<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
HARICA votes "yes" to ballot SC41v2.<br>
<br>
<br>
<div class="moz-cite-prefix">On 18/2/2021 12:28 π.μ., Ryan Sleevi
via Servercert-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01000177b21c46a6-c44e7d91-8109-4587-9e26-357251b93f7c-000000@email.amazonses.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div style="color:rgb(0,0,0)">Hearing no objections or concerns
during the discussion period for Ballot <span class="gmail-il">SC41v2</span>:
Reformat the BRs, EVGs, and NCSSRs , the purpose of this mail
is to signal the start of the VOTING PERIOD.</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">Bylaws Note: Although this Ballot
modifies how the documents internally express the Guideline
version number, it does not explicitly change the value of the
Guideline version number in a manner that would constitute an
"update" pursuant to CA/Browser Forum Bylaws 2.3, Section 2.4
(8). As such, the Chair or Vice-Chair are permitted to make
changes permitted by that Section as necessary.</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<span style="color:rgb(0,0,0)">Purpose of Ballot:</span><br
style="color:rgb(0,0,0)">
<br style="color:rgb(0,0,0)">
<span style="color:rgb(0,0,0)">This ballot attempts to align the
Baseline Requirements (BRs), EV Guidelines (EVGs), and the
Network and Certificate System Security Requirements (NCSSRs)
to a common format, to allow for the automatic generation of
final documents without requiring third-party tooling being
installed locally.</span><br style="color:rgb(0,0,0)">
<br style="color:rgb(0,0,0)">
<span style="color:rgb(0,0,0)">It is a continuation of the work
started in SC26 [1], and is within the work started originally
by Ballots 154 and 155 [2]. If this ballot succeeds, the
Server Certificate Working Group will use the
version-controlled documents in GitHub as the authoritative
source of requirements, avoiding issues that resulted from
exchanging various versions of Microsoft Office files via
e-mail or the Wiki.</span><br style="color:rgb(0,0,0)">
<br style="color:rgb(0,0,0)">
<span style="color:rgb(0,0,0)">The following changes are made,
and are explicitly called out, beyond changes to font/styling</span><br
style="color:rgb(0,0,0)">
<ul style="color:rgb(0,0,0)">
<li style="margin-left:15px">Baseline Requirements</li>
<ul>
<li style="margin-left:15px">Formatting issues in Sections
3.2.2.4.18, 3.2.2.4.19, 4.10.1, 6.1.6, Appendix B are
resolved (see [3] [4] [5])</li>
<li style="margin-left:15px">Section 9.6.1 referenced a
non-existent Section 11.2, which was a bug introduced in
BRs v1.3.0. This is fixed to the correct section, which is
7.1.4.2.2. [6]</li>
<li style="margin-left:15px">Section 3.2.2.4.7 referenced
Section 3.3.1, rather than the intended Section 4.2.1 [7]</li>
<li style="margin-left:15px">The BRs consistently
incorrectly refer to Section 8.1 for audit schemes, when
the correct reference in Section 8.4 [8]</li>
</ul>
<li style="margin-left:15px">Extended Validation Guidelines</li>
<ul>
<li style="margin-left:15px">The EVGs are aligned to common
language when referencing other sections, removing
variations like “this Section X”, “the Section X of these
Guidelines”, “Section X herein”, etc. Ambiguity is avoided
by ensuring these references will also be internal
document links that are structurally enforced.</li>
</ul>
<li style="margin-left:15px">Network and Certificate System
Security</li>
<ul>
<li style="margin-left:15px">The structure is aligned to the
BRs and EVGs, by listing Scope and Applicability followed
by Document History and Definitions.</li>
<li style="margin-left:15px">Section 2, Items (g), (k), and
(o) and Section 4, Item (c) and (f), have the sub-items
renumbered to Arabic numerals (1, 2, 3, 4) instead of
Roman numerals (i, ii, iii, iv), for consistency and to
avoid ambiguity with I/(i)/i.</li>
</ul>
</ul>
<div style="color:rgb(0,0,0)">This ballot attaches derived
versions of these documents in PDF and Microsoft Office, as
produced by these changes. However, these documents are
INFORMATIVE only, as per the Ballot text, and are provided to
assist Members in review. For the avoidance of doubt, the
attached documents do not constitute Ballot Versions, as
defined within the CA/Browser Forum Bylaws, Section 2.4(1).</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">If there are any inconsistencies,
the balloted text redline shall decide the definitive version.
However, Members are encouraged to raise any such presentation
issues, to ensure they can be reasonably addressed as part of
this Ballot.</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<span style="color:rgb(0,0,0)">The following motion has been
proposed by Ryan Sleevi of Google and endorsed by Ben Wilson
of Mozilla and Dimitris Zacharopoulos of HARICA.</span>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">Version 2 of this Ballot
introduces language to address potential conflicts with Ballot
SC39v3, due to modifying the same section of the NCSSRs, as
well as addresses one small Markdown lint pointed out by Aaron
Gable of ISRG/Let's Encrypt with respect to fenced code
blocks.</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">The comparison between v1 and <span
class="gmail-il">v2</span> of this ballot is available at
[9]<br>
<br>
[1] <a
href="https://cabforum.org/2020/03/30/ballot-sc26v2-pandoc-friendly-markdown-formatting-changes/"
target="_blank" moz-do-not-send="true">https://cabforum.org/2020/03/30/ballot-sc26v2-pandoc-friendly-markdown-formatting-changes/</a><br>
[2] <a
href="https://cabforum.org/2015/11/18/ballots-154-and-155-convert-to-rfc-3647-framework-and-github/"
target="_blank" moz-do-not-send="true">https://cabforum.org/2015/11/18/ballots-154-and-155-convert-to-rfc-3647-framework-and-github/</a><br>
[3] <a
href="https://github.com/cabforum/servercert/issues/230"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert/issues/230</a><br>
[4] <a
href="https://github.com/cabforum/servercert/issues/231"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert/issues/231</a><br>
[5] <a
href="https://github.com/cabforum/servercert/issues/233"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert/issues/233</a><br>
[6] <a
href="https://github.com/cabforum/servercert/issues/237"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert/issues/237</a><br>
[7] <a
href="https://github.com/cabforum/servercert/issues/236"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert/issues/236</a><br>
[8] <a
href="https://github.com/cabforum/servercert/issues/216"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert/issues/216</a></div>
<div style="color:rgb(0,0,0)">[9] <a
href="https://github.com/cabforum/servercert/compare/a8a6605a1d37ec9120ee1cc30b725bafa4dd5651..8f0a3b5038ff2911c50741ded594d403ec868803"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert/compare/a8a6605a1d37ec9120ee1cc30b725bafa4dd5651..8f0a3b5038ff2911c50741ded594d403ec868803</a><br>
<br>
– MOTION BEGINS –<br>
<br>
This ballot modifies the “Baseline Requirements for the
Issuance and Management of Publicly-Trusted Certificates”
(“Baseline Requirements”), based on Version 1.7.3:<br>
<br>
MODIFY the Baseline Requirements as defined in the following
redline to BR.md:<br>
<br>
<a
href="https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..8f0a3b5038ff2911c50741ded594d403ec868803"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..8f0a3b5038ff2911c50741ded594d403ec868803</a><br>
<br>
This ballot modifies the “Guidelines for the Issuance and
Management of Extended Validation Certificates” (“EV
Guidelines”) as follows, based on Version 1.7.4:<br>
<br>
MODIFY the EV Guidelines as defined in the following redline
to EVG.md:<br>
<br>
<a
href="https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..8f0a3b5038ff2911c50741ded594d403ec868803"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..8f0a3b5038ff2911c50741ded594d403ec868803</a><br>
<br>
This ballot modifies the “Network and Certificate System
Security Requirements” (“Network Security Controls”) as
follows, based on Version 1.5<br>
<br>
IF Ballot SC39v3 FAILS to be adopted by the Server Certificate
Chartered Working Group:<br>
<ul>
<li style="margin-left:15px"><font color="#000000">MODIFY
the Network Security Controls as defined in the
following redline to NSR.md:<br>
</font><a
href="https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..a8a6605a1d37ec9120ee1cc30b725bafa4dd5651"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..a8a6605a1d37ec9120ee1cc30b725bafa4dd5651</a></li>
</ul>
<div>IF Ballot SC39v3 SUCCEEDS and is adopted by the Server
Certificate Chartered Working Group</div>
<div>
<ul>
<li style="margin-left:15px">MODIFY the Network Security
Controls as defined in the following redline to NSR.md:<br>
<a
href="https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..8f0a3b5038ff2911c50741ded594d403ec868803"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..8f0a3b5038ff2911c50741ded594d403ec868803</a><br>
</li>
</ul>
</div>
<div>On the successful adoption of this Ballot, the Forum
shall recognize the CA/Browser Forum Server Certificate
Chartered Working Group Git repository, as the authoritative
and canonical source for the Baseline Requirements, EV
Guidelines, and Network Security Controls. Alternative
presentation formats may be used and provided, such as
PDF/A, Office Open XML, or HTML, but in the event of any
inconsistency in presentation, the documents as committed to
the official Git repository shall be authoritative.<br>
<br>
At the time of this ballot, the Git repository may be
browsed at <a href="https://github.com/cabforum/servercert"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert</a> and
cloned via <a
href="https://github.com/cabforum/servercert.git"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/servercert.git</a><br>
<br>
– MOTION ENDS –<br>
<br>
This ballot proposes three Final Maintenance Guidelines.<br>
<br>
The procedure for approval of this ballot is as follows:<br>
<br>
Discussion (7+ days)<br>
<br>
Start Time: 2021-02-08 16:00:00 UTC<br>
End Time: 2021-02-17 22:30:00 UTC<br>
<br>
Vote for approval (7 days)<br>
<br>
Start Time: 2021-02-17 22:30:00 UTC<br>
End Time: 2021-02-24 22:30:00 UTC</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
<br>
</body>
</html>