<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>SSL.com votes YES on Ballot 219.<br>
</p>
<br>
<div class="moz-cite-prefix">On 4/3/2018 11:13 AM, Corey Bonnell via
Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:AD8F96A9-F5EF-471D-B57B-695753F24860@trustwave.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Yu Mincho";
panose-1:2 2 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@Yu Mincho";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">Ballot 219 v2: Clarify
handling of CAA Record Sets with no "issue"/"issuewild"
property tag</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">Purpose of this ballot:</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">RFC 6844 contains an
ambiguity in regard to the correct processing of a non-empty
CAA Resource Record Set that does not contain any issue
property tag (and also does not contain any issuewild
property tag in the case of a Wildcard Domain Name). It is
ambiguous if a CA must not issue when such a CAA Resource
Record Set is encountered, or if such a Resource Record Set
is implicit permission to issue.</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">Given that the intent of the
RFC is clear (such a CAA Resource Record Set is implicit
permission to issue), we are proposing the following change
to allow for CAA processing consistent with the intent of
the RFC.</span><span style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">The following motion has been
proposed by Corey Bonnell of Trustwave and endorsed by Tim
Hollebeek of Digicert and Mads Egil Henriksveen of Buypass.</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">-- MOTION BEGINS --</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">This ballot modifies the
“Baseline Requirements for the Issuance and Management of
Publicly-Trusted Certificates” as follows, based upon
Version 1.5.6:</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">In section 3.2.2.8, add this
sentence:</span><span style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">CAs MAY treat a non-empty CAA
Resource Record Set that does not contain any issue property
tags (and also does not contain any issuewild property tags
when performing CAA processing for a Wildcard Domain Name)
as permission to issue, provided that no records in the CAA
Resource Record Set otherwise prohibit issuance.</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">to the end of this paragraph:</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">When processing CAA records,
CAs MUST process the issue, issuewild, and iodef property
tags as specified in RFC 6844, although they are not
required to act on the contents of the iodef property tag.
Additional property tags MAY be supported, but MUST NOT
conflict with or supersede the mandatory property tags set
out in this document. CAs MUST respect the critical flag and
not issue a certificate if they encounter an unrecognized
property with this flag set.</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black">-- MOTION ENDS –</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"> </span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">The
procedure for approval of this ballot is as follows:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Discussion
(7+ days)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"> Start
Time: 2018-03-07 19:00:00 UTC <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"> End
Time: 2018-04-03 19:00:00 UTC<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Vote
for approval (7 days)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"> Start
Time: 2018-04-03 19:00:00 UTC<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">
End Time: 2018-04-10 19:00:00 UTC<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5">Corey
Bonnell</span></b><span
style="font-size:10.5pt;color:#428FC5"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">Senior
Software Engineer</span><span
style="font-size:10.5pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">t:
+1 412.395.2233</span><span
style="font-size:10.5pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5">Trustwave</span></b><b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray"> </span></b><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray">| SMART
SECURITY ON DEMAND</span><a href="http://www.trustwave.com/"
moz-do-not-send="true"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:gray;text-decoration:none"><br>
www.trustwave.com</span></a></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Chris Kemmerer
Manager of Operations
SSL.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ To find the reefs, look~~~~~~~~
~~~~ for the wrecks. ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</pre>
</body>
</html>