Regarding the contributing… I’m not even sure it should be a SHOULD.
I like adding it as a guidance for CAs, especially any new CA that may start
from scratch reading the BRs. So how about “CAs are encouraged to contribute to
existing open-source linters”?
From: Servercert-wg on behalf of
> Are you referring to your quoted statement? I had two quotes in my first
email of the thread :-)
No, more specifically: ”If the CA asserts compliance with these Baseline
Requirements, all certificates that it issues MUST comply with one of the
following certificate profiles”
> This
>Thoughts? Disagreements? I know that Apple has already publicly shared an
opinion https://bugzilla.mozilla.org/show_bug.cgi?id=1886467#c13Click
to follow link.> on this matter so I'm hoping to get more feedback from
Members here :)
I do agree with the quoted statement. If compliance is
Hi Chris,
Thank you for getting this ballot out. After having gone through the language
more detailed, I have a few comments. I’ve added these to the Github PR, but
will list them here additionally for visibility.
* Minor nit:
Hi Samantha, Aaron,
I like this idea, quite a lot. Though I do want to share a few thoughts I’ve
got on the subject:
* While we could (strongly) recommend that the ballot authors and/or endorsers
try to incorporate this, we should make it an optional recommendation. Not
everyone may have
All,
We’ve recently become aware that some CAs have issued certificates containing
punycode encoded domain labels compatible with IDNA2008, that are not
compatible with IDNA2003.
Our own interpretation is that IDNA2008 is currently not permitted. While the
LDH, Non-Reserved LDH and XN
Summary:
This ballot aims to clarify what data needs to be logged as part of the
"Firewall and router activities" logging requirement in the Baseline
Requirements.
This ballot is proposed by Martijn Katerbarg (Sectigo) and endorsed by Daniel
Jeffery (Fastly) and Ben Wilson (Mozilla).
---
Summary:
This ballot aims to clarify what data needs to be logged as part of the
"Firewall and router activities" logging requirement in the Baseline
Requirements.
This ballot is proposed by Martijn Katerbarg (Sectigo) and endorsed by Daniel
Jeffery (Fastly) and Ben Wilson (Mozilla).
---
Thanks Wayne,
>- The Debian vulnerability is more than 15 years old. If an Applicant submits
>a Debian weak key at this point, they almost certainly have bigger security
>issues.
This is the bit I have problems with. Just because the applicant (probably) has
bigger security issues, doesn’t
Wayne,
Apologies if I’ve missed something in discussions, but why exactly are we
removing the Debian Weak Keys language, and even explicitly mentioned that CAs
do not need to check for them (anymore)?
Regards,
Martijn
From: Servercert-wg on behalf of Wayne
Thayer via Servercert-wg
router and
firewall logging requirements
Hi Martijn,
This is a nit, but is there an extra quotation mark in line 1556? Sorry for not
spotting this earlier :(
Thanks!
-Clint
On Feb 22, 2024, at 11:50 AM, Martijn Katerbarg via Servercert-wg
wrote:
Summary:
This ballot aims
Summary:
This ballot aims to clarify what data needs to be logged as part of the
"Firewall and router activities" logging requirement in the Baseline
Requirements.
This ballot is proposed by Martijn Katerbarg (Sectigo) and endorsed by Daniel
Jeffery (Fastly) and Ben Wilson (Mozilla).
---
Summary:
This ballot aims to clarify what data needs to be logged as part of the
"Firewall and router activities" logging requirement in the Baseline
Requirements.
This ballot is proposed by Martijn Katerbarg (Sectigo) and endorsed by Daniel
Jeffery (Fastly) and Ben Wilson (Mozilla).
---
Since there’s no further comments, I will start version 2 of this ballot’s
discussion period in the next 24 hours based on the feedback received from
Clint, unless there are further comments.
From: Servercert-wg on behalf of Martijn
Katerbarg via Servercert-wg
Date: Wednesday, 7 February
with rules that support only the services, protocols, ports, and
communications that the CA has identified as necessary to its operations;”
From: Servercert-wg mailto:servercert-wg-boun...@cabforum.org>> On Behalf Of Martijn Katerbarg via
Servercert-wg
Sent: Monday, February 5, 2024 12:
s
fundamental to membership and participation in the CA/B Forum at all — every
member, regardless of type, should feel welcome and encouraged to recommend
changes to any of the CA/B Forum documents. But we don’t say that anywhere, so
maybe this is a good start?
Cheers!
-Clint
On Ja
Summary:
This ballot aims to clarify what data needs to be logged as part of the
"Firewall and router activities" logging requirement in the Baseline
Requirements.
This ballot is proposed by Martijn Katerbarg (Sectigo) and endorsed by Daniel
Jeffery (Fastly) and Ben Wilson (Mozilla).
---
improvement to us at Certainly. We'd be willing to endorse it in the
current form.
On Wed, 3 Jan 2024 at 03:45, Martijn Katerbarg via Servercert-wg
mailto:servercert-wg@cabforum.org>> wrote:
All,
I’ve made a few changes based on discussions that were held a few weeks ago.
This in
artijn
Katerbarg via Servercert-wg
Date: Friday, 22 September 2023 at 09:36
To: Tobias S. Josefowitz , CA/B Forum Server Certificate WG
Public Discussion List
Subject: Re: [Servercert-wg] Proposal to update logging requirements
CAUTION: This email originated from outside of the organization. Do not
Thanks Aaron.
I feel like the shall in "For purposes of measuring periods of time, one hour
shall be defined to be exactly 3,600 seconds" should be capitalized.
Regards,
Martijn
From: Servercert-wg on behalf of Aaron
Gable via Servercert-wg
Sent: Thursday,
Hi Tobias,
I can only share our side of the discussion, as done in the first email I sent
out. However the logging of all OCSP requests was certainly part of this. Other
than that, the discussion was more in general around what it may entail without
going into specific points on what should
Sept 2023 at 03:00, Martijn Katerbarg via Servercert-wg
mailto:servercert-wg@cabforum.org>> wrote:
Hi all,
During our last WebTrust audit cycle it became clear that our interpretation of
“Firewall and router activities” and CPA Canada’s interpretation were
meaningfully dif
vercert-wg] Proposal to update logging requirements
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
Hi Martijn,
On Wed, 13 Sep 2023, Martijn Katerbarg via Servercert-wg wrote:
&g
Hi all,
During our last WebTrust audit cycle it became clear that our interpretation of
“Firewall and router activities” and CPA Canada’s interpretation were
meaningfully different. In particular it came to light that in its most
aggressive possible interpretation, the actual logging of a
Hey Pedro,
I would suggest that we keep this in a separate ballot. The RFC conversion is a
large update. Adding actual changes to the requirements in there, may make it
messy and makes it even harder to review.
If you wish, I’m happy however to help you update the existing proposed change,
Ben,
This seems like a good option. I’d say maybe we need to increase the 6 months
period to 12, otherwise within a 6 months period there may only be 1 F2F.
Requiring attendance (remote or in-person) if there’s only 1 F2F in the
time-span, could be hard if there’s a case of bad timing.
Hey Antti,
GitHub Actions generates the PDFs for us. You can currently find the latest
version on
https://github.com/cabforum/servercert/suites/14299256781/artifacts/804085932
From: Servercert-wg On Behalf Of Backman,
Antti via Servercert-wg
Sent: Monday, 28 August 2023 11:31
To: Inigo
27 matches
Mail list logo
