<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 12/3/2018 5:28 μμ, Tim Hollebeek
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:MWHPR14MB1376AF15C444D38FDD506DDC83D30@MWHPR14MB1376.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \,serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext">Well, the clock
can be extended by posting a new version (with version
number). And there is no requirement that the new version
have any differences. So you can keep a ballot alive
indefinitely if the proposer is paying attention. The 21
days is just to kill abandoned ballots.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext">IETF is March
17-23<sup>rd</sup>. If Ryan and I can’t get IETF to approve
some version of the errata in a timely manner, I suggest we
go forward without them. It’s been long enough. I’ll let
everyone know how the discussion in London goes.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext">Also there appears
to be some bad math on the end time of the discussion period
in the original version of the ballot. That alone might be
a good reason for posting a new version </span><span
style="font-size:11.0pt;font-family:"Segoe UI
Emoji",sans-serif;color:windowtext">😊</span><span
style="font-size:11.0pt;color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext">-Tim</span></p>
</div>
</blockquote>
<br>
With the new rules, you can trigger the voting period with the final
text even at March 28th (at the latest). I don't think the
"Discussion end time" makes a difference since the Bylaws are very
clear on the 7+ days for discussion :)<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:MWHPR14MB1376AF15C444D38FDD506DDC83D30@MWHPR14MB1376.namprd14.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:windowtext"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;color:windowtext">From:</span></b><span
style="font-size:11.0pt;color:windowtext"> Public
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of
</b>Dimitris Zacharopoulos via Public<br>
<b>Sent:</b> Monday, March 12, 2018 3:26 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> Re: [cabfpub] Ballot 219: Clarify
handling of CAA Record Sets with no
"issue"/"issuewild" property tag<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 7/3/2018 9:02 μμ, Corey Bonnell via
Public wrote:<span style="font-size:11.0pt"><o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal">Several weeks ago, after receiving
feedback from several Forum members, I submitted an IETF
erratum (<a
href="https://clicktime.symantec.com/a/1/_dfjzFBLFWWu3TtSSb258nrvIo9PjiZ6EINdAY3hg5U=?d=gJpjg_n3FbpDyP_Ng3Qhe1LcnmYhQB4WE5LK78ISpw3j19Wq2r4pzz1Q_JpCK1TW3j64DgExJBMOH6mDAYlvmPTcGAuyf5Y8waQuHacRiIEs2uhKFS_1IJveDOA4uuQP03rNr54M8lHPxgXVfbCoyC7tbhs1wODAPB4oElC0yD7Y1sOTUyWU8_az0Q39LNkkzA_4nn4M8oGDMafbkF91UfOKWMneObWs2ieTRV5EWFQY2rkfVFWjjOHEhDvwUXNn9HujUGGYwoz7zh43EI9_11FmTcPdzdDsgZprK0jRWiCSoy0Clm2vQO9xO1eNz89LEACC-I7NqQ3PbWj9oDXxuPq7D1GRsDS-GS_xqdNAhPRwsCEsgAL9bz3lVIrn1_Kj_oCKDupWFBvkU2Hy_PTtNaP5rvZmjpr1FVUhrQddRr7fNo8dDXcqOLDO8LgrCi5SpAsTkHOoj5rIrp1CjBfFkzMqJIpxgMGzC0c%3D&u=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata_search.php%3Feid%3D5244"
moz-do-not-send="true">https://www.rfc-editor.org/errata_search.php?eid=5244</a>)
for this clarification so that we may potentially be able
to directly include the erratum text in the Baseline
Requirements as was done for erratum 5065. However, there
has been no response from the IETF in regard to getting
this erratum approved, so we would like to proceed with
Ballot 219 to clarify this in the Baseline Requirements in
the short term. We will continue to pursue getting the RFC
language clarified, but that appears that it will take
quite some time.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The wording of the ballot below is the
same as the version sent in late January with the
exception of a slight change to “future-proof” the
language based on a suggestion by Gerv and the BR version
has been bumped up to the latest version.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">We would like to begin the discussion
period for this ballot. We would highly appreciate any
feedback and comments that anyone has before bringing this
ballot to a vote.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’d be happy to create a redline, but
I’m unsure of our current preferred process for doing so.
If Github (<a
href="https://clicktime.symantec.com/a/1/4cnBDQ-JMP2wxqhzMSjmi4KjTQs01n3y_Yi08QrgHwc=?d=gJpjg_n3FbpDyP_Ng3Qhe1LcnmYhQB4WE5LK78ISpw3j19Wq2r4pzz1Q_JpCK1TW3j64DgExJBMOH6mDAYlvmPTcGAuyf5Y8waQuHacRiIEs2uhKFS_1IJveDOA4uuQP03rNr54M8lHPxgXVfbCoyC7tbhs1wODAPB4oElC0yD7Y1sOTUyWU8_az0Q39LNkkzA_4nn4M8oGDMafbkF91UfOKWMneObWs2ieTRV5EWFQY2rkfVFWjjOHEhDvwUXNn9HujUGGYwoz7zh43EI9_11FmTcPdzdDsgZprK0jRWiCSoy0Clm2vQO9xO1eNz89LEACC-I7NqQ3PbWj9oDXxuPq7D1GRsDS-GS_xqdNAhPRwsCEsgAL9bz3lVIrn1_Kj_oCKDupWFBvkU2Hy_PTtNaP5rvZmjpr1FVUhrQddRr7fNo8dDXcqOLDO8LgrCi5SpAsTkHOoj5rIrp1CjBfFkzMqJIpxgMGzC0c%3D&u=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments"
moz-do-not-send="true">https://github.com/cabforum/documents</a>)
is the current preferred method, I’d like to point out
that the “master” branch is currently out of date (it’s
currently 1.5.4, whereas the current adopted version is
1.5.6).<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">Ballot 219: Clarify
handling of CAA Record Sets with no "issue"/"issuewild"
property tag</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">Purpose of this ballot:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">RFC 6844 contains an
ambiguity in regard to the correct processing of a
non-empty CAA Resource Record Set that does not contain
any issue property tag (and also does not contain any
issuewild property tag in the case of a Wildcard Domain
Name). It is ambiguous if a CA must not issue when such
a CAA Resource Record Set is encountered, or if such a
Resource Record Set is implicit permission to issue.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">Given that the intent of
the RFC is clear (such a CAA Resource Record Set is
implicit permission to issue), we are proposing the
following change to allow for CAA processing consistent
with the intent of the RFC.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">The following motion has
been proposed by Corey Bonnell of Trustwave and endorsed
by Tim Hollebeek of Digicert and Mads Egil Henriksveen
of Buypass.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">-- MOTION BEGINS --</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">This ballot modifies the
“Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates” as follows, based upon
Version 1.5.6:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">In section 3.2.2.8, add
this sentence:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">CAs MAY treat a non-empty
CAA Resource Record Set that does not contain any issue
property tags (and also does not contain any issuewild
property tags when performing CAA processing for a
Wildcard Domain Name) as permission to issue, provided
that no records in the CAA Resource Record Set otherwise
prohibit issuance</span>.<o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">to the end of this
paragraph:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">When processing CAA
records, CAs MUST process the issue, issuewild, and
iodef property tags as specified in RFC 6844, although
they are not required to act on the contents of the
iodef property tag. Additional property tags MAY be
supported, but MUST NOT conflict with or supersede the
mandatory property tags set out in this document. CAs
MUST respect the critical flag and not issue a
certificate if they encounter an unrecognized property
with this flag set.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif">-- MOTION ENDS –</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Times
New Roman ,serif",serif"> </span><o:p></o:p></p>
<p class="MsoNormal">The procedure for approval of this
ballot is as follows:<o:p></o:p></p>
<p class="MsoNormal">Discussion (7+ days) <o:p></o:p></p>
<p class="MsoNormal"> Start Time: 2018-03-07 19:00:00 UTC
<o:p></o:p></p>
<p class="MsoNormal"> End Time: Not Before 2017-03-10
19:00:00 UTC<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Vote for approval (7 days) <o:p></o:p></p>
<p class="MsoNormal"> Start Time: TBD<o:p></o:p></p>
<p class="MsoNormal"> End Time: TBD<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5">Corey
Bonnell</span></b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">Senior
Software Engineer</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">t:
+1 412.395.2233</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5">Trustwave</span></b><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray"> </span></b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">| SMART
SECURITY ON DEMAND<a
href="https://clicktime.symantec.com/a/1/esxpAFsW4yzcLvuyiRSGLU5XqPMaJtsgbNP3BtI0wzo=?d=gJpjg_n3FbpDyP_Ng3Qhe1LcnmYhQB4WE5LK78ISpw3j19Wq2r4pzz1Q_JpCK1TW3j64DgExJBMOH6mDAYlvmPTcGAuyf5Y8waQuHacRiIEs2uhKFS_1IJveDOA4uuQP03rNr54M8lHPxgXVfbCoyC7tbhs1wODAPB4oElC0yD7Y1sOTUyWU8_az0Q39LNkkzA_4nn4M8oGDMafbkF91UfOKWMneObWs2ieTRV5EWFQY2rkfVFWjjOHEhDvwUXNn9HujUGGYwoz7zh43EI9_11FmTcPdzdDsgZprK0jRWiCSoy0Clm2vQO9xO1eNz89LEACC-I7NqQ3PbWj9oDXxuPq7D1GRsDS-GS_xqdNAhPRwsCEsgAL9bz3lVIrn1_Kj_oCKDupWFBvkU2Hy_PTtNaP5rvZmjpr1FVUhrQddRr7fNo8dDXcqOLDO8LgrCi5SpAsTkHOoj5rIrp1CjBfFkzMqJIpxgMGzC0c%3D&u=http%3A%2F%2Fwww.trustwave.com%2F"
moz-do-not-send="true"><span
style="color:gray;text-decoration:none"><br>
www.trustwave.com</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Public@cabforum.org" moz-do-not-send="true">Public@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://clicktime.symantec.com/a/1/h9_RPGffXzOThunxElSFYzMNZr0CZoId1LZqkKjybKs=?d=gJpjg_n3FbpDyP_Ng3Qhe1LcnmYhQB4WE5LK78ISpw3j19Wq2r4pzz1Q_JpCK1TW3j64DgExJBMOH6mDAYlvmPTcGAuyf5Y8waQuHacRiIEs2uhKFS_1IJveDOA4uuQP03rNr54M8lHPxgXVfbCoyC7tbhs1wODAPB4oElC0yD7Y1sOTUyWU8_az0Q39LNkkzA_4nn4M8oGDMafbkF91UfOKWMneObWs2ieTRV5EWFQY2rkfVFWjjOHEhDvwUXNn9HujUGGYwoz7zh43EI9_11FmTcPdzdDsgZprK0jRWiCSoy0Clm2vQO9xO1eNz89LEACC-I7NqQ3PbWj9oDXxuPq7D1GRsDS-GS_xqdNAhPRwsCEsgAL9bz3lVIrn1_Kj_oCKDupWFBvkU2Hy_PTtNaP5rvZmjpr1FVUhrQddRr7fNo8dDXcqOLDO8LgrCi5SpAsTkHOoj5rIrp1CjBfFkzMqJIpxgMGzC0c%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic" moz-do-not-send="true">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
I would like to note that according to section 2.3 (c) of
the Bylaws, the proposers of this ballot have 21 calendar
days (starting on March 7th 2018) to start the voting
period, otherwise the ballot automatically fails. If my
calculations are correct, the final day to start the
voting is March 28th.<br>
<br>
<br>
Thank you,<br>
Dimitris.<o:p></o:p></span></p>
</div>
</div>
</blockquote>
<br>
</body>
</html>