On Fri, Feb 2, 2024, 16:13 Clint Wilson via Servercert-wg <
servercert-wg@cabforum.org> wrote:
> Hi Martijn,
>
> Thanks for sending this out for discussion. Just a few comments at this
> point:
>
>
>1. I’m not sure the wording "Router and firewall activities" is
>considered an unspecified
Hi Martijn,
Thanks for sending this out for discussion. Just a few comments at this point:
I’m not sure the wording "Router and firewall activities" is considered an
unspecified term, and leaves the exact definition and scope up to the CA,
however” is necessary or even really helpful. I think
Yeah, this is where the GlobalSign ballot is actually an excellent start. I
enjoyed Eva's overview on a recent validation SC call. I need to dig deeper
into it and do more analysis of the proposals and what I think of them.
It's an ongoing conversation internally and I hope to have some
This ballot aims to clarify the existing language around the use of
delegated third-parties during domain and IP address control validation. It
leaves the existing language in place, and adds specifics for the cases of
DNS queries, WHOIS lookups, and contact with the Domain Name Registrat or
IP
Doug,
I do agree that we need to update the EV Guidelines. They were created with the
theme of single, manual certificate requests. There was no consideration for
automation. I do think that we should get update understanding of what we want
out of EV. I agree with "increased verified
Hi Paul,
Yea, that's a lot of good information, but I keep coming back to "what's the
value of the certificate approver, especially within a managed account, for
EV in 2024"? Do we need to have designated individuals as the only people
that can request EV domains and certificates? When EVGL
An ACME key and API key are both credentials but just in a different from, I
provided the examples with API keys as these are most widely used today.
We do indeed use the External Account Binding (EAB), and this works for a setup
where the user can configure the ACME server at the Cloud Service
Hi Paul,
Thanks for that presentation.
I'm assuming that Entrust uses External Account Binding (EAB) to link the
MAC key and KeyID to the customer account. Are these the API credentials
you're referring to in the presentation?
Another way to look into automating for EV is asking the
These are the final Minutes of the Teleconference described in the subject
of this message.
Server Certificate Working Group Meeting
Attendance:
Yashwanth - eMudhra
Brianca Martin - Amazon
Paul van Brouwershaven
Wayne Thayer - Fastly
Andrea Holland - VikingCloud
Jaime