<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Mar 6, 2022 at 8:26 AM Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr">dzacharo@harica.gr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
Thanks for the feedback Aaron,<br>
<br>
<div>On 4/3/2022 12:27 π.μ., Aaron Gable
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Two very minor comments, provided here because
there is not an accompanying PR on which github comments can be
posted:</div>
</blockquote>
<br>
Right, the pull request was posted in the validation SC list but if
it helps, it is available at
<a href="https://github.com/dzacharo/servercert/pull/4" target="_blank">https://github.com/dzacharo/servercert/pull/4</a>.<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>> As part of the Certificate issuance process, the CA
MUST retrieve and process CAA records in accordance with RFC
8659 for each `dNSName` in the `subjectAltName` extension that
does not contain an Onion Domain Name. If the CA issues, they
MUST do so within the TTL of the CAA record, or 8 hours,
whichever is greater.</div>
<div><br>
</div>
<div>Is it more proper to say "each `dNSName`... that <b>does
not contain</b> an Onion Domain Name" or "each `dNSName`...
that <b>is not</b> an Onion Domain Name"?</div>
</div>
</blockquote>
<br>
Aaron, are you proposing to make the text "does not contain" in bold
letters? I also believe that the word "contain" seems ok in the
original text.<br>
<br>
I tried to reverse the sentence a bit and it seems easier to read.<br>
<br>
<i>"As part of the Certificate issuance process, for each `dNSName`
in the `subjectAltName` extension that does not contain an Onion
Domain Name, the CA MUST retrieve and process CAA records in
accordance with RFC 8659."</i><br>
<br>
Are people ok with this or should I revert?<br></div></blockquote><div><br></div><div>I think the original phrasing was good! I wasn't suggesting that it be changed to "is not", I was genuinely unsure which would be clearer :D But I've done some more research and it looks like the "contains" phrasing is already used elsewhere so that sounds good to me.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>> 4. When a Certificate includes an Onion Domain Name,
the Domain Name shall not be considered an Internal Name
provided that the Certificate was issued in compliance with
this [Appendix
B](#appendix-b--issuance-of-certificates-for-onion-domain-names).</div>
<div><br>
</div>
<div>The number of this item was updated from "3" to "4", but
there is not actually a different third item being added. It
should remain "3".</div>
</div>
</blockquote>
<br>
I made the change. The markdown correctly rendered it as "3" despite
the text being "4" :)<br>
<br>
New immutable link at<br>
<ul>
<li><a href="https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...1bac785b2fd6a3fe0957434f9d13b13a47d4d19b" title="https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...1bac785b2fd6a3fe0957434f9d13b13a47d4d19b" rel="nofollow" target="_blank">https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...1bac785b2fd6a3fe0957434f9d13b13a47d4d19b</a></li>
</ul>
Please check the above and if there are no other changes, I will
restart the discussion on Tuesday.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Aaron</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Mar 2, 2022 at 10:22
PM Dimitris Zacharopoulos (HARICA) via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div> <br>
<h2>PURPOSE OF BALLOT</h2>
Over the years the Server Certificate WG captured several
minor cleanup issues related to Onion Certificates.<br>
<br>
Here is a summary of the changes:<br>
<ul>
<li>Created a Defined Term for Onion Domain Name. We
discovered a lot of repeated long text describing what
an onion certificate is, and thought it would be best
adding as a definition</li>
<li>Removed EVG Appendix F contents since v2 onion
certificates can't be used anymore; it is kept as a
placeholder</li>
<li>Removed the obligation for the CA to ensure that the
applicantSigningNonce includes specific entropy.</li>
<li>Tweaked 3.2.2.8 a bit in the hopes of making the
initial sentence shorter and easier to read.</li>
</ul>
The following motion has been proposed by Dimitris
Zacharopoulos of HARICA and endorsed by Ben Wilson of
Mozilla and Corey Bonnell of DigiCert.<br>
<h2 id="gmail-m_-2496030875623442938gmail-m_4271328238967272084motion_begins">MOTION
BEGINS</h2>
<div>
<p> This ballot modifies the “Baseline Requirements for
the Issuance and Management of Publicly-Trusted
Certificates” (“Baseline Requirements”), based on
Version 1.8.1:<br>
MODIFY the Baseline Requirements as specified in the
following redline:<br>
</p>
<ul>
<li>
<div> <a href="https://github.com/cabforum/servercert/compare/65e80e07855ecc1d2264c040ecc7d398f997d2c5...c2120c30e347899fb89131e10e8617b6cfe74bc4" title="https://github.com/cabforum/servercert/compare/65e80e07855ecc1d2264c040ecc7d398f997d2c5...c2120c30e347899fb89131e10e8617b6cfe74bc4" rel="nofollow" target="_blank">https://github.com/cabforum/servercert/compare/65e80e07855ecc1d2264c040ecc7d398f997d2c5...c2120c30e347899fb89131e10e8617b6cfe74bc4</a></div>
</li>
</ul>
<p> This ballot modifies the “Guidelines for the Issuance
and Management of Extended Validation Certificates” (“EV
Guidelines”), based on Version 1.7.8: MODIFY the EV
Guidelines as defined in the following redline:<br>
</p>
<ul>
<li>
<div> <a href="https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...c2120c30e347899fb89131e10e8617b6cfe74bc4" title="https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...c2120c30e347899fb89131e10e8617b6cfe74bc4" rel="nofollow" target="_blank">https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...c2120c30e347899fb89131e10e8617b6cfe74bc4</a></div>
</li>
</ul>
</div>
<div>
<form method="post"></form>
</div>
<h2 id="gmail-m_-2496030875623442938gmail-m_4271328238967272084motion_ends">MOTION ENDS</h2>
<div>
<p> This ballot proposes a Final Maintenance Guideline.
The procedure for approval of this ballot is as follows:
</p>
</div>
<div>
<form method="post"></form>
</div>
<h3 id="gmail-m_-2496030875623442938gmail-m_4271328238967272084discussion_7_days">Discussion
(7+ days)</h3>
<div>
<p> Start Time: 2022-03-03 15:00:00 UTC<br>
End Time: Not before 2022-03-10 15:00:00 UTC </p>
</div>
<div>
<form method="post"></form>
</div>
<h3 id="gmail-m_-2496030875623442938gmail-m_4271328238967272084vote_for_approval_7_days">Vote
for approval (7 days)</h3>
<div>
<p> Start Time: TBD<br>
End Time: TBD </p>
</div>
</div>
_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</blockquote></div></div>