Sure, but I plan on uploading all these to the Mozilla dev list. Emailing the CAB Forum as well seems like duplicative effort, especially since the emails aren’t going to be readily collaborated. If the CABForum is going to collect the problem reports, some format other than email would be much better for data collection.
From: Ryan Sleevi [mailto:[email protected]] Sent: Wednesday, September 13, 2017 1:04 PM To: Jeremy Rowley <[email protected]> Cc: CA/Browser Forum Public Discussion List <[email protected]> Subject: Re: [cabfpub] Ballot 213 - Revocation Timeline Extension On Wed, Sep 13, 2017 at 2:52 PM, Jeremy Rowley <[email protected] <mailto:[email protected]> > wrote: I agree with the goal of getting this information out there, and using the CAB Forum this way seems in scope. Per the bylaws: “Members of the CA/Browser Forum have worked closely together in defining the guidelines and means of implementation for best practices as a way of providing a heightened security for Internet transactions and creating a more intuitive method of displaying secure sites to Internet users.” (Section 1) However, I’m struggling to see why the CAB Forum would want to collect this info as a requirement rather than allowing CAs to submit the information voluntarily when there are questions. Usually, we require the location of the disclosure be set in the CPS/CP, not as an email to the CAB Forum. Shouldn’t we follow that format here? Because this is an industry problem - and it's one that is either facilitated by or stymied by the collective Baseline Requirements and Root Program Requirements. Our goals in Internet Security should be to establish a consistent baseline in the application of policies and practices. While we can disclose those in CP/CPS, that doesn't do anything to align consistency or promote information sharing. What we're discussing about is sharing information related to the challenges of adhering to the minimum required policies and practices, so we can improve both.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
