[cabfpub] Bergamo F2F Agenda Item

2 views
Skip to first unread message

Ben Wilson

unread,
May 14, 2024, 11:08:49 AMMay 14
to Dimitris Zacharopoulos (HARICA), CA/Browser Forum Public Discussion List
Hi Dimitris,
There appears to be an open slot on the F2F agenda - Wed. May 29th at 9:05 a.m.  I was thinking we could use that time to discuss revocation timelines and balancing the security provided by revocation with the security/stability needed to support critical infrastructure. In other words, we could discuss BR section 4.9.1 and  concerns about disruption of global/national operations in banking/finance, transportation, government, telecommunications, healthcare, and other key areas where certificate revocation might cause key systems to fail.
Should I put this topic in that open slot on the wiki?
Thanks,
Ben

Dimitris Zacharopoulos (HARICA)

unread,
May 14, 2024, 11:28:00 AMMay 14
to Ben Wilson, CA/Browser Forum Public Discussion List
Hi Ben,

I think that would be great. I assume you will be leading this session.

I think it's a great opportunity for CAs with past experience on delayed revocations to share some insight about specific challenges in the sectors you listed, and possibly add some that are missing.

FYI, public evidence for delayed revocation incidents (open and closed, based on specific tags) is available in this link.

Although you mentioned that this affects the BR section 4.9.1, this topic affects all Working Groups because all the WG BRs have a section 4.9.1 that is pretty much similar with the TLS BRs. With that said, I would like to ask if Members have any objections for discussing this topic as part of the Forum plenary.


Thank you,
Dimitris
CA/B Forum Chair

Inigo Barreira

unread,
May 14, 2024, 11:36:13 AMMay 14
to Dimitris Zacharopoulos (HARICA), CA/Browser Forum Public Discussion List, Ben Wilson

I don´t have any issue to discuss this at the forum plenary but the main difference between the TLS and the other cert types is the accountability these have because being in the CT logs and anyone can check/review. But, go ahead.

 

De: Public <public-...@cabforum.org> En nombre de Dimitris Zacharopoulos (HARICA) via Public
Enviado el: martes, 14 de mayo de 2024 17:28
Para: Ben Wilson <bwi...@mozilla.com>
CC: CA/Browser Forum Public Discussion List <pub...@cabforum.org>
Asunto: Re: [cabfpub] Bergamo F2F Agenda Item

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

 

On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:

Dimitris Zacharopoulos (HARICA)

unread,
May 14, 2024, 11:43:17 AMMay 14
to Inigo Barreira, CA/Browser Forum Public Discussion List, Ben Wilson


On 14/5/2024 6:36 μ.μ., Inigo Barreira wrote:

I don´t have any issue to discuss this at the forum plenary but the main difference between the TLS and the other cert types is the accountability these have because being in the CT logs and anyone can check/review. But, go ahead.


CT is not in the TLS BRs so they are not so much related. I also don't understand what you mean by "accountability" because all CAs are accountable for all types of publicly-trusted certificates they issue (TLS, Code Signing, S/MIME), and they all have -similar- rules for revocation.

Thanks,
Dimitris.

Inigo Barreira

unread,
May 14, 2024, 12:04:31 PMMay 14
to Dimitris Zacharopoulos (HARICA), CA/Browser Forum Public Discussion List, Ben Wilson

It does not matter if CT is not in the TLS BRs if the idea is to check/verify how the delay of revocations is affecting operations in banking/finance, healthcare, etc. because without CT you can´t check and only get the word of the CA. With the other cert types, you can´t check, only with TLS in where you can see the subject.

And yes, all CAs are accountable but again, unless you can verify somehow, it´s not easy.

Arno Fiedler

unread,
May 16, 2024, 8:17:09 AMMay 16
to Dimitris Zacharopoulos (HARICA), CA/Browser Forum Public Discussion List, Ben Wilson

Hello Dimitris,

the GLEIF has developed the concept of a “Verifiable Legal Identifier”, the  qvLEI are issued by a trusted network of “qualified” vLEI Issuers.
That seems to be an interesting and important new topic in the field of organizational identities/OV based on LEI

We can ask the GLEIF CEO Stepan Worl for a lecture, let me know if I should ask him (like in 2017)

Best regards

Arno

 

Von: Public <public-...@cabforum.org> Im Auftrag von Dimitris Zacharopoulos (HARICA) via Public
Gesendet: Dienstag, 14. Mai 2024 17:28
An: Ben Wilson <bwi...@mozilla.com>
Cc: CA/Browser Forum Public Discussion List <pub...@cabforum.org>
Betreff: Re: [cabfpub] Bergamo F2F Agenda Item

 

 

On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:

Dimitris Zacharopoulos (HARICA)

unread,
May 16, 2024, 8:27:34 AMMay 16
to Arno Fiedler, CA/Browser Forum Public Discussion List, Ben Wilson


On 16/5/2024 3:17 μ.μ., Arno Fiedler wrote:

Hello Dimitris,

the GLEIF has developed the concept of a “Verifiable Legal Identifier”, the  qvLEI are issued by a trusted network of “qualified” vLEI Issuers.
That seems to be an interesting and important new topic in the field of organizational identities/OV based on LEI

We can ask the GLEIF CEO Stepan Worl for a lecture, let me know if I should ask him (like in 2017)


There is a new CEO taking over June 26, 2024. For me this sounds very interesting and I've been following this work for a while. I assume you are suggesting that we have a guest speaker on this topic in a future F2F meeting, not the one in Bergamo which is just around the corner.


Thanks,
Dimitris.
Reply all
Reply to author
Forward
0 new messages