Cert Service Webinar Evaluation

[Paul Caskey <>]

Hello Everyone!

 

As noted in the email below, today is the last day set aside for receiving comments on the new domain activation process for the InCommon Certificate Service.

 

This is the proposal for relying solely on DCV for new domain activations rather than InCommon needing to first manually activate a domain prior to the DCV process.  If you want to review the detail, it is described in this google doc (please feel free to make any suggestions you see fit for this doc):

https://docs.google.com/document/d/1R9prWSGE3B2_q4mOz14oQhsMwyVWq05vNSExrGtbjaE/edit

 

It is absolutely critical that we at InCommon not take actions without careful review from our community.  For this purpose, the folks on this list are the representatives of the US Higher-Ed participants, so it is very important that we make certain that this action is acceptable to that community.  We want to make certain that this change does not alter the community perception of trust in our certificates or in the operation of the certificate service.  Internally, we do not feel like there are any security or trust concerns, as most other Comodo customers are already doing this, but we want to make certain that you all are OK with it as well.  Transparency is critical for InCommon and is what sets us aside from other services!

 

So, please do us a huge favor and let us know what you think.  Please kindly reply to this email with something like one of these three responses (you can even reply with the number below if you wish)?

1.       I’m fine with using DCV only for domain activations.

2.       I’d like to discuss this further (if 2 or more of you say this, then I’ll setup a call for us)

3.       I have specific feedback and here it is:

 

 

Thank you all very much for your input!

 

 

From: Paul Caskey
Sent: Friday, November 13, 2015 4:39 PM
To:
Cc: Ann West <>
Subject: feedback desired on new domain activation process

 

Hello fellow group members!

 

On our last call, we briefly discussed a minor process change that we’d like feedback on.

 

It involves getting InCommon out of the process of manual activation of new domains in the Certificate Manager system and relying solely on DCV (Domain Control Validation).

 

Currently, subscribers to the cert service must send an email to and request that new domains be activated and then they must also complete the DCV process.

 

The manual activation adds little, if anything, to security.  It then becomes a business need for InCommon to make sure that domains from non-subscribers don’t get activated in the system (e.g. some admin decides to add a friend’s domain to their org and can convince the friend to do the DCV process. ).  An occasional manual review can detect such domains were they to enter the system.

 

The new process is detailed in this google doc: https://docs.google.com/document/d/1R9prWSGE3B2_q4mOz14oQhsMwyVWq05vNSExrGtbjaE/edit

 

Please take a look and provide any feedback to the group before the end of this next week, Friday 11/20.

 

Thank you all for participating in the group.

 

 

Have a good weekend!