<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 6/11/2023 9:08 μ.μ., Bruce Morton
via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100018ba608e07f-ca39b4e8-0ad0-4331-8bf1-0e2caabb8e6b-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Can we
remove the version number for the NetSec requirements as
listed in CSBR section 1.6.3? I think our goal should be to
meet the latest version of the NetSec requirements. CAs
which want to monitor or stay ahead of the NetSec
requirement changes, can join the NetSec Working Group.</span></p>
</div>
</blockquote>
<br>
While I understand the challenges of having to meet potentially two
different versions of the NetSec depending on the type of
certificates offered, I am more scared of the compliance and audit
obligations by directly pointing to a version-less NetSec document.<br>
<br>
Just like we point to a specific version of the EV Guidelines, for
consistency reasons I think we should point to a specific version of
the NetSec until we revisit our position (policy) towards this
problem for both external references.<br>
<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:0100018ba608e07f-ca39b4e8-0ad0-4331-8bf1-0e2caabb8e6b-000000@email.amazonses.com">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Bruce.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Servercert-wg
<a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg-bounces@cabforum.org"><servercert-wg-bounces@cabforum.org></a>
<b>On Behalf Of </b>Inigo Barreira via Servercert-wg<br>
<b>Sent:</b> Monday, November 6, 2023 10:49 AM<br>
<b>To:</b> Tobias S. Josefowitz <a class="moz-txt-link-rfc2396E" href="mailto:tobij@opera.com"><tobij@opera.com></a><br>
<b>Cc:</b> CA/B Forum Server Certificate WG Public
Discussion List <a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b> [EXTERNAL] Re: [Servercert-wg] Ballot
SC-066: Fall 2023 Clean-up v3<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span
style="font-size:1.0pt;color:white">Thanks for the
clarification, for me it´s not a problem to leave the
NetSec version number as it is now, v1. 7, and therefore
apply #423 as initially proposed. I will make the
correspondent changes and will provide a new version
unless someone
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span
style="font-size:1.0pt;color:white"><o:p></o:p></span></p>
</div>
<pre style="white-space:pre-wrap"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Thanks for the clarification, for me it´s not a problem to leave the NetSec version number as it is now, v1.7, and therefore apply #423 as initially proposed. I will make the correspondent changes and will provide a new version unless someone else speaks up and have a different view or proposal.<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">OTOH, and FWIW, I´ve seen that while the CS BRs is the same as in the TLS BRs but the SMIME BRs have the version 1.7 "or later".<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Regards<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">-----Mensaje original-----<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">De: Tobias S. Josefowitz <<a
href="mailto:tobij@opera.com" moz-do-not-send="true"
class="moz-txt-link-freetext">tobij@opera.com</a>><o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Enviado el: lunes, 6 de noviembre de 2023 16:30<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Para: Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>><o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">CC: CA/B Forum Server Certificate WG Public Discussion List <<a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Asunto: RE: [Servercert-wg] Ballot SC-066: Fall 2023 Clean-up v3<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Hi Inigo,<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">On Mon, 6 Nov 2023, Inigo Barreira wrote:<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> Not sure what you are requesting, to not consider the issue #423 and<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> remove the version number of the NetSec or that this change can´t be<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> considered a "clean-up" ballot and should go on a different one. Or<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> none of these ?<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Both. Let me re-state my original points with all the possible clarity:<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">First, this seems to be a highly significant change relating to something that has rightly been identified as sensitive around the formation of the NetSec WG.<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Second, since this is such a highly significant change, if it were to be made, it should not be made in a "Clean-up" Ballot. (For what it is worth, I do not think that this change should be made at all.)<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> When the #423 was discussed, and Dimitris indicated in the proposal,<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> was to remove the version numbers to avoid pointing to old or<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> deprecated versions because everytime there was a new version of the<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> NetSec, the TLS BRs should change/update and point to the new version.<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> Dimitris indicated in the text that we could leave the version of the<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> NetSec but I think that we agreed during the call to also remove that<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> version number. Maybe someone else can clarify or remember what was<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> agreed. If it was decided to keep the version number for the NetSec,<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">> this can be reverted.<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">I can understand that the significance of this change could easily be missed during a Meeting situation. Luckily we have the opportunity in the Ballot process to address such questions before a Ballot goes to vote.<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Tobi<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">_______________________________________________<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">Servercert-wg mailing list<o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><a
href="mailto:Servercert-wg@cabforum.org" moz-do-not-send="true"
class="moz-txt-link-freetext">Servercert-wg@cabforum.org</a><o:p></o:p></span></pre>
<pre><span
style="font-size:11.0pt;font-family:"Arial",sans-serif"><a
href="https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/servercert-wg__;!!FJ-Y8qCqXTj2!aghEKS2hdEJo8MwPIZkWcBg6Yv88NKrtXtgsLkhEFCeOlmLwyQKQP653DVbM_gawEQ6vnvlpfqo9XKYElbDzRWzD_8JVqg$"
moz-do-not-send="true">https://urldefense.com/v3/__https://lists.cabforum.org/mailman/listinfo/servercert-wg__;!!FJ-Y8qCqXTj2!aghEKS2hdEJo8MwPIZkWcBg6Yv88NKrtXtgsLkhEFCeOlmLwyQKQP653DVbM_gawEQ6vnvlpfqo9XKYElbDzRWzD_8JVqg$</a><o:p></o:p></span></pre>
</div>
<i>Any email and files/attachments transmitted with it are
intended solely for the use of the individual or entity to whom
they are addressed. If this message has been sent to you in
error, you must not copy, distribute or disclose of the
information it contains.
<u>Please notify Entrust immediately and delete the message from
your system.</u></i>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>