Reading this pre-ballot, I just wondered why the CA/B Forum limits its membership to participants that issues certificates at least to Web servers (vulgo HTTPS certificates).
There might be specialized CAs offering client, code signing, or object certificates only possible to comply with the BR standards but not entitled to apply for membership. Are there any reasons for this limitation? Regards Benedikt > With the tentative endorsements by Trend and Mozilla, the ballot reads > as follows: > > > > Background: > > Section 2.1 (a)(1) says that Issuing CAs “actively issue certificates to > Web servers…” > > > > Section 2.1(b) of the bylaws lists the items needed in a membership > application by CAs. > > But that section does not ask the CA applicant to provide a 3^rd party > website where the CA/B Forum can validate that they are actively issuing > certs to web servers. We do however ask the applicant this question, > after they have submitted their application. It would be helpful to have > this in the bylaws so we don’t have to go back and ask every time. > > > > Specific change: > > > > Add under 2.1(b) > > (7) The URL of at least one third party website that is using includes a > certificate from issued by the Applicant CA which can be examined by > Forum membersin the certificate chain. > > > > Any other comments? > > Dean > > > > > > *From:* [email protected] [mailto:[email protected]] > *On Behalf Of *Dean Coclin > *Sent:* Thursday, March 17, 2016 11:29 AM > *To:* CABFPub <[email protected]> > *Subject:* [cabfpub] Pre-ballot on membership requirement update > > > > I am looking for 2 endorsers for the following: > > > > Background: > > Section 2.1 (a)(1) says that Issuing CAs “actively issue certificates to > Web servers…” > > > > Section 2.1(b) of the bylaws lists the items needed in a membership > application by CAs. > > But that section does not ask the CA applicant to provide a 3^rd party > website where the CA/B Forum can validate that they are actively issuing > certs to web servers. We do however ask the applicant this question, > after they have submitted their application. It would be helpful to have > this in the bylaws so we don’t have to go back and ask every time. > > > > Specific change: > > > > Add under 2.1(b) > > (7) The URL of at least one third party website that is using includes a > certificate from issued by the Applicant CA which can be examined by > Forum membersin the certificate chain. > > > > Thanks, > Dean > > > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
