CA/Browser Forum posts
Posts by author Ben Wilson
2015-02-19 Minutes
February 19, 2015 by Ben WilsonAttendees: Dean Coclin (Symantec), Doug Beattie (GlobalSign), Kirk Hall (Trend Micro), Bruce Morton (Entrust), Rick Andrews (Symantec), Ben Wilson (DigiCert), Eddy Nigg (Startcom), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Tim Shirley (Trustwave), Wayne Thayer (GoDaddy), Cornelia Enke (SwissSign), Atilla Biler (TurkTrust), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Sissel Hoel (BuyPass), Kubra Zeray (TurkTrust), Davut Tokgöz (E-Tugra), Cecilia Kam (Symantec). Antitrust Statement was read. Minutes of Feb 5th meeting were approved. Ben to post to website Ballot Status: Ballots 143 and 144 were approved. Ben will update the website to reflect the new working group name. Ballot 144 requires changes to the EV Guidelines which Jeremy will amend and update. There were a large number of abstentions on ballot 144. Jeremy said that many people may have used that to help the ballot meet quorum and that they didn’t have a strong interest in the ballot. IPv6: Ryan put out a draft ballot on this topic. Dean sent out the results of a survey of CASC members on this topic which Gerv said was very useful. Gerv said it would be good for the Internet for the Forum to support IPv6 and that the ballot provides a generous amount of time to do this. Jeremy said some CAs use a CDN and that may not support IPv6. Wayne updated the group stating that GoDaddy can now support it. Rick stated that for the sake of a complete argument, why not let market forces control this? Let people choose a CA that supports it if they want. Gerv said that doesn’t work because a user or third party doesn’t have that choice. Rick said most browsers don’t fail on OCSP failure so it’s not blocking anything. Membership Application of TrustCor Systems: The Forum received an application for membership from this entity. They have a WebTrust report from Princeton Audit Group which stated they are not actively issuing certificates yet. Dean sent the applicant a note asking for a site that uses one of their certs. He also sent a note to Don Sheehy about the auditor qualifications. Kirk asked if they have a BR audit which Dean will ask the applicant. Kirk suggested that if they don’t fully qualify, they could be granted observer status. Wayne asked if we should update the membership rules to require a BR audit. Jeremy agreed that this should be updated and that when we do a bylaw update, this should be undertaken. Wayne also said that everyone on the Management list is also on the Questions list. New Ballots: Operational Existence (145) and pre-ballot Domain Validation (146). Cecilia and Kirk said that the EV Working group proposed ballot 145 for Government entity purposes. Discussion period for 145 starts today. Ballot 146 is a proposal to eliminate the “any other method (7)” for domain validation. Jeremy said they are soliciting comments and should have a proposal ready by the face to face meeting. Kirk encouraged others to bring forward any other verification methods for domain validation. Jeremy said there is another ballot coming forward on using attorney opinion letters for legal existence. This should be out before the face to face meeting. Working group publicity: To date, the working group mailing lists have not been public. The bylaws state (in one place) that minutes and agendas of working groups should be made public and (in another place) that the lists should be managed in the same fashion as the public list. Gerv said that some working groups weren’t public because they were in existence before the bylaws. But we should make the archives publicly accessible. Wayne said we can publish the URL to subscribe to the list. Gerv said that when groups are re-chartered, we should create a new list to not violate anyone’s expectation of privacy from the old list. Regarding the new Validation Working Group, Gerv suggested we re-subscribe all the old members to the new list and state that it would be made public. It has to be clear that active participation is limited to those that have signed the IPR. EV WG update: Per #6 above. Code Signing update: Public draft of BR issued. Some comments received which the working group will address before the face to face meeting. Policy Review WG: A ballot will be proposed for the reconfiguration of the BRs to RFC 3647 format. Info Sharing WG: Hasn’t met in a while but needs to get back together soon. Members have had conflicts during the meeting time. Any other business: Kirk said we have 32 members coming to the F2F meeting. Send agenda items to Dean. Next meeting will be March 5th. Dean Coclin CA/B Forum Chair
February 19, 2015 by Ben WilsonAttendees: Dean Coclin (Symantec), Doug Beattie (GlobalSign), Kirk Hall (Trend Micro), Bruce Morton (Entrust), Rick Andrews (Symantec), Ben Wilson (DigiCert), Eddy Nigg (Startcom), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Tim Shirley (Trustwave), Wayne Thayer (GoDaddy), Cornelia Enke (SwissSign), Atilla Biler (TurkTrust), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Sissel Hoel (BuyPass), Kubra Zeray (TurkTrust), Davut Tokgöz (E-Tugra), Cecilia Kam (Symantec). Antitrust Statement was read. Minutes of Feb 5th meeting were approved. Ben to post to website Ballot Status: Ballots 143 and 144 were approved. Ben will update the website to reflect the new working group name. Ballot 144 requires changes to the EV Guidelines which Jeremy will amend and update. There were a large number of abstentions on ballot 144. Jeremy said that many people may have used that to help the ballot meet quorum and that they didn’t have a strong interest in the ballot. IPv6: Ryan put out a draft ballot on this topic. Dean sent out the results of a survey of CASC members on this topic which Gerv said was very useful. Gerv said it would be good for the Internet for the Forum to support IPv6 and that the ballot provides a generous amount of time to do this. Jeremy said some CAs use a CDN and that may not support IPv6. Wayne updated the group stating that GoDaddy can now support it. Rick stated that for the sake of a complete argument, why not let market forces control this? Let people choose a CA that supports it if they want. Gerv said that doesn’t work because a user or third party doesn’t have that choice. Rick said most browsers don’t fail on OCSP failure so it’s not blocking anything. Membership Application of TrustCor Systems: The Forum received an application for membership from this entity. They have a WebTrust report from Princeton Audit Group which stated they are not actively issuing certificates yet. Dean sent the applicant a note asking for a site that uses one of their certs. He also sent a note to Don Sheehy about the auditor qualifications. Kirk asked if they have a BR audit which Dean will ask the applicant. Kirk suggested that if they don’t fully qualify, they could be granted observer status. Wayne asked if we should update the membership rules to require a BR audit. Jeremy agreed that this should be updated and that when we do a bylaw update, this should be undertaken. Wayne also said that everyone on the Management list is also on the Questions list. New Ballots: Operational Existence (145) and pre-ballot Domain Validation (146). Cecilia and Kirk said that the EV Working group proposed ballot 145 for Government entity purposes. Discussion period for 145 starts today. Ballot 146 is a proposal to eliminate the “any other method (7)” for domain validation. Jeremy said they are soliciting comments and should have a proposal ready by the face to face meeting. Kirk encouraged others to bring forward any other verification methods for domain validation. Jeremy said there is another ballot coming forward on using attorney opinion letters for legal existence. This should be out before the face to face meeting. Working group publicity: To date, the working group mailing lists have not been public. The bylaws state (in one place) that minutes and agendas of working groups should be made public and (in another place) that the lists should be managed in the same fashion as the public list. Gerv said that some working groups weren’t public because they were in existence before the bylaws. But we should make the archives publicly accessible. Wayne said we can publish the URL to subscribe to the list. Gerv said that when groups are re-chartered, we should create a new list to not violate anyone’s expectation of privacy from the old list. Regarding the new Validation Working Group, Gerv suggested we re-subscribe all the old members to the new list and state that it would be made public. It has to be clear that active participation is limited to those that have signed the IPR. EV WG update: Per #6 above. Code Signing update: Public draft of BR issued. Some comments received which the working group will address before the face to face meeting. Policy Review WG: A ballot will be proposed for the reconfiguration of the BRs to RFC 3647 format. Info Sharing WG: Hasn’t met in a while but needs to get back together soon. Members have had conflicts during the meeting time. Any other business: Kirk said we have 32 members coming to the F2F meeting. Send agenda items to Dean. Next meeting will be March 5th. Dean Coclin CA/B Forum Chair
Ballot 145 – Operational Existence for Government Entities
February 19, 2015 by Ben WilsonBallot 145 – Operational Existence for Government Entities Reason Because government entities aren’t operating as businesses, they are often not listed with a QIIS, especially immediately after the entity is created by either statute or order. The legal existence of these entities is verifiable through a QGIS, but this source in many countries (especially Arabic and African countries) does not always list a date of creation of these entities. Operational existence exists to ensure organizations aren’t fly-by-night scams/phishing entities. With government entities, these same risks are not present as they are created directly by government action.
February 19, 2015 by Ben WilsonBallot 145 – Operational Existence for Government Entities Reason Because government entities aren’t operating as businesses, they are often not listed with a QIIS, especially immediately after the entity is created by either statute or order. The legal existence of these entities is verifiable through a QGIS, but this source in many countries (especially Arabic and African countries) does not always list a date of creation of these entities. Operational existence exists to ensure organizations aren’t fly-by-night scams/phishing entities. With government entities, these same risks are not present as they are created directly by government action.
Ballot 144 – Validation rules for .onion names
February 18, 2015 by Ben WilsonBallot 144 – Validation Rules for .onion Names – passed with 6 Yes votes, 2 No votes and 13 Abstentions from the CAs and 3 Yes votes from the browsers. Detailed results are on the Forum’s ballot tracker (Ballot Results – Vote Tally at the bottom of the Ballots page on the Forum’s wiki). Ballot 144 reads as follows: Applicants want a CA-signed .onion address for several reasons, including: – Powerful web platform features are restricted to secure origins, which are currently not available to onion names (in part, because of the lack of IANA registration). Permitting EV certs for onion names will help provide a secure origin for the service, moving onion towards use of powerful web platform features.
February 18, 2015 by Ben WilsonBallot 144 – Validation Rules for .onion Names – passed with 6 Yes votes, 2 No votes and 13 Abstentions from the CAs and 3 Yes votes from the browsers. Detailed results are on the Forum’s ballot tracker (Ballot Results – Vote Tally at the bottom of the Ballots page on the Forum’s wiki). Ballot 144 reads as follows: Applicants want a CA-signed .onion address for several reasons, including: – Powerful web platform features are restricted to secure origins, which are currently not available to onion names (in part, because of the lack of IANA registration). Permitting EV certs for onion names will help provide a secure origin for the service, moving onion towards use of powerful web platform features.
Ballot 143 – Formalization of Validation Working Group
February 18, 2015 by Ben WilsonBallot 143 – Formalization of Validation Working Group Reason In order to address validation issues and inconsistencies in both the SSL Baseline Requirements and the EV Guidelines, the CAB Forum has held an informal working group previously referred to as the Extended Validation Working Group now known as the Validation Working Group, would like to modify its scope to include validation in the Baseline Requirements as well as the EV Guidelines.
February 18, 2015 by Ben WilsonBallot 143 – Formalization of Validation Working Group Reason In order to address validation issues and inconsistencies in both the SSL Baseline Requirements and the EV Guidelines, the CAB Forum has held an informal working group previously referred to as the Extended Validation Working Group now known as the Validation Working Group, would like to modify its scope to include validation in the Baseline Requirements as well as the EV Guidelines.
2015-02-05 Minutes
February 5, 2015 by Ben WilsonAttendees: Dean (Symantec), Gerv (Mozilla), Jeremy (Digicert), Atsushi (Globalsign), Ben W (Digicert), Tim S (Trustwave), Davut (E-Tugra), Robin (Comodo), Doug (Globalsign), Patrick (OATI), Volkan (TurkTrust), Kubra (TurkTrust), Eddy (Startcom), Tim H (Trustwave), Anoosh (Microsoft), Wayne (GoDaddy), Chris (Trustwave), Jody (Microsoft), Peter (Disig), Ryan S (Google) Antitrust statement was read. Minutes of Jan 22, 2015 meeting were approved. Ballot updates: EV Working Group name change to Validation working group: Jeremy has proposed a ballot to change the name and scope of the working group to include other validations, not just for EV. There are 2 endorsers and the discussion period starts after the call. .Onion Ballot: Jeremy will circulate an update and the review period will start today. Robin asked if wildcard certificates will be allowed. Gerv sent out an explanation why they will be allowed as there is a single private key and so the idea of different mutually-untrusting entities owning and controlling different parts of the subdomain space doesn’t really make much sense for .onion. Eddy challenged this, saying the same thing would apply to normal webserver certificates. Gerv further explained why that is not the case since there is only 1 Tor private key for that domain. Further discussion ensued on wildcard certs in general and it was suggested that an additional topic be added to the face to face meeting on wildcard certs Additional ballots are coming out of EV working group on using attorney opinion letters and domain validation issues as well as operational existence for government entities. On the latter point, Jeremy said they would like for CAs to rely on the verification of the legal existence of the government entity to prove operational existence (instead of having to wait 3 years). Dean said we should wait on this ballot so we can keep it to only 2 active ballots at a time. Vivaldi: A new browser called Vivaldi was recently launched. Dean communicated with Yngve about having Vivaldi join the forum as a browser. Yngve stated they are currently focused on their project and can’t afford the distraction of the forum. Dean will follow-up with Yngve later this year. IPv6: Ryan is still soliciting feedback from CAs on this topic but hasn’t heard from many. Wayne (GoDaddy) is waiting for his network team to provide feedback on this proposal. Ryan stated that Rick (Symantec) had previously said IPv6 is already supported. Eddy asked why is this urgent. Ryan pointed him to the list for recent discussions. Ryan also emphasized the need for the information (transition period, large server operators). Wayne said that if the transition period is a year or longer, that would probably be ok (so that orgs can get into budget cycles). If it’s shorter, there may be pushback from CAs. Ryan stated that is reasonable. Dean suggested that he poll the CA Security Council, which is composed of the 7 largest SSL issuers, and provide a response to Ryan by next meeting. Ryan would like to know who is and is not IPv6 ready and what timeframe is reasonable. EV Working group update: See 3c above. Code Signing Working group: Final draft of BRs will be sent out after the call which incorporates comments from public, auditors and other CABF members. Asking for comments to be returned by March 6th. Expecting to have ballot ready for voting by face to face meeting in March. Policy Review Working group: meeting in Boston postponed due to blizzard. Held 2 hour call instead. Decided to put a ballot forward to change BRs to RFC 3647 format. Once that passes, we will continue to work the rest of the document and submit individual ballots on a section by section basis. Information Sharing Working group: Ben could not give an update during the call. Other business: 26 attendees signed up so far for face to face meeting. Received confirmation from Adrienne Porter-Felt that she will come and present her paper on SSL warnings. Kirk invited people from Oracle and they may come but nothing is firm yet. Kathleen Wilson (Mozilla) will also make a presentation. Microsoft has a separate slot but the topic hasn’t been solidified. June Zurich meeting. Gerv said he nor anyone from Mozilla can come that week. Dean said he would discuss with Kirk and Connie to see if a change is even possible. Next call Feb 19th. Dean Coclin
February 5, 2015 by Ben WilsonAttendees: Dean (Symantec), Gerv (Mozilla), Jeremy (Digicert), Atsushi (Globalsign), Ben W (Digicert), Tim S (Trustwave), Davut (E-Tugra), Robin (Comodo), Doug (Globalsign), Patrick (OATI), Volkan (TurkTrust), Kubra (TurkTrust), Eddy (Startcom), Tim H (Trustwave), Anoosh (Microsoft), Wayne (GoDaddy), Chris (Trustwave), Jody (Microsoft), Peter (Disig), Ryan S (Google) Antitrust statement was read. Minutes of Jan 22, 2015 meeting were approved. Ballot updates: EV Working Group name change to Validation working group: Jeremy has proposed a ballot to change the name and scope of the working group to include other validations, not just for EV. There are 2 endorsers and the discussion period starts after the call. .Onion Ballot: Jeremy will circulate an update and the review period will start today. Robin asked if wildcard certificates will be allowed. Gerv sent out an explanation why they will be allowed as there is a single private key and so the idea of different mutually-untrusting entities owning and controlling different parts of the subdomain space doesn’t really make much sense for .onion. Eddy challenged this, saying the same thing would apply to normal webserver certificates. Gerv further explained why that is not the case since there is only 1 Tor private key for that domain. Further discussion ensued on wildcard certs in general and it was suggested that an additional topic be added to the face to face meeting on wildcard certs Additional ballots are coming out of EV working group on using attorney opinion letters and domain validation issues as well as operational existence for government entities. On the latter point, Jeremy said they would like for CAs to rely on the verification of the legal existence of the government entity to prove operational existence (instead of having to wait 3 years). Dean said we should wait on this ballot so we can keep it to only 2 active ballots at a time. Vivaldi: A new browser called Vivaldi was recently launched. Dean communicated with Yngve about having Vivaldi join the forum as a browser. Yngve stated they are currently focused on their project and can’t afford the distraction of the forum. Dean will follow-up with Yngve later this year. IPv6: Ryan is still soliciting feedback from CAs on this topic but hasn’t heard from many. Wayne (GoDaddy) is waiting for his network team to provide feedback on this proposal. Ryan stated that Rick (Symantec) had previously said IPv6 is already supported. Eddy asked why is this urgent. Ryan pointed him to the list for recent discussions. Ryan also emphasized the need for the information (transition period, large server operators). Wayne said that if the transition period is a year or longer, that would probably be ok (so that orgs can get into budget cycles). If it’s shorter, there may be pushback from CAs. Ryan stated that is reasonable. Dean suggested that he poll the CA Security Council, which is composed of the 7 largest SSL issuers, and provide a response to Ryan by next meeting. Ryan would like to know who is and is not IPv6 ready and what timeframe is reasonable. EV Working group update: See 3c above. Code Signing Working group: Final draft of BRs will be sent out after the call which incorporates comments from public, auditors and other CABF members. Asking for comments to be returned by March 6th. Expecting to have ballot ready for voting by face to face meeting in March. Policy Review Working group: meeting in Boston postponed due to blizzard. Held 2 hour call instead. Decided to put a ballot forward to change BRs to RFC 3647 format. Once that passes, we will continue to work the rest of the document and submit individual ballots on a section by section basis. Information Sharing Working group: Ben could not give an update during the call. Other business: 26 attendees signed up so far for face to face meeting. Received confirmation from Adrienne Porter-Felt that she will come and present her paper on SSL warnings. Kirk invited people from Oracle and they may come but nothing is firm yet. Kathleen Wilson (Mozilla) will also make a presentation. Microsoft has a separate slot but the topic hasn’t been solidified. June Zurich meeting. Gerv said he nor anyone from Mozilla can come that week. Dean said he would discuss with Kirk and Connie to see if a change is even possible. Next call Feb 19th. Dean Coclin
CA/B Forum Releases Code Signing Baseline Requirements – Final Draft for Public Exposure
February 5, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first round of public review as well as comments from WebTrust auditors. Additional changes/corrections were incorporated by the working group over the past 3 months. Baseline requirements for codesigning – Feb 4 2015 This version is being sent out to the public mailing list and will be posted on the CA/B Forum website for final comments until March 6th, 2015.
February 5, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first round of public review as well as comments from WebTrust auditors. Additional changes/corrections were incorporated by the working group over the past 3 months. Baseline requirements for codesigning – Feb 4 2015 This version is being sent out to the public mailing list and will be posted on the CA/B Forum website for final comments until March 6th, 2015.
2015-01-22 Minutes
January 22, 2015 by Ben WilsonCA-Browser Forum Conference Call – 22 January 2015 Antitrust Statement was read. Roll Call: Kirk Hall presided as Vice Chair, and took the roll call. Present at the meeting were: Kirk Hall (Trend Micro), Ben Wilson (DigiCert), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Doug Beattie (GlobalSign), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atilla Bilar (TurkTrust), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Eddy Nigg (Startcom), Stephen Davidson (Quo Vadis), Jody Coultier (Microsoft), Tim Hollebeek (Trustwave), Rick Andrews Symantec), Mads Henriksveen (Buypass), Anoosh Saboori (Microsoft), Peter Miškovič (Disig), Patrick Tronnier (OATI), and Wayne Thayer (GoDaddy), **Agenda reviewed. ** There were no changes to the Agenda. Minutes of 8 January 2015 The meeting minutes were approved by consent. Ben to post on website .Onion proposal update Kirk asked Jeremy for an update on his .onion draft ballot for allowing EV certs for .onion domains. Jeremy revised the ballot to permit multiple TorDescriptorHashes in the certificate. The modified ballot was posted yesterday. He noted he had one endorser (Google), and was still looking for a second endorser. Wayne said GoDaddy would be the second endorser. Jeremy said he will move forward with the ballot.
January 22, 2015 by Ben WilsonCA-Browser Forum Conference Call – 22 January 2015 Antitrust Statement was read. Roll Call: Kirk Hall presided as Vice Chair, and took the roll call. Present at the meeting were: Kirk Hall (Trend Micro), Ben Wilson (DigiCert), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Doug Beattie (GlobalSign), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atilla Bilar (TurkTrust), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Eddy Nigg (Startcom), Stephen Davidson (Quo Vadis), Jody Coultier (Microsoft), Tim Hollebeek (Trustwave), Rick Andrews Symantec), Mads Henriksveen (Buypass), Anoosh Saboori (Microsoft), Peter Miškovič (Disig), Patrick Tronnier (OATI), and Wayne Thayer (GoDaddy), **Agenda reviewed. ** There were no changes to the Agenda. Minutes of 8 January 2015 The meeting minutes were approved by consent. Ben to post on website .Onion proposal update Kirk asked Jeremy for an update on his .onion draft ballot for allowing EV certs for .onion domains. Jeremy revised the ballot to permit multiple TorDescriptorHashes in the certificate. The modified ballot was posted yesterday. He noted he had one endorser (Google), and was still looking for a second endorser. Wayne said GoDaddy would be the second endorser. Jeremy said he will move forward with the ballot.
Ballot 142 – Elimination of EV Insurance Requirement
January 19, 2015 by Ben WilsonElimination of EV Insurance Requirement Voting on Ballot 142 closed on 19 January 2015.
January 19, 2015 by Ben WilsonElimination of EV Insurance Requirement Voting on Ballot 142 closed on 19 January 2015.
Ballot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates
January 19, 2015 by Ben WilsonBallot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates Voting on Ballot 141 closed on 19 January 2015.
January 19, 2015 by Ben WilsonBallot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates Voting on Ballot 141 closed on 19 January 2015.
2015-01-08 minutes
January 8, 2015 by Ben WilsonMinutes Jan. 8, 2015 Attendees: Dean, Davut, Patrick (OATI), Wayne, Atsushi, Ben, Kirk, Atilla, Gerv, Doug, Eddy, Jeremy, Tim H(Trustwave), Cecilia, Ryan S, Stephen, Chris (Trustwave), Kubra, Volkan (Turktrust), Robin, Bruce, Tim S (Trustwave), Sisel (Buypass), Peter (Disig), Rick Minutes of 12 December meeting were approved. These will be posted to the public list. .Onion proposal: Jeremy is looking for a 2nd The proposal is for EV vetting of .Onion domains, which provide the value as to who is operating the service (removing anonymity for the service provider). He is working with IANA to reserve a .onion name but this is progressing slowly and may not happen before it goes to ballot. Ballots 141/142: Kirk and Gerv have reposted the ballots and voting will begin next week. Stephen said he is opposed to removing the insurance requirement and that it’s not a meaningful barrier to entry to the CA business. It also sends the wrong message about the value of our services to the world. He believes the liability proposal from Trend is hard to define for many CAs and that they will ‘wing it’ which will weaken the current system. Kirk said the current EV insurance requirements don’t provide benefits to anyone. Eddy agreed that the current insurance is useless. Stephen said the complexity of ballot 141 would require CAs to do a lot of diligence with their management and legal teams which they may not be willing to do for this ballot. Dean suggested that CA’s be required to post the type of insurance they have in their CPS. Stephen said that’s fine but we’re trying to have consistency among all CAs.
January 8, 2015 by Ben WilsonMinutes Jan. 8, 2015 Attendees: Dean, Davut, Patrick (OATI), Wayne, Atsushi, Ben, Kirk, Atilla, Gerv, Doug, Eddy, Jeremy, Tim H(Trustwave), Cecilia, Ryan S, Stephen, Chris (Trustwave), Kubra, Volkan (Turktrust), Robin, Bruce, Tim S (Trustwave), Sisel (Buypass), Peter (Disig), Rick Minutes of 12 December meeting were approved. These will be posted to the public list. .Onion proposal: Jeremy is looking for a 2nd The proposal is for EV vetting of .Onion domains, which provide the value as to who is operating the service (removing anonymity for the service provider). He is working with IANA to reserve a .onion name but this is progressing slowly and may not happen before it goes to ballot. Ballots 141/142: Kirk and Gerv have reposted the ballots and voting will begin next week. Stephen said he is opposed to removing the insurance requirement and that it’s not a meaningful barrier to entry to the CA business. It also sends the wrong message about the value of our services to the world. He believes the liability proposal from Trend is hard to define for many CAs and that they will ‘wing it’ which will weaken the current system. Kirk said the current EV insurance requirements don’t provide benefits to anyone. Eddy agreed that the current insurance is useless. Stephen said the complexity of ballot 141 would require CAs to do a lot of diligence with their management and legal teams which they may not be willing to do for this ballot. Dean suggested that CA’s be required to post the type of insurance they have in their CPS. Stephen said that’s fine but we’re trying to have consistency among all CAs.