Re: [cabfpub] Bergamo F2F Agenda Item

[Dimitris Zacharopoulos (HARICA) via Public]

On 16/5/2024 3:17 μ.μ., Arno Fiedler wrote:


Hello Dimitris,

the GLEIF has developed the concept of a “Verifiable Legal 
Identifier”, the  qvLEI are issued by a trusted network of “qualified” 
vLEI Issuers.
That seems to be an interesting and important new topic in the field 
of organizational identities/OV based on LEI


We can ask the GLEIF CEO Stepan Worl for a lecture, let me know if I 
should ask him (like in 2017)




There is a new CEO taking over June 26, 2024. For me this sounds very 
interesting and I've been following this work for a while. I assume you 
are suggesting that we have a guest speaker on this topic in a future 
F2F meeting, not the one in Bergamo which is just around the corner.



Thanks,
Dimitris.


Best regards

Arno

*Von:*Public  *Im Auftrag von *Dimitris 
Zacharopoulos (HARICA) via Public

*Gesendet:* Dienstag, 14. Mai 2024 17:28
*An:* Ben Wilson 
*Cc:* CA/Browser Forum Public Discussion List 
*Betreff:* Re: [cabfpub] Bergamo F2F Agenda Item

On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:

Hi Dimitris,

There appears to be an open slot on the F2F agenda - Wed. May 29th
at 9:05 a.m.  I was thinking we could use that time to discuss
revocation timelines and balancing the security provided by
revocation with the security/stability needed to support critical
infrastructure. In other words, we could discuss BR section 4.9.1
and  concerns about disruption of global/national operations in
banking/finance, transportation, government, telecommunications,
healthcare, and other key areas where certificate revocation might
cause key systems to fail.

Should I put this topic in that open slot on the wiki?

Thanks,

Ben


Hi Ben,

I think that would be great. I assume you will be leading this session.

I think it's a great opportunity for CAs with past experience on 
delayed revocations to share some insight about specific challenges in 
the sectors you listed, and possibly add some that are missing.


FYI, public evidence for delayed revocation incidents (open and 
closed, based on specific tags) is available in this link 
<https://bugzilla.mozilla.org/buglist.cgi?f1=OP&f4=CP&v2=ca-compliance&f2=status_whiteboard&o2=allwordssubstr&component=CA%20Certificate%20Compliance&query_format=advanced&list_id=17029100&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&v3=delayed-revocation%20leaf-revocation-delay&resolution=---&resolution=FIXED&resolution=INVALID&resolution=WONTFIX&resolution=DUPLICATE&resolution=WORKSFORME&o3=anywordssubstr&f3=status_whiteboard>.


Although you mentioned that this affects the BR section 4.9.1, this 
topic affects all Working Groups because all the WG BRs have a section 
4.9.1 that is pretty much similar with the TLS BRs. With that said, I 
would like to ask if Members have any objections for discussing this 
topic as part of the Forum plenary.



Thank you,
Dimitris
CA/B Forum Chair

___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bergamo F2F Agenda Item

[Arno Fiedler via Public]

Hello Dimitris,
the GLEIF has developed the concept of a "Verifiable Legal Identifier", the  
qvLEI are issued by a trusted network of "qualified" vLEI Issuers.
That seems to be an interesting and important new topic in the field of 
organizational identities/OV based on LEI
We can ask the GLEIF CEO Stepan Worl for a lecture, let me know if I should ask 
him (like in 2017)
Best regards
Arno

Von: Public  Im Auftrag von Dimitris Zacharopoulos 
(HARICA) via Public
Gesendet: Dienstag, 14. Mai 2024 17:28
An: Ben Wilson 
Cc: CA/Browser Forum Public Discussion List 
Betreff: Re: [cabfpub] Bergamo F2F Agenda Item


On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:
Hi Dimitris,
There appears to be an open slot on the F2F agenda - Wed. May 29th at 9:05 a.m. 
 I was thinking we could use that time to discuss revocation timelines and 
balancing the security provided by revocation with the security/stability 
needed to support critical infrastructure. In other words, we could discuss BR 
section 4.9.1 and  concerns about disruption of global/national operations in 
banking/finance, transportation, government, telecommunications, healthcare, 
and other key areas where certificate revocation might cause key systems to 
fail.
Should I put this topic in that open slot on the wiki?
Thanks,
Ben

Hi Ben,

I think that would be great. I assume you will be leading this session.

I think it's a great opportunity for CAs with past experience on delayed 
revocations to share some insight about specific challenges in the sectors you 
listed, and possibly add some that are missing.

FYI, public evidence for delayed revocation incidents (open and closed, based 
on specific tags) is available in this 
link<https://bugzilla.mozilla.org/buglist.cgi?f1=OP&f4=CP&v2=ca-compliance&f2=status_whiteboard&o2=allwordssubstr&component=CA%20Certificate%20Compliance&query_format=advanced&list_id=17029100&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&v3=delayed-revocation%20leaf-revocation-delay&resolution=---&resolution=FIXED&resolution=INVALID&resolution=WONTFIX&resolution=DUPLICATE&resolution=WORKSFORME&o3=anywordssubstr&f3=status_whiteboard>.

Although you mentioned that this affects the BR section 4.9.1, this topic 
affects all Working Groups because all the WG BRs have a section 4.9.1 that is 
pretty much similar with the TLS BRs. With that said, I would like to ask if 
Members have any objections for discussing this topic as part of the Forum 
plenary.


Thank you,
Dimitris
CA/B Forum Chair
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bergamo F2F Agenda Item

[Inigo Barreira via Public]

It does not matter if CT is not in the TLS BRs if the idea is to
check/verify how the delay of revocations is affecting operations in
banking/finance, healthcare, etc. because without CT you can´t check and
only get the word of the CA. With the other cert types, you can´t check,
only with TLS in where you can see the subject.

And yes, all CAs are accountable but again, unless you can verify somehow,
it´s not easy.





De: Dimitris Zacharopoulos (HARICA) 
Enviado el: martes, 14 de mayo de 2024 17:43
Para: Inigo Barreira ; CA/Browser Forum Public
Discussion List ; Ben Wilson 
Asunto: Re: [cabfpub] Bergamo F2F Agenda Item



CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.





On 14/5/2024 6:36 μ.μ., Inigo Barreira wrote:

I don´t have any issue to discuss this at the forum plenary but the main
difference between the TLS and the other cert types is the accountability
these have because being in the CT logs and anyone can check/review. But, go
ahead.


CT is not in the TLS BRs so they are not so much related. I also don't
understand what you mean by "accountability" because all CAs are accountable
for all types of publicly-trusted certificates they issue (TLS, Code
Signing, S/MIME), and they all have -similar- rules for revocation.

Thanks,
Dimitris.






De: Public  <mailto:public-boun...@cabforum.org>
 En nombre de Dimitris Zacharopoulos (HARICA)
via Public
Enviado el: martes, 14 de mayo de 2024 17:28
Para: Ben Wilson  <mailto:bwil...@mozilla.com> 
CC: CA/Browser Forum Public Discussion List  <mailto:public@cabforum.org>

Asunto: Re: [cabfpub] Bergamo F2F Agenda Item



CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.





On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:

Hi Dimitris,

There appears to be an open slot on the F2F agenda - Wed. May 29th at 9:05
a.m.  I was thinking we could use that time to discuss revocation timelines
and balancing the security provided by revocation with the
security/stability needed to support critical infrastructure. In other
words, we could discuss BR section 4.9.1 and  concerns about disruption of
global/national operations in banking/finance, transportation, government,
telecommunications, healthcare, and other key areas where certificate
revocation might cause key systems to fail.

Should I put this topic in that open slot on the wiki?

Thanks,

Ben


Hi Ben,

I think that would be great. I assume you will be leading this session.

I think it's a great opportunity for CAs with past experience on delayed
revocations to share some insight about specific challenges in the sectors
you listed, and possibly add some that are missing.

FYI, public evidence for delayed revocation incidents (open and closed,
based on specific tags) is available in this link.

Although you mentioned that this affects the BR section 4.9.1, this topic
affects all Working Groups because all the WG BRs have a section 4.9.1 that
is pretty much similar with the TLS BRs. With that said, I would like to ask
if Members have any objections for discussing this topic as part of the
Forum plenary.


Thank you,
Dimitris
CA/B Forum Chair





smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bergamo F2F Agenda Item

[Dimitris Zacharopoulos (HARICA) via Public]

On 14/5/2024 6:36 μ.μ., Inigo Barreira wrote:


I don´t have any issue to discuss this at the forum plenary but the 
main difference between the TLS and the other cert types is the 
accountability these have because being in the CT logs and anyone can 
check/review. But, go ahead.




CT is not in the TLS BRs so they are not so much related. I also don't 
understand what you mean by "accountability" because all CAs are 
accountable for all types of publicly-trusted certificates they issue 
(TLS, Code Signing, S/MIME), and they all have -similar- rules for 
revocation.


Thanks,
Dimitris.

*De:*Public  *En nombre de *Dimitris 
Zacharopoulos (HARICA) via Public

*Enviado el:* martes, 14 de mayo de 2024 17:28
*Para:* Ben Wilson 
*CC:* CA/Browser Forum Public Discussion List 
*Asunto:* Re: [cabfpub] Bergamo F2F Agenda Item

CAUTION: This email originated from outside of the organization. Do 
not click links or open attachments unless you recognize the sender 
and know the content is safe.


On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:

Hi Dimitris,

There appears to be an open slot on the F2F agenda - Wed. May 29th
at 9:05 a.m.  I was thinking we could use that time to discuss
revocation timelines and balancing the security provided by
revocation with the security/stability needed to support critical
infrastructure. In other words, we could discuss BR section 4.9.1
and  concerns about disruption of global/national operations in
banking/finance, transportation, government, telecommunications,
healthcare, and other key areas where certificate revocation might
cause key systems to fail.

Should I put this topic in that open slot on the wiki?

Thanks,

Ben


Hi Ben,

I think that would be great. I assume you will be leading this session.

I think it's a great opportunity for CAs with past experience on 
delayed revocations to share some insight about specific challenges in 
the sectors you listed, and possibly add some that are missing.


FYI, public evidence for delayed revocation incidents (open and 
closed, based on specific tags) is available in this link 
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fbuglist.cgi%3Ff1%3DOP%26f4%3DCP%26v2%3Dca-compliance%26f2%3Dstatus_whiteboard%26o2%3Dallwordssubstr%26component%3DCA%2520Certificate%2520Compliance%26query_format%3Dadvanced%26list_id%3D17029100%26bug_status%3DNEW%26bug_status%3DASSIGNED%26bug_status%3DREOPENED%26bug_status%3DRESOLVED%26v3%3Ddelayed-revocation%2520leaf-revocation-delay%26resolution%3D---%26resolution%3DFIXED%26resolution%3DINVALID%26resolution%3DWONTFIX%26resolution%3DDUPLICATE%26resolution%3DWORKSFORME%26o3%3Danywordssubstr%26f3%3Dstatus_whiteboard&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C359a894ee455450d700308dc742a7c05%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638512973035813492%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ksZzBYz0sq06L0qwEvCZcdOe3UTCuUO5%2F4m8sn%2FIZgw%3D&reserved=0>.


Although you mentioned that this affects the BR section 4.9.1, this 
topic affects all Working Groups because all the WG BRs have a section 
4.9.1 that is pretty much similar with the TLS BRs. With that said, I 
would like to ask if Members have any objections for discussing this 
topic as part of the Forum plenary.



Thank you,
Dimitris
CA/B Forum Chair

___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bergamo F2F Agenda Item

[Inigo Barreira via Public]

I don´t have any issue to discuss this at the forum plenary but the main
difference between the TLS and the other cert types is the accountability
these have because being in the CT logs and anyone can check/review. But, go
ahead.



De: Public  En nombre de Dimitris Zacharopoulos
(HARICA) via Public
Enviado el: martes, 14 de mayo de 2024 17:28
Para: Ben Wilson 
CC: CA/Browser Forum Public Discussion List 
Asunto: Re: [cabfpub] Bergamo F2F Agenda Item



CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.





On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:

Hi Dimitris,

There appears to be an open slot on the F2F agenda - Wed. May 29th at 9:05
a.m.  I was thinking we could use that time to discuss revocation timelines
and balancing the security provided by revocation with the
security/stability needed to support critical infrastructure. In other
words, we could discuss BR section 4.9.1 and  concerns about disruption of
global/national operations in banking/finance, transportation, government,
telecommunications, healthcare, and other key areas where certificate
revocation might cause key systems to fail.

Should I put this topic in that open slot on the wiki?

Thanks,

Ben


Hi Ben,

I think that would be great. I assume you will be leading this session.

I think it's a great opportunity for CAs with past experience on delayed
revocations to share some insight about specific challenges in the sectors
you listed, and possibly add some that are missing.

FYI, public evidence for delayed revocation incidents (open and closed,
based on specific tags) is available in this link.

Although you mentioned that this affects the BR section 4.9.1, this topic
affects all Working Groups because all the WG BRs have a section 4.9.1 that
is pretty much similar with the TLS BRs. With that said, I would like to ask
if Members have any objections for discussing this topic as part of the
Forum plenary.


Thank you,
Dimitris
CA/B Forum Chair



smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Bergamo F2F Agenda Item

[Dimitris Zacharopoulos (HARICA) via Public]

On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:

Hi Dimitris,
There appears to be an open slot on the F2F agenda - Wed. May 29th at 
9:05 a.m.  I was thinking we could use that time to discuss revocation 
timelines and balancing the security provided by revocation with the 
security/stability needed to support critical infrastructure. In other 
words, we could discuss BR section 4.9.1 and  concerns about 
disruption of global/national operations in banking/finance, 
transportation, government, telecommunications, healthcare, and other 
key areas where certificate revocation might cause key systems to fail.

Should I put this topic in that open slot on the wiki?
Thanks,
Ben


Hi Ben,

I think that would be great. I assume you will be leading this session.

I think it's a great opportunity for CAs with past experience on delayed 
revocations to share some insight about specific challenges in the 
sectors you listed, and possibly add some that are missing.


FYI, public evidence for delayed revocation incidents (open and closed, 
based on specific tags) is available in this link 
.


Although you mentioned that this affects the BR section 4.9.1, this 
topic affects all Working Groups because all the WG BRs have a section 
4.9.1 that is pretty much similar with the TLS BRs. With that said, I 
would like to ask if Members have any objections for discussing this 
topic as part of the Forum plenary.



Thank you,
Dimitris
CA/B Forum Chair___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

[cabfpub] Bergamo F2F Agenda Item

[Ben Wilson via Public]

Hi Dimitris,
There appears to be an open slot on the F2F agenda - Wed. May 29th at 9:05
a.m.  I was thinking we could use that time to discuss revocation timelines
and balancing the security provided by revocation with the
security/stability needed to support critical infrastructure. In other
words, we could discuss BR section 4.9.1 and  concerns about disruption of
global/national operations in banking/finance, transportation, government,
telecommunications, healthcare, and other key areas where certificate
revocation might cause key systems to fail.
Should I put this topic in that open slot on the wiki?
Thanks,
Ben
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public