working group. Thanks, Bruce. From: Public On Behalf Of Dimitris Zacharopoulos (HARICA) via Public Sent: Monday, April 22, 2024 12:28 PM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL] [cabfpub] CABG: Follow-up actions to

Re: [cabfpub] [EXTERNAL] Voting Period Begins | Ballot FORUM-021: Form Definitions and Glossary WG

Entrust votes Yes to ballot FORUM-021. Bruce. From: Public On Behalf Of Clint Wilson via Public Sent: Thursday, April 4, 2024 11:03 AM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL] [cabfpub] Voting Period Begins | Ballot FORUM-021: Form Definitions and Glossary WG Ballot

Re: [cabfpub] Voting Period begins: Ballot FORUM-020 v2 - Amend Code Signing Certificate Working Group Charter

Entrust votes Yes to ballot FORUM-020. Bruce. From: Public On Behalf Of Martijn Katerbarg via Public Sent: Thursday, January 4, 2024 3:02 PM To: public@cabforum.org Subject: [EXTERNAL] [cabfpub] Voting Period begins: Ballot FORUM-020 v2 - Amend Code Signing Certificate Working Group Charter

Re: [cabfpub] [EXTERNAL] Ballot FORUM-019 v.2 - Amend Server Certificate Working Group Charter - VOTING PERIOD

Entrust abstains to ballot FORUM-019. Bruce. From: Public On Behalf Of Ben Wilson via Public Sent: Monday, November 27, 2023 10:44 AM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL] [cabfpub] Ballot FORUM-019 v.2 - Amend Server Certificate Working Group Charter - VOTING PERIOD

Re: [cabfpub] Voting Begins: FORUM-18, Allow Re-election of CWG Chairs and Vice Chairs

Entrust votes Yes to ballot FORUM-18. Bruce. From: Public On Behalf Of Tim Hollebeek via Public Sent: Wednesday, July 27, 2022 3:10 PM To: CABforum1 Subject: [EXTERNAL] [cabfpub] Voting Begins: FORUM-18, Allow Re-election of CWG Chairs and Vice Chairs WARNING: This email originated outside

Re: [cabfpub] [EXTERNAL] Voting Period Begins: Ballot FORUM-17: Create Network Security Working Group

Entrust votes Yes to ballot FORUM-17. Bruce. From: Public On Behalf Of Ben Wilson via Public Sent: Thursday, December 16, 2021 1:39 PM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL] [cabfpub] Voting Period Begins: Ballot FORUM-17: Create Network Security Working Group

Re: [cabfpub] [EXTERNAL] Re: [Cscwg-public] Code signing and Time stamping

To follow up, the CSCWG charter includes the following documents: a. EV Code Signing Guidelines, v. 1.4 and subsequent versions b. Version 1.0 Draft of November 19, 2015, Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates (subject to the CSCWG

Re: [cabfpub] Voting begins on Special Ballot Forum-16: Election of CA/Browser Forum Vice Chair

Entrust votes Yes to ballot Forum-16. Bruce. From: Public On Behalf Of Dean Coclin via Public Sent: Wednesday, October 21, 2020 10:15 PM To: CABforum1 Subject: [EXTERNAL][cabfpub] Voting begins on Special Ballot Forum-16: Election of CA/Browser Forum Vice Chair Voting begins on this ballot

Re: [cabfpub] [EXTERNAL] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

Entrust votes Yes to ballot Forum-15. Bruce. From: Public On Behalf Of Dimitris Zacharopoulos (HARICA) via Public Sent: Monday, September 14, 2020 11:11 AM To: public@cabforum.org Subject: [EXTERNAL][cabfpub] Voting begins on Special Ballot Forum-15: Election of CA/Browser Forum Chair

Re: [cabfpub] Participation in the CA/Browser Forum S/MIME Certificate Working Group

Entrust intends to participate in the S/MIME working group as a Certificate Issuer. Voting representatives will be Bruce Morton, Chris Bailey and Kirk Hall. Thanks, Bruce. -Original Message- From: Public On Behalf Of Stephen Davidson via Public Sent: Wednesday, July 8, 2020 3:36 PM

Re: [cabfpub] Agenda CSCWG June 18

Should we also discuss the chair and vice chair requirements? Personally, I would prefer to do the grunt work of updating the document, changing the format and dealing with some parking lot items. I would prefer not to chair all meetings, agenda, minutes, etc. Do you think that we change the

Re: [cabfpub] VOTING BEGINS: Ballot Forum-14 version 2: Creation of S/MIME Certificates Working Group

Entrust votes Yes to ballot Forum-14 v2. Bruce. From: Public On Behalf Of Tim Hollebeek via Public Sent: Monday, June 8, 2020 4:52 PM To: CABforum1 Subject: [EXTERNAL][cabfpub] VOTING BEGINS: Ballot Forum-14 version 2: Creation of S/MIME Certificates Working Group The following ballot is

Re: [cabfpub] [EXTERNAL] Voting Begins for ballot Forum-12 - Update CA/B Forum Bylaws

Entrust votes Yes to ballot Forum-12. Bruce. From: Public On Behalf Of Dimitris Zacharopoulos (HARICA) via Public Sent: Monday, May 18, 2020 11:30 AM To: public@cabforum.org Subject: [EXTERNAL][cabfpub] Voting Begins for ballot Forum-12 - Update CA/B Forum Bylaws WARNING: This email

Re: [cabfpub] VOTING BEGINS: BALLOT Forum 13: Correct Code Signing Certificate Working Group Charter error

Entrust Datacard votes Yes to ballot Forum 13. Bruce. From: Public On Behalf Of Dean Coclin via Public Sent: Tuesday, March 31, 2020 8:00 PM To: CABforum1 Subject: [EXTERNAL][cabfpub] VOTING BEGINS: BALLOT Forum 13: Correct Code Signing Certificate Working Group Charter error Voting begins

Re: [cabfpub] [EXTERNAL] FW: Ballot FORUM-10: Re-charter Forum Infrastructure Working Group

Entrust Datacard votes Yes to ballot FORUM-10. Bruce. From: Public On Behalf Of Jos Purvis (jopurvis) via Public Sent: Monday, September 30, 2019 11:27 AM To: CA/B Forum Public List Subject: [EXTERNAL][cabfpub] FW: Ballot FORUM-10: Re-charter Forum Infrastructure Working Group The following

Re: [cabfpub] [EXTERNAL] Voting Begins: Ballot Forum-9 - Bylaws and Server Certificate Working Group Charter Updates

Entrust votes Yes to ballot Forum-9. Bruce. From: Public On Behalf Of Wayne Thayer via Public Sent: Monday, May 13, 2019 2:59 PM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot Forum-9 - Bylaws and Server Certificate Working Group Charter Updates

Re: [cabfpub] Code Signing Working Group - Call for Participants

Entrust Datacard would like to be a participant in the Code Signing Working Group. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dean Coclin via Public Sent: March 12, 2019 12:46 PM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL][cabfpub] Code Signing

Re: [cabfpub] Voting Begins: Ballot FORUM-8: Charter to Establish a Code Signing Certificate Working Group

Entrust Datacard votes Yes to ballot FORUM-8. Bruce. -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: March 1, 2019 12:23 PM To: CABFPub Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot FORUM-8: Charter to Establish a Code

Re: [cabfpub] [EXTERNAL]Re: Draft SMIME Working Group Charter

Hi Wayne, Can you elaborate on why we should exclude identity validation from the initial scope? My thinking is that many CAs which are currently issuing S/MIME certificates are also including identity. I assume that most use similar methods that are defined in the BRs to validate identity.

Re: [cabfpub] [EXTERNAL]Re: P-521 Certificates

I agree. Bruce. > On Jan 8, 2019, at 1:53 PM, Doug Beattie via Public > wrote: > > Should we update the BRs to forbid P-521 given Mozilla root program forbids > them? > > -Original Message- > From: dev-security-policy On > Behalf Of Jonathan Rudenberg via dev-security-policy > Sent:

Re: [cabfpub] [Servercert-wg] Ballot SC14: CAA Contact Property and Associated Phone Validation Methods

Doug, I would also endorse the ballot SC14 with method 3.2.2.4.16 removed. We can follow up with Method 16 later. Bruce. From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of Doug Beattie via Servercert-wg Sent: January 7, 2019 2:40 PM To: Ryan Sleevi ; CA/B Forum

Re: [cabfpub] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

Entrust Datacard votes Yes to ballot SC13. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek via Public Sent: December 17, 2018 6:56 PM To: servercert...@cabforum.org; CA/Browser Forum Public Discussion List Subject: [EXTERNAL][cabfpub] Voting Begins: SC13

Re: [cabfpub] Code Signing and SMIME Working Group Charter Drafting

Hi Ben, I thought that I would provide some input on Code Signing and hopefully it will be considered for the charter. The public CAs are currently working with two orphaned code signing certificate guidelines. Here are some issues: *Documents are be out of date as such software

Re: [cabfpub] [EXTERNAL] Forum-7 - Update ETSI requirements in the SCWG Charter

Entrust votes Yes to ballot Forum-7. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public Sent: September 21, 2018 1:04 AM To: public@cabforum.org Subject: [EXTERNAL][cabfpub] Forum-7 - Update ETSI requirements in the SCWG Charter WARNING:

Re: [cabfpub] [EXTERNAL] Forum-6 - Update ETSI requirements in the Bylaws

Entrust votes Yes to ballot Forum-6. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public Sent: September 17, 2018 12:38 PM To: public@cabforum.org Subject: [EXTERNAL][cabfpub] Forum-6 - Update ETSI requirements in the Bylaws WARNING: This

Re: [cabfpub] [EXTERNAL][Servercert-wg] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Entrust votes Yes to ballot SC10. Bruce. From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Servercert-wg Sent: September 20, 2018 12:02 PM To: CA/B Forum Server Certificate WG Public Discussion List Subject: [EXTERNAL][Servercert-wg]

Re: [cabfpub] [EXTERNAL][Servercert-wg] Ballot SC9 v4 – Establish the Validation Subcommittee of the SCWG

Entrust votes Yes to ballot SC9. Bruce. From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of Wayne Thayer via Servercert-wg Sent: September 19, 2018 11:49 AM To: CA/B Forum Server Certificate WG Public Discussion List Subject: [EXTERNAL][Servercert-wg] Ballot SC9 v4 –

Re: [cabfpub] Ballot FORUM-4 v3

Entrust Datacard votes Yes to ballot Forum-4 v3. Bruce. From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of Tim Hollebeek via Servercert-wg Sent: September 14, 2018 2:50 PM To: CABFPub ; servercert...@cabforum.org Subject: [EXTERNAL][Servercert-wg] Ballot FORUM-4 v3

Re: [cabfpub] [EXTERNAL][Servercert-wg] Ballot SC5: Election of Server Certificate Working Group Vice Chair – Term Nov. 1, 2018 – Oct. 31, 2020

Entrust votes Yes. Bruce. From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of Kirk Hall via Servercert-wg Sent: September 19, 2018 7:30 PM To: servercert...@cabforum.org Subject: [EXTERNAL][Servercert-wg] Ballot SC5: Election of Server Certificate Working Group Vice

Re: [cabfpub] [EXTERNAL] VOTING HAS STARTED Ballot Forum-2 - Chair and Vice-Chair Term Extensions

Entrust votes Yes. Bruce. On Sep 14, 2018, at 3:12 PM, Ben Wilson via Public mailto:public@cabforum.org>> wrote: VOTING HAS STARTED. DigiCert votes “YES” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Wednesday, September 5, 2018 9:35 PM To:

Re: [cabfpub] [EXTERNAL] Ballot SC6 v3 - Revocation Timeline Extension

Entrust Datacard votes Yes to ballot SC6 v3. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Wayne Thayer via Public Sent: August 31, 2018 3:52 PM To: CA/B Forum Server Certificate WG Public Discussion List Cc: CA/Browser Forum Public Discussion List Subject:

Re: [cabfpub] [EXTERNAL] Ballot SC8: Election of Server Certificate Working Group Chair

Entrust Datacard votes Yes to ballot SC8. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: August 30, 2018 11:01 AM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL][cabfpub] Ballot SC8: Election of Server Certificate Working Group

Re: [cabfpub] [EXTERNAL][Servercert-wg] Ballot SC6 v2 - Revocation Timeline Extension

I am concerned with this statement, “the CA SHALL work with the Subscriber and any entity reporting the Certificate Problem Report or other revocation-related notice to establish a date when the CA will revoke the Certificate which MUST not exceed the time frame set forth in Section 4.9.1.1.”

Re: [cabfpub] [EXTERNAL]Re: Issuance of certificates for keys reported as compromised

BR 6.1.1.3 states “The CA SHALL reject a certificate request if the requested Public Key does not meet the requirements set forth in Sections 6.1.5 and 6.1.6 or if it has a known weak Private Key (such as a Debian weak key, see http://wiki.debian.org/SSLkeys).” My assumption is a certificate

Re: [cabfpub] [EXTERNAL]Re: [Servercert-wg] Ballot SC6 - Revocation Timeline Extension

Per Mike’s items: 1. 7 days would be preferable as this would provide a “business week” for the CA to investigate the issue. It will also provide 2 extra days to have reach and discuss the issue with the Reporter and the Subscriber. 2. Given the examples for unacceptable risk, I

Re: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group

Entrust Datacard votes Yes to FORUM-1. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jos Purvis (jopurvis) via Public Sent: August 20, 2018 10:11 AM To: CA/B Forum Public List Subject: [EXTERNAL][cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure

Re: [cabfpub] Voting begins: Ballot SC3 version 2

Entrust votes Yes to ballot SC3. Bruce. From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of Tim Hollebeek via Servercert-wg Sent: August 9, 2018 11:48 AM To: CA/Browser Forum Public Discussion List Cc: servercert...@cabforum.org Subject: [EXTERNAL][Servercert-wg]

Re: [cabfpub] [EXTERNAL] Ballot SC6 - Revocation Timeline Extension

Hi Wayne, The term “misleading” is used in item 5 below. Should this also be removed? Thanks, Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Wayne Thayer via Public Sent: August 13, 2018 4:58 PM To: CA/B Forum Server Certificate WG Public Discussion List Cc: CA/Browser

Re: [cabfpub] Voting Begins: Ballot SC2 - version 2: Validating certificates via CAA CONTACT

Entrust Datacard votes Yes to ballot SC2. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek via Public Sent: July 19, 2018 11:03 AM To: servercert...@cabforum.org Cc: CA/Browser Forum Public Discussion List Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot

Re: [cabfpub] [EXTERNAL]Re: [Servercert-wg] Ballot SC3: Improvements to Network Security Guidelines

I don’t need 2 years to implement. I just don’t think that we need to push this requirement to the ecosystem. I think that the CA’s security teams can manage this risk independently. Bruce. From: Tim Hollebeek [mailto:tim.holleb...@digicert.com] Sent: July 13, 2018 10:22 AM To: Bruce

Re: [cabfpub] [EXTERNAL]Re: [Servercert-wg] Ballot SC3: Improvements to Network Security Guidelines

I agree with Doug’s position. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Doug Beattie via Public Sent: July 13, 2018 7:34 AM To: Wayne Thayer ; CA/B Forum Server Certificate WG Public Discussion List ; Tim Hollebeek ; CA/Browser Forum Public Discussion List

Re: [cabfpub] [EXTERNAL]Re: Discussion Period: Ballot 224: WHOIS and RDAP

Entrust votes Yes to ballot 224. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Wayne Thayer via Public Sent: May 14, 2018 2:23 PM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL]Re: [cabfpub] Discussion Period: Ballot 224: WHOIS and

Re: [cabfpub] [EXTERNAL] Voting begins for Ballot 223 v2 - Update BR Section 8.4 for CA audit criteria

Entrust votes Yes to ballot 223 v2. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public Sent: May 7, 2018 5:49 PM To: public@cabforum.org Subject: [EXTERNAL][cabfpub] Voting begins for Ballot 223 v2 - Update BR Section 8.4 for CA audit

Re: [cabfpub] For Discussion: Code Signing Working Group Charter

Hi Tim, Although we combined Code Signing and Time-stamping certificates into the Minimum Requirements for Code Signing document, I'm thinking that they should not be combined in the Code Signing Working Group. First there may be IP scope issues similar to when we wanted to combine both SSL

Re: [cabfpub] Voting Begins: Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag

Entrust votes Yes to ballot 219. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Corey Bonnell via Public Sent: April 3, 2018 12:13 PM To: public@cabforum.org Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot 219 v2: Clarify handling of CAA Record Sets with no

Re: [cabfpub] [EXTERNAL] Ballot 221: Two-Factor Authentication and Password Improvements

Tim, As this ballot may require a CA to make a technical change or change a procedure, should we state a future effective date to allow CAs to ensure they are compliant? Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek via Public Sent: March 28, 2018 3:26

Re: [cabfpub] [EXTERNAL] Voting Begins: Ballot 206: Amendment to IPR Policy & Bylaws re Working Group Formation

Entrust votes Yes to ballot 206. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Virginia Fournier via Public Sent: March 27, 2018 11:20 PM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot 206: Amendment to IPR

Re: [cabfpub] Voting Begins: Ballot 220: Minor Cleanups (Spring 2018)

Entrust votes Yes to ballot 220. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek via Public Sent: March 23, 2018 6:40 AM To: CA/Browser Forum Public Discussion List Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot 220: Minor Cleanups

Re: [cabfpub] Ballot 218 version 2: Remove validation methods #1 and #5

On the CA/Browser Teleconference last Thursday, the members discussed pending Ballot 218, which would eliminate domain validation method 1 (WhoIs lookup, BR 3.2.2.4.1) as of August, 2018. Google indicated it was not satisfied with an August 2018 implementation date, and might impose a March

Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

Please note that BR 3.2.5 needs to be performed for all OV certificates regardless of the domain validation method. I am not sure that your attack is Method 1 specific as it could be used against Methods 2 through 10 as well. I am open to improving BR 3.2.5, but we have found that using the

Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

t: Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document > On Jan 22, 2018, at 13:05, Bruce Morton via Public <public@cabforum.org> > wrote: > > Geoff, > > We put together an example of using method 1. Please see attached. Tha

Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

Rich, I assume once you have a fraudulent certificate, then you will have to something else to finalize the attack. You could compromise the site, but then you should have used method 6 to validate the domain. You could perform a DNS attack, but then you should have used method 7 to validate

Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

BR 3.2.2.4 states “This section defines the permitted processes and procedures for validating the Applicant's ownership or control of the domain.” Confirming ownership is BR compliant. I always thought that ownership should be preferred. An attacker can have control, but they won’t have

Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

That data is correct as GoDaddy Registered the domain name. If the Applicant is CA/Browser Forum and the Registrant is GoDaddy, then method 1 will fail by design. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Geoff Keating via Public Sent: January 19, 2018 1:44 PM To:

Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

m From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Bruce Morton via Public Sent: Monday, January 15, 2018 9:20 AM To: Jeremy Rowley <jeremy.row...@digicert.com <mailto:jeremy.row...@digicert.com> >; CA/Browser Forum Public Discussion List <public@cabforum.org <mailt

Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain Authorization Document

I'm following up on the original message to remove validation methods 3.2.2.4.1 and 3.2.2.4.5. We validate a large percentage of certificate requests using 3.2.2.4.1. It is highly used with our enterprise clients and works great if you know your customer. We would like to continue using this

Re: [cabfpub] [EXTERNAL]Re: Ballot 218: Remove validation methods #1 and #5

mailto:public-boun...@cabforum.org] On Behalf Of Bruce Morton via Public Sent: Thursday, January 4, 2018 7:49 AM To: Ryan Sleevi <sle...@google.com <mailto:sle...@google.com> > Cc: CA/Browser Forum Public Discussion List <public@cabforum.org <mailto:public@cabforum.org> > Subje

Re: [cabfpub] [EXTERNAL]Re: Ballot 218: Remove validation methods #1 and #5

Hi Ryan, Here are some details on how we perform this method. For an OV certificate, we perform method #1 as follows: 1. Order is received with the subject name, SANs, a certificate requester and an authorization contact. The authorization contact must be employed by the organization in

Re: [cabfpub] [EXTERNAL]Re: Verification of Domain Contact and Domain Authorization Document

The requirement may mean a LOT of things, but it is also qualified by language such as “This method may only be used if: 1. The CA authenticates the Applicant's identity under BR Section 3.2.2.1 and the authority of the Applicant Representative under BR Section 3.2.5.” I assume it will be

Re: [cabfpub] [EXTERNAL]Re: Ballot 218: Remove validation methods #1 and #5

I disagree. Removing, changing and adding back in method #1 is not a productive exercise. This method has been used for probably 20 years and yet we never see any notifications, articles, alerts, etc. of how this method was defeated by an attacker. Note, I agree that method #1 can be approved

Re: [cabfpub] [EXTERNAL] Ballot 217: Sunset RFC 2527

Entrust votes Yes to ballot 217. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: December 7, 2017 11:53 AM To: CABFPub Subject: [EXTERNAL][cabfpub] Ballot 217: Sunset RFC 2527 Ballot 217: Sunset RFC 2527 Purpose of

Re: [cabfpub] [EXTERNAL]Re: [cabfman] Cleanup for Non-registered Domains

Based on input from Doug and Wayne, here are the proposed changes. In section 4.2.2 remove: CAs SHOULD NOT issue Certificates containing a new gTLD under consideration by ICANN. Prior to issuing a Certificate containing an Internal Name with a gTLD that ICANN has announced as under

Re: [cabfpub] [EXTERNAL]Re: [cabfman] Cleanup for Non-registered Domains

Moving discussion to public list. Bruce. From: Management [mailto:management-boun...@cabforum.org] On Behalf Of Wayne Thayer Sent: November 30, 2017 3:05 PM To: managem...@cabforum.org Subject: [EXTERNAL]Re: [cabfman] Cleanup for Non-registered Domains To avoid any confusion or loopholes, I

Re: [cabfpub] [EXTERNAL] Ballot 208 - dnQualifiers

Entrust votes Yes to ballot 208. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: October 12, 2017 2:05 PM To: CABFPub Subject: [EXTERNAL][cabfpub] Ballot 208 - dnQualifiers Ballot 208 - dnQualifiers This ballot allows

Re: [cabfpub] Ballot 207 - ASN.1 Jurisdiction in EV Guidelines

Entrust votes Yes to ballot 207. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: October 9, 2017 10:46 AM To: CABFPub Subject: [EXTERNAL][cabfpub] Ballot 207 - ASN.1 Jurisdiction in EV Guidelines Ballot 207 - ASN.1

Re: [cabfpub] [EXTERNAL] Ballot 204: Forbid DTPs from doing Domain/IP Ownership Validation

Entrust votes Yes for ballot 204. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, June 26, 2017 8:18 AM To: CABFPub Subject: [EXTERNAL][cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP Ownership

Re: [cabfpub] [EXTERNAL] Ballot 205: Membership-Related Clarifications

Entrust votes Yes to ballot 205. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Thursday, June 22, 2017 7:43 AM To: CABFPub Subject: [EXTERNAL][cabfpub] Ballot 205: Membership-Related Clarifications Ballot 205:

Re: [cabfpub] [EXTERNAL] Base Domain Name correction

Hi Peter, I thought that the Base Domain Name was made up of two parts: 1) domain name node to a registry-controlled or public suffix, and 2) the registry-controlled or public suffix. So a Base Domain Name can be example.com or example.co.uk. I also thought that there was an exception if the

Re: [cabfpub] Ballot 201 - .onion Revisions

Entrust votes Yes to ballot 201. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Thursday, May 25, 2017 3:50 PM To: CABFPub Cc: Ben Wilson Subject: [EXTERNAL][cabfpub] Ballot 201 - .onion Revisions

Re: [cabfpub] [EXTERNAL] Ballot 200 - Amendment of Bylaws to add Code of Conduct

Entrust votes Yes to ballot 200. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Virginia Fournier via Public Sent: Tuesday, May 16, 2017 4:55 PM To: CA/Browser Forum Public Discussion List Cc: Virginia Fournier Subject:

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Entrust votes Yes to ballot 191. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley via Public Sent: Monday, May 8, 2017 5:41 PM To: CA/Browser Forum Public Discussion List Cc: Jeremy Rowley Subject:

Re: [cabfpub] [EXTERNAL]Re: Profiling OCSP & CRLs

In addition to CRLs, are revocations of issuing CAs not also addressed with CRLSets, OneCRL and certificate blacklisting? For OCSP, an approach for an off-line root is to have the OCSP response signed daily by an OCSP responder. This means that we would not have any 1 year OCSP responses.

Re: [cabfpub] [EXTERNAL]Re: Profiling OCSP & CRLs

Would like to discuss OCSP Responder certificate validity. The BRs do not discuss how OCSP systems should be operated. It would appear that a short validity period would be to mitigate against a low security policy on the OCSP responder and keys. In our case, we manage the OCSP responder

Re: [cabfpub] [EXTERNAL]Re: Ballot 191 - Clarify Place of Business Information

Agreed. Bruce. -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Tuesday, May 9, 2017 5:06 AM To: CA/Browser Forum Public Discussion List Cc: Gervase Markham Subject: [EXTERNAL]Re:

Re: [cabfpub] [EXTERNAL]Re: Ballot 199 - Require commonName in Root and Intermediate Certificates

Entrust votes Yes to ballot 199. Bruce. -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Thursday, April 27, 2017 12:29 PM To: CABFPub Cc: Gervase Markham Subject: [EXTERNAL]Re:

Re: [cabfpub] Ballot 198 - Onion Revisions v2

Entrust vote Yes. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley via Public Sent: Wednesday, May 3, 2017 8:29 PM To: CA/Browser Forum Public Discussion List Cc: Jeremy Rowley Subject: [EXTERNAL]Re: [cabfpub]

Re: [cabfpub] [EXTERNAL] Ballot 197 � Effective Date of Ballot 193 Provisions (amended April 26)

Entrust votes Yes. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Wednesday, April 26, 2017 1:45 AM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [EXTERNAL][cabfpub] Ballot

Re: [cabfpub] [EXTERNAL]Re: Ballot 199 - Require commonName in Root and Intermediate Certificates

I will try to think up some use cases as this doesn’t come up that often. I am not saying that these are applicable to Entrust. However, I do know that since we need to support many clients and browsers which are continually changing and updating policies, there is a chance that a CA may need

Re: [cabfpub] [EXTERNAL]Re: Ballot 199 - Require commonName in Root and Intermediate Certificates

List <public@cabforum.org> Cc: Gervase Markham <g...@mozilla.org>; Bruce Morton <bruce.mor...@entrustdatacard.com> Subject: Re: [cabfpub] [EXTERNAL]Re: Ballot 199 - Require commonName in Root and Intermediate Certificates On Wed, Apr 26, 2017 at 1:25 PM, Bruce Morton v

Re: [cabfpub] [EXTERNAL]Re: Ballot 199 - Require commonName in Root and Intermediate Certificates

Hi Gerv, I'm also confused with the proposal, so wanted to discuss our methodology. From our point of view, we create a subordinate certification authority and give this CA a distinguished name. We use the CN to give the CA a unique identifier, so that the common name will not be mixed up with

Re: [cabfpub] [EXTERNAL] Ballot 196: Define "Audit Period"

Entrust votes Yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, April 3, 2017 2:06 PM To: CABFPub Cc: Gervase Markham Subject: [EXTERNAL][cabfpub] Ballot 196: Define "Audit Period" Ballot 196 -

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

Entrust votes Yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Chris Bailey via Public Sent: Sunday, April 2, 2017 4:27 PM To: public@cabforum.org Cc: Chris Bailey Subject: [EXTERNAL][cabfpub] Ballot 194 – Effective Date of Ballot 193

Re: [cabfpub] [EXTERNAL] Brazilian bank DNS heist

+1 -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling via Public Sent: Monday, April 10, 2017 10:36 AM To: CA/Browser Forum Public Discussion List Cc: Rob Stradling Subject: Re: [cabfpub]

Re: [cabfpub] [EXTERNAL] Brazilian bank DNS heist

d.com<mailto:bruce.mor...@entrustdatacard.com>> Subject: Re: [cabfpub] [EXTERNAL] Brazilian bank DNS heist On Thu, Apr 6, 2017 at 7:52 PM, Bruce Morton via Public <public@cabforum.org<mailto:public@cabforum.org>> wrote: What if the bank used EV and there was an error if there was no

Re: [cabfpub] [EXTERNAL] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

Entrust votes Yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public Sent: Wednesday, April 5, 2017 3:47 AM To: public@cabforum.org Cc: Dimitris Zacharopoulos Subject: [EXTERNAL][cabfpub] Ballot 189 (revised) - Amend Section 6.1.7

Re: [cabfpub] [EXTERNAL] Brazilian bank DNS heist

What if the bank used EV and there was an error if there was no EV certificate? Could this be done by using something like an HSTS header which also stated EV-only? When the Subscriber receives a DV certificate, but has stored a header for EV-only, then there would be a browser error. Sounds

Re: [cabfpub] [EXTERNAL] Require commonName in Root and Intermediate Certificates ballot draft

Gerv, For CNs for Subordinate CAs, the ballot states “This field MUST be present and the contents MUST be an identifier for the certificate which is unique across all certificates issued by the issuing certificate.” In some cases the certificate for a Subordinate CA may be reissued. In this

Re: [cabfpub] Voting has started on Ballot 193 - 825-day Certificate Lifetimes

Entrust votes Yes. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Saturday, March 11, 2017 12:20 PM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Voting has

Re: [cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements

Entrust also understands there may be issues with the ballot which we would like to be corrected. Entrust changes our vote to NO. Thanks, Bruce. -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Wednesday, March 1, 2017

Re: [cabfpub] Ballot 185 (Revised) - Limiting the Lifetime of Certificates

Entrust votes NO. Please note that our initial feedback from our enterprise customers is that they will need to double their staff to install certificates and they are not in a position to deploy automation. Thanks, Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan

Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

Ryan, I support your concrete action items. It would be great if they were on the agenda for the next F2F. Bruce. From: Ryan Sleevi via Public > Date: February 6, 2017 at 5:55:06 PM EST To: Doug Beattie

Re: [cabfpub] Mozilla SHA-1 further restrictions (v5)

Hi Gerv, Can you provide some clarification on how this will be implemented/imposed? What would be good to know is if the CA does not comply to the new Mozilla SHA-1 restrictions is this a policy compliance issue or will this mean the certificate issued will not be trusted by Firefox? Thanks,

Re: [cabfpub] Draft CAA motion (4)

;g...@mozilla.org<mailto:g...@mozilla.org>>; Doug Beattie <doug.beat...@globalsign.com<mailto:doug.beat...@globalsign.com>>; Bruce Morton <bruce.mor...@entrustdatacard.com<mailto:bruce.mor...@entrustdatacard.com>> Subject: Re: [cabfpub] Draft CAA motion (4) On

Re: [cabfpub] Draft CAA motion (4)

List <public@cabforum.org> Cc: Gervase Markham <g...@mozilla.org>; Doug Beattie <doug.beat...@globalsign.com>; Bruce Morton <bruce.mor...@entrustdatacard.com> Subject: Re: [cabfpub] Draft CAA motion (4) On Wed, Jan 25, 2017 at 9:04 AM, Bruce Morton via Public <public

Re: [cabfpub] Voting has started on Ballot 183 – Amending the Bylaws to Clarify the Ballot Approval Process

Entrust votes Yes to ballot 183. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Wednesday, January 25, 2017 10:27 AM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub]

Re: [cabfpub] Draft CAA motion (4)

01/17 14:36, Bruce Morton via Public wrote: > The issue with a CAA hard-fail for all circumstances is that it could > impact current obligations for certificate issuance and management You mean current contractual obligations? It would help if you gave a sample contract clause you think

Re: [cabfpub] Draft CAA motion (4)

The issue with a CAA hard-fail for all circumstances is that it could impact current obligations for certificate issuance and management and it is anti-competitive. What I don’t understand is why there are objections to a proposed solution without trying to provide an alternative. We should

Re: [cabfpub] Draft CAA motion (3)

AA motion (3) On Thu, Jan 12, 2017 at 10:28 AM, Bruce Morton via Public <public@cabforum.org<mailto:public@cabforum.org>> wrote: I know there was some discussion about caching. I do think that 1 hour may be a period which is too short. For instance it does not address the case where a

Re: [cabfpub] Ballot 184: rfc822Names and otherNames

I’m not sure why we want an email address for a SAN either. If there is a case for an email address, would it be an alternative put it in the subject name instead of the SAN? I think that this can be done per BR 7.1.4.2.2.j. Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of

  1   2   >