Good point. If you want your method preserved, please send it to one of the
CA/Browser forum lists.
-Tim
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Tuesday, January 30, 2018 8:46 AM
To: Tim Hollebeek
Cc: mozilla-dev-security-policy
Subject: Re: IP Validation using method 3.2.2.5 (4) "any other method"
On Tue, Jan 30, 2018 at 10:37 AM, Tim Hollebeek via dev-security-policy
mailto:dev-security-policy@lists.mozilla.org> > wrote:
I'm sending this to this list because CAs are required to monitor this list,
and I need to get feedback from smaller and more obscure CAs.
The validation working group is thinking about proposing removal of 3.2.2.5
(4) in the near future. If you are currently using that method to validate
IP certificates, please reply with the details of what you are doing so the
procedure can be examined and potentially added to the Baseline Requirements
as a valid method for validating IP certificates. FAILURE TO DO SO MAY
RESULT IN YOUR METHOD BECOMING NON-COMPLIANT WITH LITTLE OR NO NOTICE.
Just a note: Replying with those details to *this* list won't offer the
CA/Browser Forum's IP protections.
I would instead suggest that CAs that do not participate in the CA/Browser
Forum, but use this method, join the CA/Browser Forum and contribute such
methods. The failure to disclose in a way that is agreed upon by the IP policy
of the CA/Browser Forum is a reasonably high enough risk that it should be
prevented from adding it to the CA/Browser Forum documents.
smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
