<div dir="ltr">Like HARICA, we share concerns that the understandably reasonable attempt to add an effective date has created significant issues for this. This is further expanded upon in <a href="https://archive.cabforum.org/pipermail/servercert-wg/2021-April/002604.html">https://archive.cabforum.org/pipermail/servercert-wg/2021-April/002604.html</a> , and these are hopefully easily fixed and will result in a resubmission of this ballot.<div><br></div><div>However, because we didn't catch these during the discussion period, for Ballot SC43v2, Google votes NO.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Apr 1, 2021 at 1:35 PM Dimitris Zacharopoulos (HARICA) via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org">servercert-wg@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<br>
I just saw that the effective date of the acceptable status codes
(1-Jul-2021) was added to section 1.2.1 in the revisions table which
is incorrect. In my understanding this is not a place to add
normative requirements and besides, it only captures the effective
date of the full version of the document, not a specific
requirement.<br>
<br>
Therefore, I'm afraid HARICA must vote NO to this ballot.<br>
<br>
<br>
Dimitris.<br>
<br>
<br>
<br>
<div>On 1/4/2021 7:01 μ.μ., Niko Carpenter
via Servercert-wg wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><a name="m_5034462145340119751__Hlk20486622"><span>Purpose of Ballot:</span><u></u><u></u></a></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>This ballot clarifies the allowed HTTP status
codes used for following redirects in domain validation
methods 18 and 19, and specifies that the target URI must
come from the Location response header.</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>In Section 3.2.2.4.18 and 3.2.2.4.19, it
replaces</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>"Redirects MUST be the result of an HTTP
status code result within the 3xx Redirection class of
status codes, as defined in RFC 7231, Section 6.4." with
the following:</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> * "Redirects MUST be the result of a 301,
302, 307, or 308 HTTP status code response."</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> * "Redirects MUST be to resource URLs
contained in the Location HTTP response header."</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>The following motion has been proposed by Niko
Carpenter of SecureTrust and endorsed by Corey Bonnell of
DigiCert and Ryan Sleevi of Google.</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>--MOTION BEGINS--</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>This ballot modifies the “Baseline
Requirements for the Issuance and Management of
Publicly-Trusted Certificates” as defined in the following
redline, based on Version 1.7.3:</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span></span><a href="https://scanmail.trustwave.com/?c=4062&d=9LHc4Ck8YCR0KMOI3EcCF7H8pVIBPn0qiNiZpinsag&s=5&u=https%3a%2f%2fgithub%2ecom%2fcabforum%2fservercert%2fcompare%2f2b7720f7821764f0ea9d0d583ec5c61896a3f4cd%2e%2ebd7915249a0360a28fe37b785c367d70645c7e8f" target="_blank"><span><span>https://github.com/cabforum/servercert/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..bd7915249a0360a28fe37b785c367d70645c7e8f</span></span><span></span></a><span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>--MOTION ENDS--</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>This ballot proposes a Final Maintenance
Guideline.</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>The procedure for approval of this ballot is
as follows:</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>Discussion (7+ days)</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>Start Time: 11-March 2021 21:30 UTC</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>End Time: 01-April 2021 16:00 UTC</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>Vote for approval (7 days)</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>Start Time: 01-April 2021 16:00 UTC</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:32.25pt"><span><span>End Time: 08-April 2021 16:00 UTC</span></span><span><span> </span><u></u><u></u></span></p>
<p class="MsoNormal"><span><span style="font-size:11pt"> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:0in;margin-bottom:12pt;margin-left:0.5in;text-indent:0.5in;line-height:14pt"><span><b><span style="font-family:Arial,sans-serif;color:rgb(0,143,197)">Niko
Carpenter <br>
</span></b></span><span></span><span style="font-size:10.5pt;font-family:Arial,sans-serif;color:rgb(89,89,91)">Software
Engineer</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-right:0in;margin-bottom:12pt;margin-left:0.5in"><a href="http://scanmail.trustwave.com/?c=4062&d=9LHc4Ck8YCR0KMOI3EcCF7H8pVIBPn0qiIrO8S3hag&s=5&u=http%3a%2f%2fwww%2esecuretrust%2ecom" target="_blank"><span style="font-size:10.5pt;font-family:Arial,sans-serif">www.securetrust.com</span></a><span style="color:black"><br>
<br>
<br>
<br>
</span><u></u><u></u></p>
<p class="MsoNormal"><i><span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(89,89,91)">2020
Best PCI Compliance Provider Winner – Card Not Present
Awards</span></i><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt">This
transmission may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable
law. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, distribution, or use
of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. If you received this
transmission in error, please immediately contact the sender
and destroy the material in its entirety, whether in
electronic or hard copy format. <u></u><u></u></span></p>
</div>
This transmission may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law.
If you are not the intended recipient, you are hereby notified
that any disclosure, copying, distribution, or use of the
information contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. If you received this transmission in error,
please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Servercert-wg mailing list
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
</blockquote></div>