<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 7/3/2018 9:02 μμ, Corey Bonnell via
Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7553B1A7-4F16-4A53-A90D-7E8DC5D0D468@trustwave.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Yu Mincho";
panose-1:2 2 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@Yu Mincho";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><span style="color:black">Several weeks
ago, after receiving feedback from several Forum members, I
submitted an IETF erratum (</span><a
href="https://www.rfc-editor.org/errata_search.php?eid=5244"
moz-do-not-send="true">https://www.rfc-editor.org/errata_search.php?eid=5244</a><span
style="color:black">) for this clarification so that we may
potentially be able to directly include the erratum text in
the Baseline Requirements as was done for erratum 5065.
However, there has been no response from the IETF in regard
to getting this erratum approved, so we would like to
proceed with Ballot 219 to clarify this in the Baseline
Requirements in the short term. We will continue to pursue
getting the RFC language clarified, but that appears that it
will take quite some time.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">The wording of
the ballot below is the same as the version sent in late
January with the exception of a slight change to
“future-proof” the language based on a suggestion by Gerv
and the BR version has been bumped up to the latest version.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal">We would like to begin the discussion
period for this ballot. We would highly appreciate any
feedback and comments that anyone has before bringing this
ballot to a vote.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’d be happy to create a redline, but I’m
unsure of our current preferred process for doing so. If
Github (<a href="https://github.com/cabforum/documents"
moz-do-not-send="true">https://github.com/cabforum/documents</a>)
is the current preferred method, I’d like to point out that
the “master” branch is currently out of date (it’s currently
1.5.4, whereas the current adopted version is 1.5.6).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">Ballot 219: Clarify handling of CAA
Record Sets with no "issue"/"issuewild" property tag<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">Purpose of this ballot:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">RFC 6844 contains an ambiguity in regard
to the correct processing of a non-empty CAA Resource Record
Set that does not contain any issue property tag (and also
does not contain any issuewild property tag in the case of a
Wildcard Domain Name). It is ambiguous if a CA must not
issue when such a CAA Resource Record Set is encountered, or
if such a Resource Record Set is implicit permission to
issue.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">Given that the intent of the RFC is clear
(such a CAA Resource Record Set is implicit permission to
issue), we are proposing the following change to allow for
CAA processing consistent with the intent of the RFC.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">The following motion has been proposed by
Corey Bonnell of Trustwave and endorsed by Tim Hollebeek of
Digicert and Mads Egil Henriksveen of Buypass.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">-- MOTION BEGINS --<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">This ballot modifies the “Baseline
Requirements for the Issuance and Management of
Publicly-Trusted Certificates” as follows, based upon
Version 1.5.6:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">In section 3.2.2.8, add this sentence:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">CAs MAY treat a non-empty CAA Resource
Record Set that does not contain any issue property tags
(and also does not contain any issuewild property tags when
performing CAA processing for a Wildcard Domain Name) as
permission to issue, provided that no records in the CAA
Resource Record Set otherwise prohibit issuance</span><span
style="font-family:"Times New
Roman",serif;color:black">.</span><span
style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">to the end of this paragraph:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">When processing CAA records, CAs MUST
process the issue, issuewild, and iodef property tags as
specified in RFC 6844, although they are not required to act
on the contents of the iodef property tag. Additional
property tags MAY be supported, but MUST NOT conflict with
or supersede the mandatory property tags set out in this
document. CAs MUST respect the critical flag and not issue a
certificate if they encounter an unrecognized property with
this flag set.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif">-- MOTION ENDS –<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal">The procedure for approval of this ballot
is as follows:<o:p></o:p></p>
<p class="MsoNormal">Discussion (7+ days) <o:p></o:p></p>
<p class="MsoNormal"> Start Time: 2018-03-07 19:00:00 UTC <o:p></o:p></p>
<p class="MsoNormal"> End Time: Not Before 2017-03-10 19:00:00
UTC<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Vote for approval (7 days) <o:p></o:p></p>
<p class="MsoNormal"> Start Time: TBD<o:p></o:p></p>
<p class="MsoNormal"> End Time: TBD<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5">Corey
Bonnell</span></b><span
style="font-size:10.5pt;color:#428FC5"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">Senior
Software Engineer</span><span
style="font-size:10.5pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">t:
+1 412.395.2233</span><span
style="font-size:10.5pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5">Trustwave</span></b><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray"> </span></b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">| SMART
SECURITY ON DEMAND<a href="http://www.trustwave.com/"
moz-do-not-send="true"><span
style="color:gray;text-decoration:none"><br>
www.trustwave.com</span></a></span><o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
I would like to note that according to section 2.3 (c) of the
Bylaws, the proposers of this ballot have 21 calendar days (starting
on March 7th 2018) to start the voting period, otherwise the ballot
automatically fails. If my calculations are correct, the final day
to start the voting is March 28th.<br>
<br>
<br>
Thank you,<br>
Dimitris.<br>
</body>
</html>