On Thu, Sep 21, 2017 at 1:38 PM, Gervase Markham <[email protected]> wrote:
> On 20/09/17 01:26, Ryan Sleevi wrote: > > I appreciate your suggestion of a solution, but I'm not quite sure I > > understand your concerns. Apologies for that, but it would be great if > > you could elaborate why you feel it may be "overreaching". I had hoped > > my explanation provided context how it's both relevant and applicable to > > the activities of the CA/Browser Forum, and independent of any > > particular Root Stores perspective. > > That was responding to a point made by you; you said it might be > inappropriate for the CAB Forum to require posting to m.d.s.p. And I > agree - it's outside the CAB Forum's remit. This is what I meant by the > "overreaching" I was avoiding. My proposed solution is that the BRs > require the existence of the report, and the root program requirements > say where it needs to be placed. > Do you see a problem with the BRs requiring it be posted to a CABF list? That is, could you elaborate on what the advantages are of having multiple root programs require disclosure versus providing a central clearing house? > > In this context, I think it's useful to consider what is fundamentally a > > very simple proposal: > > - the CA/B Forum can establish a list that allows publishing of such > reports > > - The Baseline Requirements require posting such results to that list > > I'm ambivalent. It's one more thing for a CA to remember to do, and as > a root program person who will be requiring them to be sent to me > anyway, it doesn't add value for me. But I have no strong objection :-) > I see - so your position is that even in the existence of a mechanism to centrally disclose such events, you would still require independent disclosure? Would you agree that there is separate value from having a root store disclosure (which can affect how the root program itself behaves with respect to a particular member) versus having an open, public disclosure in a vendor-neutral way (which can allow for improvements to the BRs and identifying problematic scenarios in a vendor-neutral way)?
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
