Entrust votes Yes to ballot FORUM-022.
Bruce.
From: Public On Behalf Of Ben Wilson via Public
Sent: Wednesday, May 15, 2024 11:02 AM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL] [cabfpub] Voting Period Begins: Ballot FORUM-022: Establish
Forum IPR Subcommittee
Ballot
Entrust would like to participate in the Definitions working group.
Thanks, Bruce.
From: Public On Behalf Of Dimitris Zacharopoulos
(HARICA) via Public
Sent: Monday, April 22, 2024 12:28 PM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL] [cabfpub] CABG: Follow-up actions to
Entrust votes Yes to ballot FORUM-021.
Bruce.
From: Public On Behalf Of Clint Wilson via Public
Sent: Thursday, April 4, 2024 11:03 AM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL] [cabfpub] Voting Period Begins | Ballot FORUM-021: Form
Definitions and Glossary WG
Ballot
Entrust votes Yes to ballot FORUM-020.
Bruce.
From: Public On Behalf Of Martijn Katerbarg via
Public
Sent: Thursday, January 4, 2024 3:02 PM
To: public@cabforum.org
Subject: [EXTERNAL] [cabfpub] Voting Period begins: Ballot FORUM-020 v2 - Amend
Code Signing Certificate Working Group Charter
Entrust abstains to ballot FORUM-019.
Bruce.
From: Public On Behalf Of Ben Wilson via Public
Sent: Monday, November 27, 2023 10:44 AM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL] [cabfpub] Ballot FORUM-019 v.2 - Amend Server Certificate
Working Group Charter - VOTING PERIOD
Entrust votes Yes to ballot FORUM-18.
Bruce.
From: Public On Behalf Of Tim Hollebeek via Public
Sent: Wednesday, July 27, 2022 3:10 PM
To: CABforum1
Subject: [EXTERNAL] [cabfpub] Voting Begins: FORUM-18, Allow Re-election of CWG
Chairs and Vice Chairs
WARNING: This email originated outside
Entrust votes Yes to ballot FORUM-17.
Bruce.
From: Public On Behalf Of Ben Wilson via Public
Sent: Thursday, December 16, 2021 1:39 PM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL] [cabfpub] Voting Period Begins: Ballot FORUM-17: Create
Network Security Working Group
To follow up, the CSCWG charter includes the following documents:
a. EV Code Signing Guidelines, v. 1.4 and subsequent versions
b. Version 1.0 Draft of November 19, 2015, Baseline Requirements for the
Issuance and Management of Publicly-Trusted Code Signing Certificates (subject
to the CSCWG
Entrust votes Yes to ballot Forum-16.
Bruce.
From: Public On Behalf Of Dean Coclin via Public
Sent: Wednesday, October 21, 2020 10:15 PM
To: CABforum1
Subject: [EXTERNAL][cabfpub] Voting begins on Special Ballot Forum-16: Election
of CA/Browser Forum Vice Chair
Voting begins on this ballot
Entrust votes Yes to ballot Forum-15.
Bruce.
From: Public On Behalf Of Dimitris Zacharopoulos
(HARICA) via Public
Sent: Monday, September 14, 2020 11:11 AM
To: public@cabforum.org
Subject: [EXTERNAL][cabfpub] Voting begins on Special Ballot Forum-15: Election
of CA/Browser Forum Chair
Entrust intends to participate in the S/MIME working group as a Certificate
Issuer. Voting representatives will be Bruce Morton, Chris Bailey and Kirk
Hall.
Thanks, Bruce.
-Original Message-
From: Public On Behalf Of Stephen Davidson via
Public
Sent: Wednesday, July 8, 2020 3:36 PM
Should we also discuss the chair and vice chair requirements?
Personally, I would prefer to do the grunt work of updating the document,
changing the format and dealing with some parking lot items. I would prefer not
to chair all meetings, agenda, minutes, etc.
Do you think that we change the
Entrust votes Yes to ballot Forum-14 v2.
Bruce.
From: Public On Behalf Of Tim Hollebeek via Public
Sent: Monday, June 8, 2020 4:52 PM
To: CABforum1
Subject: [EXTERNAL][cabfpub] VOTING BEGINS: Ballot Forum-14 version 2: Creation
of S/MIME Certificates Working Group
The following ballot is
Entrust votes Yes to ballot Forum-12.
Bruce.
From: Public On Behalf Of Dimitris Zacharopoulos
(HARICA) via Public
Sent: Monday, May 18, 2020 11:30 AM
To: public@cabforum.org
Subject: [EXTERNAL][cabfpub] Voting Begins for ballot Forum-12 - Update CA/B
Forum Bylaws
WARNING: This email
Entrust Datacard votes Yes to ballot Forum 13.
Bruce.
From: Public On Behalf Of Dean Coclin via Public
Sent: Tuesday, March 31, 2020 8:00 PM
To: CABforum1
Subject: [EXTERNAL][cabfpub] VOTING BEGINS: BALLOT Forum 13: Correct Code
Signing Certificate Working Group Charter error
Voting begins
Entrust Datacard votes Yes to ballot FORUM-10.
Bruce.
From: Public On Behalf Of Jos Purvis (jopurvis)
via Public
Sent: Monday, September 30, 2019 11:27 AM
To: CA/B Forum Public List
Subject: [EXTERNAL][cabfpub] FW: Ballot FORUM-10: Re-charter Forum
Infrastructure Working Group
The following
Entrust votes Yes to ballot Forum-9.
Bruce.
From: Public On Behalf Of Wayne Thayer via Public
Sent: Monday, May 13, 2019 2:59 PM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot Forum-9 - Bylaws and Server
Certificate Working Group Charter Updates
Entrust Datacard would like to be a participant in the Code Signing Working
Group.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dean Coclin via
Public
Sent: March 12, 2019 12:46 PM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL][cabfpub] Code Signing
Entrust Datacard votes Yes to ballot FORUM-8.
Bruce.
-Original Message-
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: March 1, 2019 12:23 PM
To: CABFPub
Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot FORUM-8: Charter to
Establish a Code
Hi Wayne,
Can you elaborate on why we should exclude identity validation from the initial
scope?
My thinking is that many CAs which are currently issuing S/MIME certificates
are also including identity. I assume that most use similar methods that are
defined in the BRs to validate identity.
I agree.
Bruce.
> On Jan 8, 2019, at 1:53 PM, Doug Beattie via Public
> wrote:
>
> Should we update the BRs to forbid P-521 given Mozilla root program forbids
> them?
>
> -Original Message-
> From: dev-security-policy On
> Behalf Of Jonathan Rudenberg via dev-security-policy
> Sent:
Doug,
I would also endorse the ballot SC14 with method 3.2.2.4.16 removed. We can
follow up with Method 16 later.
Bruce.
From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of
Doug Beattie via Servercert-wg
Sent: January 7, 2019 2:40 PM
To: Ryan Sleevi ; CA/B Forum
Entrust Datacard votes Yes to ballot SC13.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek
via Public
Sent: December 17, 2018 6:56 PM
To: servercert...@cabforum.org; CA/Browser Forum Public Discussion List
Subject: [EXTERNAL][cabfpub] Voting Begins: SC13
Hi Ben,
I thought that I would provide some input on Code Signing and hopefully it will
be considered for the charter.
The public CAs are currently working with two orphaned code signing certificate
guidelines. Here are some issues:
*Documents are be out of date as such software
Entrust votes Yes to ballot Forum-7.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris
Zacharopoulos via Public
Sent: September 21, 2018 1:04 AM
To: public@cabforum.org
Subject: [EXTERNAL][cabfpub] Forum-7 - Update ETSI requirements in the SCWG
Charter
WARNING:
Entrust votes Yes to ballot Forum-6.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris
Zacharopoulos via Public
Sent: September 17, 2018 12:38 PM
To: public@cabforum.org
Subject: [EXTERNAL][cabfpub] Forum-6 - Update ETSI requirements in the Bylaws
WARNING: This
Entrust votes Yes to ballot SC10.
Bruce.
From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of
Dimitris Zacharopoulos via Servercert-wg
Sent: September 20, 2018 12:02 PM
To: CA/B Forum Server Certificate WG Public Discussion List
Subject: [EXTERNAL][Servercert-wg]
Entrust votes Yes to ballot SC9.
Bruce.
From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of
Wayne Thayer via Servercert-wg
Sent: September 19, 2018 11:49 AM
To: CA/B Forum Server Certificate WG Public Discussion List
Subject: [EXTERNAL][Servercert-wg] Ballot SC9 v4 –
Entrust Datacard votes Yes to ballot Forum-4 v3.
Bruce.
From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of
Tim Hollebeek via Servercert-wg
Sent: September 14, 2018 2:50 PM
To: CABFPub ; servercert...@cabforum.org
Subject: [EXTERNAL][Servercert-wg] Ballot FORUM-4 v3
Entrust votes Yes.
Bruce.
From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of
Kirk Hall via Servercert-wg
Sent: September 19, 2018 7:30 PM
To: servercert...@cabforum.org
Subject: [EXTERNAL][Servercert-wg] Ballot SC5: Election of Server Certificate
Working Group Vice
Entrust votes Yes.
Bruce.
On Sep 14, 2018, at 3:12 PM, Ben Wilson via Public
mailto:public@cabforum.org>> wrote:
VOTING HAS STARTED.
DigiCert votes “YES”
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: Wednesday, September 5, 2018 9:35 PM
To:
Entrust Datacard votes Yes to ballot SC6 v3.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Wayne Thayer via
Public
Sent: August 31, 2018 3:52 PM
To: CA/B Forum Server Certificate WG Public Discussion List
Cc: CA/Browser Forum Public Discussion List
Subject:
Entrust Datacard votes Yes to ballot SC8.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via
Public
Sent: August 30, 2018 11:01 AM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL][cabfpub] Ballot SC8: Election of Server Certificate Working
Group
I am concerned with this statement, “the CA SHALL work with the Subscriber and
any entity reporting the Certificate Problem Report or other revocation-related
notice to establish a date when the CA will revoke the Certificate which MUST
not exceed the time frame set forth in Section 4.9.1.1.”
BR 6.1.1.3 states “The CA SHALL reject a certificate request if the requested
Public Key does not meet the requirements set forth in Sections 6.1.5 and 6.1.6
or if it has a known weak Private Key (such as a Debian weak key, see
http://wiki.debian.org/SSLkeys).”
My assumption is a certificate
Per Mike’s items:
1. 7 days would be preferable as this would provide a “business week” for
the CA to investigate the issue. It will also provide 2 extra days to have
reach and discuss the issue with the Reporter and the Subscriber.
2. Given the examples for unacceptable risk, I
Entrust Datacard votes Yes to FORUM-1.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jos Purvis
(jopurvis) via Public
Sent: August 20, 2018 10:11 AM
To: CA/B Forum Public List
Subject: [EXTERNAL][cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum
Infrastructure
Entrust votes Yes to ballot SC3.
Bruce.
From: Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] On Behalf Of
Tim Hollebeek via Servercert-wg
Sent: August 9, 2018 11:48 AM
To: CA/Browser Forum Public Discussion List
Cc: servercert...@cabforum.org
Subject: [EXTERNAL][Servercert-wg]
Hi Wayne,
The term “misleading” is used in item 5 below. Should this also be removed?
Thanks, Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Wayne Thayer via
Public
Sent: August 13, 2018 4:58 PM
To: CA/B Forum Server Certificate WG Public Discussion List
Cc: CA/Browser
Entrust Datacard votes Yes to ballot SC2.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek
via Public
Sent: July 19, 2018 11:03 AM
To: servercert...@cabforum.org
Cc: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot
I don’t need 2 years to implement. I just don’t think that we need to push this
requirement to the ecosystem. I think that the CA’s security teams can manage
this risk independently.
Bruce.
From: Tim Hollebeek [mailto:tim.holleb...@digicert.com]
Sent: July 13, 2018 10:22 AM
To: Bruce
I agree with Doug’s position.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Doug Beattie via
Public
Sent: July 13, 2018 7:34 AM
To: Wayne Thayer ; CA/B Forum Server Certificate WG Public
Discussion List ; Tim Hollebeek
; CA/Browser Forum Public Discussion List
Entrust votes Yes to ballot 224.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Wayne Thayer via
Public
Sent: May 14, 2018 2:23 PM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL]Re: [cabfpub] Discussion Period: Ballot 224: WHOIS and
Entrust votes Yes to ballot 223 v2.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris
Zacharopoulos via Public
Sent: May 7, 2018 5:49 PM
To: public@cabforum.org
Subject: [EXTERNAL][cabfpub] Voting begins for Ballot 223 v2 - Update BR
Section 8.4 for CA audit
Hi Tim,
Although we combined Code Signing and Time-stamping certificates into the
Minimum Requirements for Code Signing document, I'm thinking that they should
not be combined in the Code Signing Working Group. First there may be IP scope
issues similar to when we wanted to combine both SSL
Entrust votes Yes to ballot 219.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Corey Bonnell
via Public
Sent: April 3, 2018 12:13 PM
To: public@cabforum.org
Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot 219 v2: Clarify handling of
CAA Record Sets with no
Tim,
As this ballot may require a CA to make a technical change or change a
procedure, should we state a future effective date to allow CAs to ensure they
are compliant?
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek
via Public
Sent: March 28, 2018 3:26
Entrust votes Yes to ballot 206.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Virginia
Fournier via Public
Sent: March 27, 2018 11:20 PM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot 206: Amendment to IPR
Entrust votes Yes to ballot 220.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek
via Public
Sent: March 23, 2018 6:40 AM
To: CA/Browser Forum Public Discussion List
Subject: [EXTERNAL][cabfpub] Voting Begins: Ballot 220: Minor Cleanups
On the CA/Browser Teleconference last Thursday, the members discussed pending
Ballot 218, which would eliminate domain validation method 1 (WhoIs lookup, BR
3.2.2.4.1) as of August, 2018. Google indicated it was not satisfied with an
August 2018 implementation date, and might impose a March
Please note that BR 3.2.5 needs to be performed for all OV certificates
regardless of the domain validation method. I am not sure that your attack is
Method 1 specific as it could be used against Methods 2 through 10 as well.
I am open to improving BR 3.2.5, but we have found that using the
t: Re: [cabfpub] [EXTERNAL] Verification of Domain Contact and Domain
Authorization Document
> On Jan 22, 2018, at 13:05, Bruce Morton via Public <public@cabforum.org>
> wrote:
>
> Geoff,
>
> We put together an example of using method 1. Please see attached.
Tha
Rich,
I assume once you have a fraudulent certificate, then you will have to
something else to finalize the attack. You could compromise the site, but then
you should have used method 6 to validate the domain. You could perform a DNS
attack, but then you should have used method 7 to validate
BR 3.2.2.4 states “This section defines the permitted processes and procedures
for validating the Applicant's ownership or control of the domain.”
Confirming ownership is BR compliant.
I always thought that ownership should be preferred. An attacker can have
control, but they won’t have
That data is correct as GoDaddy Registered the domain name.
If the Applicant is CA/Browser Forum and the Registrant is GoDaddy, then method
1 will fail by design.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Geoff Keating
via Public
Sent: January 19, 2018 1:44 PM
To:
m
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Bruce Morton
via Public
Sent: Monday, January 15, 2018 9:20 AM
To: Jeremy Rowley <jeremy.row...@digicert.com
<mailto:jeremy.row...@digicert.com> >; CA/Browser Forum Public Discussion
List <public@cabforum.org <mailt
I'm following up on the original message to remove validation methods 3.2.2.4.1
and 3.2.2.4.5.
We validate a large percentage of certificate requests using 3.2.2.4.1. It is
highly used with our enterprise clients and works great if you know your
customer. We would like to continue using this
mailto:public-boun...@cabforum.org] On Behalf Of Bruce Morton via
Public
Sent: Thursday, January 4, 2018 7:49 AM
To: Ryan Sleevi <sle...@google.com <mailto:sle...@google.com> >
Cc: CA/Browser Forum Public Discussion List <public@cabforum.org
<mailto:public@cabforum.org> >
Subje
Hi Ryan,
Here are some details on how we perform this method.
For an OV certificate, we perform method #1 as follows:
1. Order is received with the subject name, SANs, a certificate requester
and an authorization contact. The authorization contact must be employed by the
organization in
The requirement may mean a LOT of things, but it is also qualified by language
such as “This method may only be used if: 1. The CA authenticates the
Applicant's identity under BR Section 3.2.2.1 and the authority of the
Applicant Representative under BR Section 3.2.5.”
I assume it will be
I disagree.
Removing, changing and adding back in method #1 is not a productive exercise.
This method has been used for probably 20 years and yet we never see any
notifications, articles, alerts, etc. of how this method was defeated by an
attacker.
Note, I agree that method #1 can be approved
Entrust votes Yes to ballot 217.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via
Public
Sent: December 7, 2017 11:53 AM
To: CABFPub
Subject: [EXTERNAL][cabfpub] Ballot 217: Sunset RFC 2527
Ballot 217: Sunset RFC 2527
Purpose of
Based on input from Doug and Wayne, here are the proposed changes.
In section 4.2.2 remove:
CAs SHOULD NOT issue Certificates containing a new gTLD under consideration by
ICANN. Prior to issuing a Certificate containing an Internal Name with a gTLD
that ICANN has announced as under
Moving discussion to public list.
Bruce.
From: Management [mailto:management-boun...@cabforum.org] On Behalf Of Wayne
Thayer
Sent: November 30, 2017 3:05 PM
To: managem...@cabforum.org
Subject: [EXTERNAL]Re: [cabfman] Cleanup for Non-registered Domains
To avoid any confusion or loopholes, I
Entrust votes Yes to ballot 208.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: October 12, 2017 2:05 PM
To: CABFPub
Subject: [EXTERNAL][cabfpub] Ballot 208 - dnQualifiers
Ballot 208 - dnQualifiers
This ballot allows
Entrust votes Yes to ballot 207.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: October 9, 2017 10:46 AM
To: CABFPub
Subject: [EXTERNAL][cabfpub] Ballot 207 - ASN.1 Jurisdiction in EV Guidelines
Ballot 207 - ASN.1
Entrust votes Yes for ballot 204.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Monday, June 26, 2017 8:18 AM
To: CABFPub
Subject: [EXTERNAL][cabfpub] Ballot 204: Forbid DTPs from doing Domain/IP
Ownership
Entrust votes Yes to ballot 205.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Thursday, June 22, 2017 7:43 AM
To: CABFPub
Subject: [EXTERNAL][cabfpub] Ballot 205: Membership-Related Clarifications
Ballot 205:
Hi Peter,
I thought that the Base Domain Name was made up of two parts: 1) domain name
node to a registry-controlled or public suffix, and 2) the registry-controlled
or public suffix. So a Base Domain Name can be example.com or example.co.uk.
I also thought that there was an exception if the
Entrust votes Yes to ballot 201.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via
Public
Sent: Thursday, May 25, 2017 3:50 PM
To: CABFPub
Cc: Ben Wilson
Subject: [EXTERNAL][cabfpub] Ballot 201 - .onion Revisions
Entrust votes Yes to ballot 200.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Virginia
Fournier via Public
Sent: Tuesday, May 16, 2017 4:55 PM
To: CA/Browser Forum Public Discussion List
Cc: Virginia Fournier
Subject:
Entrust votes Yes to ballot 191.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley
via Public
Sent: Monday, May 8, 2017 5:41 PM
To: CA/Browser Forum Public Discussion List
Cc: Jeremy Rowley
Subject:
In addition to CRLs, are revocations of issuing CAs not also addressed with
CRLSets, OneCRL and certificate blacklisting?
For OCSP, an approach for an off-line root is to have the OCSP response signed
daily by an OCSP responder. This means that we would not have any 1 year OCSP
responses.
Would like to discuss OCSP Responder certificate validity.
The BRs do not discuss how OCSP systems should be operated. It would appear
that a short validity period would be to mitigate against a low security policy
on the OCSP responder and keys.
In our case, we manage the OCSP responder
Agreed.
Bruce.
-Original Message-
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Tuesday, May 9, 2017 5:06 AM
To: CA/Browser Forum Public Discussion List
Cc: Gervase Markham
Subject: [EXTERNAL]Re:
Entrust votes Yes to ballot 199.
Bruce.
-Original Message-
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Thursday, April 27, 2017 12:29 PM
To: CABFPub
Cc: Gervase Markham
Subject: [EXTERNAL]Re:
Entrust vote Yes.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley
via Public
Sent: Wednesday, May 3, 2017 8:29 PM
To: CA/Browser Forum Public Discussion List
Cc: Jeremy Rowley
Subject: [EXTERNAL]Re: [cabfpub]
Entrust votes Yes.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via
Public
Sent: Wednesday, April 26, 2017 1:45 AM
To: CA/Browser Forum Public Discussion List
Cc: Kirk Hall
Subject: [EXTERNAL][cabfpub] Ballot
I will try to think up some use cases as this doesn’t come up that often. I am
not saying that these are applicable to Entrust. However, I do know that since
we need to support many clients and browsers which are continually changing and
updating policies, there is a chance that a CA may need
List <public@cabforum.org>
Cc: Gervase Markham <g...@mozilla.org>; Bruce Morton
<bruce.mor...@entrustdatacard.com>
Subject: Re: [cabfpub] [EXTERNAL]Re: Ballot 199 - Require commonName in Root
and Intermediate Certificates
On Wed, Apr 26, 2017 at 1:25 PM, Bruce Morton v
Hi Gerv,
I'm also confused with the proposal, so wanted to discuss our methodology.
From our point of view, we create a subordinate certification authority and
give this CA a distinguished name. We use the CN to give the CA a unique
identifier, so that the common name will not be mixed up with
Entrust votes Yes.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Monday, April 3, 2017 2:06 PM
To: CABFPub
Cc: Gervase Markham
Subject: [EXTERNAL][cabfpub] Ballot 196: Define "Audit Period"
Ballot 196 -
Entrust votes Yes.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Chris Bailey via
Public
Sent: Sunday, April 2, 2017 4:27 PM
To: public@cabforum.org
Cc: Chris Bailey
Subject: [EXTERNAL][cabfpub] Ballot 194 – Effective Date of Ballot 193
+1
-Original Message-
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling
via Public
Sent: Monday, April 10, 2017 10:36 AM
To: CA/Browser Forum Public Discussion List
Cc: Rob Stradling
Subject: Re: [cabfpub]
d.com<mailto:bruce.mor...@entrustdatacard.com>>
Subject: Re: [cabfpub] [EXTERNAL] Brazilian bank DNS heist
On Thu, Apr 6, 2017 at 7:52 PM, Bruce Morton via Public
<public@cabforum.org<mailto:public@cabforum.org>> wrote:
What if the bank used EV and there was an error if there was no
Entrust votes Yes.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris
Zacharopoulos via Public
Sent: Wednesday, April 5, 2017 3:47 AM
To: public@cabforum.org
Cc: Dimitris Zacharopoulos
Subject: [EXTERNAL][cabfpub] Ballot 189 (revised) - Amend Section 6.1.7
What if the bank used EV and there was an error if there was no EV certificate?
Could this be done by using something like an HSTS header which also stated
EV-only? When the Subscriber receives a DV certificate, but has stored a header
for EV-only, then there would be a browser error.
Sounds
Gerv,
For CNs for Subordinate CAs, the ballot states “This field MUST be present and
the contents MUST be an identifier for the certificate which is unique across
all certificates issued by the issuing certificate.”
In some cases the certificate for a Subordinate CA may be reissued. In this
Entrust votes Yes.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via
Public
Sent: Saturday, March 11, 2017 12:20 PM
To: CA/Browser Forum Public Discussion List
Cc: Kirk Hall
Subject: [cabfpub] Voting has
Entrust also understands there may be issues with the ballot which we would
like to be corrected.
Entrust changes our vote to NO.
Thanks, Bruce.
-Original Message-
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham
via Public
Sent: Wednesday, March 1, 2017
Entrust votes NO.
Please note that our initial feedback from our enterprise customers is that
they will need to double their staff to install certificates and they are not
in a position to deploy automation.
Thanks, Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan
Ryan,
I support your concrete action items. It would be great if they were on the
agenda for the next F2F.
Bruce.
From: Ryan Sleevi via Public >
Date: February 6, 2017 at 5:55:06 PM EST
To: Doug Beattie
Hi Gerv,
Can you provide some clarification on how this will be implemented/imposed?
What would be good to know is if the CA does not comply to the new Mozilla
SHA-1 restrictions is this a policy compliance issue or will this mean the
certificate issued will not be trusted by Firefox?
Thanks,
;g...@mozilla.org<mailto:g...@mozilla.org>>; Doug Beattie
<doug.beat...@globalsign.com<mailto:doug.beat...@globalsign.com>>; Bruce Morton
<bruce.mor...@entrustdatacard.com<mailto:bruce.mor...@entrustdatacard.com>>
Subject: Re: [cabfpub] Draft CAA motion (4)
On
List <public@cabforum.org>
Cc: Gervase Markham <g...@mozilla.org>; Doug Beattie
<doug.beat...@globalsign.com>; Bruce Morton <bruce.mor...@entrustdatacard.com>
Subject: Re: [cabfpub] Draft CAA motion (4)
On Wed, Jan 25, 2017 at 9:04 AM, Bruce Morton via Public
<public
Entrust votes Yes to ballot 183.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via
Public
Sent: Wednesday, January 25, 2017 10:27 AM
To: CA/Browser Forum Public Discussion List
Cc: Kirk Hall
Subject: [cabfpub]
01/17 14:36, Bruce Morton via Public wrote:
> The issue with a CAA hard-fail for all circumstances is that it could
> impact current obligations for certificate issuance and management
You mean current contractual obligations? It would help if you gave a sample
contract clause you think
The issue with a CAA hard-fail for all circumstances is that it could impact
current obligations for certificate issuance and management and it is
anti-competitive. What I don’t understand is why there are objections to a
proposed solution without trying to provide an alternative. We should
AA motion (3)
On Thu, Jan 12, 2017 at 10:28 AM, Bruce Morton via Public
<public@cabforum.org<mailto:public@cabforum.org>> wrote:
I know there was some discussion about caching. I do think that 1 hour may be a
period which is too short. For instance it does not address the case where a
I’m not sure why we want an email address for a SAN either. If there is a case
for an email address, would it be an alternative put it in the subject name
instead of the SAN? I think that this can be done per BR 7.1.4.2.2.j.
Bruce.
From: Public [mailto:public-boun...@cabforum.org] On Behalf Of
1 - 100 of 109 matches
Mail list logo