<div dir="ltr">Apologies Ben, I somehow missed this message.<div><br></div><div>Thanks for your hard work on doing this. Happy to endorse, with one request.</div><div><br></div><div>----- MOTION BEGINS -----</div><div>Part 1:</div><div>The CA/Browser Forum, recognizing that Ballot 198 did not include a redline version against the current Final Maintenance Guidelines, thereby constitutes an invalid Ballot. As a consequence, the Forum agrees that the changes shall not be made to the appropriate Final Maintenance Guideline, and as such, no IP Review Notice is in force for Ballot 198:</div><div><br></div><div>Part 2:</div><div>(As written)</div><div>----- MOTION ENDS -----</div><div><br></div><div>That seems to be the most consistent interpretation based on the thread, and the best way to move forward.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 17, 2017 at 5:31 PM, Ben Wilson via Public <span dir="ltr"><<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div class="m_-5673046167993403924WordSection1"><p class="m_-5673046167993403924line867"><strong><span style="font-family:"Calibri",sans-serif;font-weight:normal">If Jeremy, Ryan, and Erwann are agreeable, here is a draft re-ballot of Ballot 198.<u></u><u></u></span></strong></p><p class="m_-5673046167993403924line867"><strong><span style="font-family:"Calibri",sans-serif">Ballot 201 - .Onion Revisions</span></strong> <u></u><u></u></p><p class="m_-5673046167993403924line874">This ballot is meant to cure any potential problems with Ballot 198, which may have been invalid due to ambiguities in what was presented to the Forum for vote. This Ballot 201 attempts to clarify Appendix F of the EV Guidelines concerning the Tor Service Descriptor Hash extension and that inclusion of the extension in the TBSCertificate is required. <u></u><u></u></p><p class="m_-5673046167993403924line862">The following motion has been proposed by Jeremy Rowley of DigiCert and endorsed by Ryan Sleevi of Google and Erwann Abalea of DocuSign France to introduce new Final Maintenance Guidelines for the "Guidelines for the Issuance and Management of Extended Validation Certificates" (EV Guidelines). <u></u><u></u></p><p class="m_-5673046167993403924line874">-- MOTION BEGINS -- <u></u><u></u></p><p class="m_-5673046167993403924line874">Revise Appendix F, Section 1 to read as follows: <u></u><u></u></p><p class="m_-5673046167993403924line874">Appendix F – Issuance of Certificates for .onion Domain Names <u></u><u></u></p><p class="m_-5673046167993403924line874">A CA may issue an EV Certificate with .onion in the right-most label of the Domain Name provided that issuance complies with the requirements set forth in this Appendix: <u></u><u></u></p><p class="m_-5673046167993403924line874">1. CAB Forum Tor Service Descriptor Hash extension (2.23.140.1.31) <u></u><u></u></p><p class="m_-5673046167993403924line867"><span class="m_-5673046167993403924u">The CA MUST include the</span> CAB Forum Tor Service Descriptor Hash <span class="m_-5673046167993403924strike">extension </span><span class="m_-5673046167993403924u">in</span> the TBSCertificate <span class="m_-5673046167993403924u">to convey</span> hashes of keys related to .onion addresses. The <span class="m_-5673046167993403924u">CA MUST include the</span> Tor Service Descriptor Hash extension <span class="m_-5673046167993403924u">using the</span> following format: <u></u><u></u></p><p class="m_-5673046167993403924line862">cabf-TorServiceDescriptorHash OBJECT IDENTIFIER ::= { 2.23.140.1.31 } <u></u><u></u></p><p class="m_-5673046167993403924line862" style="text-indent:.5in">SEQUENCE ( 1..MAX ) of TorServiceDescriptorHash<u></u><u></u></p><p class="m_-5673046167993403924line867">TorServiceDescriptorHash:: = SEQUENCE { <u></u><u></u></p><p class="MsoNormal" style="margin-left:.25in;text-indent:.25in">onionURI UTF8String <u></u><u></u></p><p class="m_-5673046167993403924line862" style="margin-left:.5in">algorithm AlgorithmIdentifier <u></u><u></u></p><p class="m_-5673046167993403924line862" style="margin-left:.5in">subjectPublicKeyHash BIT STRING <u></u><u></u></p><p class="m_-5673046167993403924line874">} <u></u><u></u></p><p class="m_-5673046167993403924line862">Where the AlgorithmIdentifier is a hashing algorithm (defined in RFC 6234) performed over the DER-encoding of an ASN.1 SubjectPublicKey of the .onion service and SubjectPublicKeyHash is the hash output. <u></u><u></u></p><p class="m_-5673046167993403924line874">--Motion Ends-- <u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p></div></div><br>______________________________<wbr>_________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/<wbr>listinfo/public</a><br>
<br></blockquote></div><br></div>