We may have lost sufficient context: We are proposing extending the revocation timeline, because some CAs feel they need additional time to respond to incidents. We don't have a sense about what the situations are. We don't know whether those situations are reasonable. We don't know whether there exist alternatives that don't require that original time.
So it seems reasonable - and important - to bring transparency to that. I would assert that without such a system - and a requirement - we will be no closer to understanding those challenges tomorrow than we are today. On Wed, Sep 13, 2017 at 3:57 PM, Jeremy Rowley <[email protected]> wrote: > I understand what you are saying, but revocation timelines seems like a > different topic than challenges facing the space. There should be a > mailing list for challenges, but I don’t think it should be tied to > changing the revocation timelines already in the BRs. > > > > *From:* Ryan Sleevi [mailto:[email protected]] > *Sent:* Wednesday, September 13, 2017 1:18 PM > *To:* Jeremy Rowley <[email protected]> > *Cc:* CA/Browser Forum Public Discussion List <[email protected]> > *Subject:* Re: [cabfpub] Ballot 213 - Revocation Timeline Extension > > > > > > > > On Wed, Sep 13, 2017 at 3:10 PM, Jeremy Rowley <[email protected]> > wrote: > > Sure, but I plan on uploading all these to the Mozilla dev list. Emailing > the CAB Forum as well seems like duplicative effort, especially since the > emails aren’t going to be readily collaborated. If the CABForum is going > to collect the problem reports, some format other than email would be much > better for data collection. > > > > I'm not sure I understand your point about collaborated, but I think you > may be misunderstanding the goal. > > > > I appreciate the desire for transparency and engagement with the > community, and I hope all CAs aspire to that level. However, I think the > goal here is minimally to ensure public visibility, in a self-managed form > (that is, I have difficulty imagining the CABF requiring an MDSP posting). > I think going above and beyond is good, but i think we should set minimum > reasonable requirements. > > > > As I noted, I'm not wedded to the idea of public@, but I think there > should be a CABF-managed, publicly-visible list for discussion about the > challenges here in this space :) > > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
