<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Tim,<br>
<br>
None of the IETF standards set policy unless they are invited by
some policy authority :) The BRs set such policy and "import" some
documents, such as RFC 5280, 3647 and others.<br>
<br>
The BRs in section 1.1 state:<br>
<br>
<blockquote type="cite">These Requirements do not address all of the
issues relevant to the issuance and management of Publicly-Trusted
Certificates. In accordance with RFC 3647 and to facilitate a
comparison of other certificate policies and CPSs (e.g. for policy
mapping), this document includes all sections of the RFC 3647
framework. However, rather than beginning with a "no stipulation"
comment in all empty sections, the CA/Browser Forum is leaving
such sections initially blank until a decision of "no stipulation"
is made</blockquote>
<br>
In addition, section 2.2 states (emphasis added):<br>
<br>
<blockquote type="cite">The Certificate Policy and/or Certification
Practice Statement MUST be structured in accordance with RFC 3647
and <b>MUST include all material required by RFC 3647</b>.</blockquote>
<br>
If you go back to the discussions when the CA/B Forum decide to
align with the "RFC 3647 format", we agreed to include each and
every section of the outline as a minimum set.<br>
<br>
MRSP states in section 3.3 (5) (again, emphasis added):<br>
<br>
<blockquote type="cite">5. all CPs, CPSes, and combined CP/CPSes
MUST be structured according to RFC 3647 and MUST:<br>
<br>
- include <b>at least every section and subsection defined in
RFC 3647</b>;<br>
- only use the words "No Stipulation" to mean that the
particular document imposes no requirements related to that
section; and<br>
- contain no sections that are blank and have no subsections;</blockquote>
<br>
So, with all that considered, when we visit <a
href="https://datatracker.ietf.org/doc/html/rfc3647#section-6">section
6 of RFC 3647</a> ("the outline"), the expectation is to include
each and every section and subsection of the outline (up to three
levels).<br>
<br>
CAs are free to add MORE sections and subsections as they desire,
just like the BRs have done, but we can't escape or "hijack" an
existing RFC 3647 section number. The outline contains a specific
section labeled as "3.2.1 Method to prove possession of private
key". That means we cannot re-use the number 3.2.1 for something
else.<br>
<br>
I hope this sounds reasonable to people.<br>
<br>
Dimitris.<br>
<br>
<br>
<div class="moz-cite-prefix">On 1/12/2023 6:51 μ.μ., Tim Hollebeek
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:SN7PR14MB64924E142221A831ACBBC4878381A@SN7PR14MB6492.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">This is unfortunately wrong. There are
lots of misconceptions about RFC 3647 “compliance”.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The first point is that RFC 3647 is an
INFORMATIONAL RFC. You can see this right at the top, where
it says “Category: Informational”. This means that it
contains no requirements and it’s impossible to be out of
compliance with it. This is why I put quotes around
“compliance”. Any requirements around it need to come from
elsewhere, for example, a root program requirement that
requires a particular document to be in RFC 3647 format. But
that’s vague and informal, because 3647 doesn’t have
requirements, it just has an outline and suggested contents.
It’s not 100% precise what “MUST be in RFC 3647 format” means,
and we need to just acknowledge that (specifying it precisely
would be a colossal waste of time).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So what does “RFC 3647 format” mean? RFC
3647’s outline only covers the first two levels. So “Section
3.2: Initial Identity Validation” is a RFC 3647 section
header, and most reasonable interpretations of “RFC 3647
format” would require it to exist with that or a substantially
similar name and contents.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Section 3.2.1, on the other hand, is not an
RFC 3647 section. It’s common to have a third level of
headers that mirror the “bullet points” in the suggested
content for the section, but those are just unordered bullet
lists in RFC 3647. Claiming that section 3.2.1 of a document
in RFC 3647 must describe private key protection goes beyond
what RFC 3647 says. Section 3.2 just “contains the following
elements”, so private key protection is just one of several
topics that one might discuss in section 3.2. It could be
section 3.2.1, but it could be elsewhere in 3.2, and it’s
perfectly fine for 3.2.1 to not exist, have different content,
etc.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Figuring out where section 11.1 goes is not
trivial, but at first glance, section 3.2 is not an
unreasonable choice, and I can understand why Inigo made it.
And there isn’t a compliance reason why it can’t be section
3.2.1, if that’s what we want.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Of course, we could convert the recommended
bulleted sections to a numbered list of subsections (we often
do elsewhere), in which case section 3.2.1 could be “Private
Key Protection” with contents “No Stipulation”. If we do
that, I suggest we follow the rest of the bullets as well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Either way works.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-Tim<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Dimitris Zacharopoulos
<a class="moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr"><dzacharo@harica.gr></a> <br>
<b>Sent:</b> Friday, December 1, 2023 10:48 AM<br>
<b>To:</b> Inigo Barreira
<a class="moz-txt-link-rfc2396E" href="mailto:Inigo.Barreira@sectigo.com"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b> Tim Hollebeek
<a class="moz-txt-link-rfc2396E" href="mailto:tim.hollebeek@digicert.com"><tim.hollebeek@digicert.com></a>; CA/B Forum Server
Certificate WG Public Discussion List
<a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b> Re: [Servercert-wg] SC-065: Convert EVGs
into RFC 3647 format pre-ballot<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span
style="font-family:"Arial",sans-serif">We MUST
comply with RFC 3647 which means that we must include
sections that are listed in the outline of 3647, and if
we have nothing to say, we leave it empty. We can't
"hijack" the numbering just because we have no
requirements to describe. <br>
<br>
That's my interpretation of the RFC 3647 compliance.
Perhaps others can chime in and state their opinion. <br>
<br>
<br>
Thanks, <o:p></o:p></span></p>
</div>
<div>
<p><span style="font-family:"Arial",sans-serif">DZ.<o:p></o:p></span></p>
</div>
<div>
<div>
<p><span style="font-family:"Arial",sans-serif">Dec
1, 2023 14:50:23 Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true" class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>:<o:p></o:p></span></p>
</div>
<blockquote
style="border:none;border-left:solid #CCCCCC 2.25pt;padding:0in 0in 0in 8.0pt;margin-left:0in;margin-right:0in">
<p class="MsoNormal"><span lang="ES">Thanks Dimitris.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I think that
strictly speaking, in RFC 3647 this section is the
4.3.2 Initial Identity Validation and the first bullet
is about proving the possession of the private key,
but there´s no specific section other than the general
approach that we´ve implemented.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">That said, the
current EVG does not include anything about the
possession of the private key because that´s covered
in the TLS BRs so that section does not exist in the
EVGs and therefore I didn´t know how to
avoid/implement it.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I decided to
continue with the normal numbering for an easy
checking, so all 11 section is moved into section 3.2
and the rest of the sub-numbers do not change (so 11.1
would be 3.2.1, 11.1.1 would be 3.2.1.1, etc.)</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I understand your
point but I think we can´t create a section 3.2.1 for
private key possession because there´s no such a text
in the EVGs (and don´t think we should add anything
new, even a NA for that) and don´t know which other
sections we can create under 3.2 that can break the
current equivalence, which again was done for an easy
comparison. </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">So, what would you
suggest to “comply” with that? I don´t have a clear
idea.</span><span style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Regards</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:KO" lang="ES">De:</span></b><span
style="mso-fareast-language:KO" lang="ES">
Dimitris Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>
<br>
<b>Enviado el:</b> jueves, 30 de noviembre de 2023
13:16<br>
<b>Para:</b> Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>;
CA/B Forum Server Certificate WG Public Discussion
List <<a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b> Re: [Servercert-wg] SC-065: Convert
EVGs into RFC 3647 format pre-ballot</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
</div>
</div>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="font-size:10.0pt;color:black;mso-fareast-language:JA" lang="ES">CAUTION:
This email originated from outside of the
organization. Do not click links or open attachments
unless you recognize the sender and know the content
is safe.</span><span style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="mso-fareast-language:JA" lang="ES">Inigo,<br>
<br>
As I am working to migrate the EV Guidelines into
the EV Code Signing Baseline Requirements I took a
look at the mapping you provided for the EV
Guidelines and noticed that you are proposing
migration of EVG section 11.1 into section 3.2.1.
This particular section is labeled "Method to prove
possession of private key" in RFC 3647 so I don't
think it is appropriate. I think it's best to create
new subsections under 3.2.<br>
<br>
Thanks,<br>
Dimitris.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="ES">On
8/9/2023 7:54 μ.μ., Inigo Barreira wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="ES">Hi all, </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="ES"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Attached
you´ll find the EVG v1.8.0 with comments in all
sections indicating where those sections, and the
content, have been moved into the new EVG RFC3647
format. So, with this document, plus the redlined
version, I hope you can have now a clearer view of
the changes done.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Let me know if
you need anything else to clarify the new version.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Regards</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:JA" lang="ES">De:</span></b><span
style="mso-fareast-language:JA" lang="ES">
Inigo Barreira <a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a>
<br>
<b>Enviado el:</b> martes, 29 de agosto de
2023 17:06<br>
<b>Para:</b> Tim Hollebeek <a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Dimitris Zacharopoulos (HARICA) <a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"><dzacharo@harica.gr></a>;
CA/B Forum Server Certificate WG Public
Discussion List <a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Asunto:</b> RE: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647 format pre-ballot<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="ES"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Thanks
Dimitris and Tim.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I did
something of that internally but didn´t reflect on
the document, so will try to reproduce to have it
clearer.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">OTOH, and as
indicated in the PR, the whole section 11 has been
placed in section 3.2 keeping the rest of the
numbering. So, for example:</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">EVG
EVG3647</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.1
3.2.1</span><span style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.1.1
3.2.1.1</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.1.2
3.2.1.2</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.1.3
3.2.1.3</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.2
3.2.2</span><span style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.2.1
3.2.2.1</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">…..
…. </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.13
3.2.13</span><span style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.14
3.2.14</span><span style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.14.1
3.2.14.1</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.14.2
3.2.14.2</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">11.14.3
3.2.14.3</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Hope this can
clarify the main difficult that I found in the
document, where to place it and how.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Regards</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:JA" lang="EN-GB">De:</span></b><span
style="mso-fareast-language:JA" lang="EN-GB">
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>
<br>
<b>Enviado el:</b> martes, 29 de agosto de
2023 16:59<br>
<b>Para:</b> Dimitris Zacharopoulos (HARICA)
<<a href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>;
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b> RE: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647 format pre-ballot</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="font-size:10.0pt;color:black;mso-fareast-language:JA">CAUTION:
This email originated from outside of the
organization. Do not click links or open
attachments unless you recognize the sender and
know the content is safe.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">Yes, exactly. I
would like to see a list that shows that
EVG-classic section 1.4 is now in EVG-3647
section 4.1. Then I can look at where the new
text landed, see how the conversion was handled,
we can all verify that nothing was lost or left
out, etc.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">Without that,
anyone attempting to review the document is
forced to recreate the mapping just to figure
out where everything went and that nothing was
missed or put in the wrong place. Redlines are
not sufficient when large amounts of text are
moving around to different places.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">I’m saying this
because from my spot-checking, the conversion
appears to be pretty good, and I’d like to be
able to do a final verification that it’s mostly
correct so I can endorse.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">-Tim</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:JA">From:</span></b><span
style="mso-fareast-language:JA"> Dimitris
Zacharopoulos (HARICA) <</span><span
style="mso-fareast-language:JA" lang="ES"><a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"><span
lang="EN-US">dzacharo@harica.gr</span></a></span><span
style="mso-fareast-language:JA">> <br>
<b>Sent:</b> Tuesday, August 29, 2023 7:58
AM<br>
<b>To:</b> Inigo Barreira <</span><span
style="mso-fareast-language:JA" lang="ES"><a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"><span
lang="EN-US">Inigo.Barreira@sectigo.com</span></a></span><span
style="mso-fareast-language:JA">>; CA/B
Forum Server Certificate WG Public
Discussion List <</span><span
style="mso-fareast-language:JA" lang="ES"><a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><span
lang="EN-US">servercert-wg@cabforum.org</span></a></span><span
style="mso-fareast-language:JA">>; Tim
Hollebeek <</span><span
style="mso-fareast-language:JA" lang="ES"><a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"><span
lang="EN-US">tim.hollebeek@digicert.com</span></a></span><span
style="mso-fareast-language:JA">><br>
<b>Subject:</b> Re: [Servercert-wg]
SC-065: Convert EVGs into RFC 3647 format
pre-ballot</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="mso-fareast-language:JA">Hi Inigo,<br>
<br>
You can take some guidance from previous
successful efforts to convert existing
documents into RFC 3647 format. The latest
attempt was in the Code Signing BRs conversion
in May 2022. Check out the mapping document
and the comments in the </span><span
style="mso-fareast-language:JA" lang="ES"><a
href="https://lists.cabforum.org/pipermail/cscwg-public/2022-May/000795.html"
moz-do-not-send="true"><span lang="EN-US">ballot
discussion period</span></a></span><span
style="mso-fareast-language:JA">.<br>
<br>
For each existing section/paragraph, it would
be nice to have a comment describing where
that existing language will land in the
converted document (destination). This will
allow all existing text to be accounted for.<br>
<br>
During this process, you might encounter
duplicate or redundant text which needs to be
flagged accordingly. You might also get into
some uncertainty as to which RFC3647 section
is a best fit for existing text that might
require additional discussion. <br>
<br>
I hope this helps.<br>
<br>
<br>
Dimitris.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">On 29/8/2023
12:42 μ.μ., Inigo Barreira via Servercert-wg
wrote:</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="EN-GB">Hi
Tim,</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="EN-GB">See
attached redlined and current versions. I
just used what Martijn suggested yesterday
but let me know if this is what you were
looking for.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="EN-GB">Regards</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA" lang="EN-GB"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:JA">De:</span></b><span
style="mso-fareast-language:JA"> Tim
Hollebeek </span><span
style="mso-fareast-language:JA"
lang="ES"><a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"><span
lang="EN-US"><tim.hollebeek@digicert.com></span></a></span><span
style="mso-fareast-language:JA"> <br>
<b>Enviado el:</b> lunes, 28 de agosto
de 2023 19:49<br>
<b>Para:</b> Inigo Barreira </span><span
style="mso-fareast-language:JA"
lang="ES"><a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"><span
lang="EN-US"><Inigo.Barreira@sectigo.com></span></a></span><span
style="mso-fareast-language:JA">; CA/B
Forum Server Certificate WG Public
Discussion List </span><span
style="mso-fareast-language:JA"
lang="ES"><a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><span
lang="EN-US"><servercert-wg@cabforum.org></span></a></span><span
style="mso-fareast-language:JA"><br>
<b>Asunto:</b> RE: SC-065: Convert EVGs
into RFC 3647 format pre-ballot</span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="font-size:10.0pt;color:black;mso-fareast-language:JA">CAUTION:
This email originated from outside of the
organization. Do not click links or open
attachments unless you recognize the
sender and know the content is safe.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">Thanks for
doing this Inigo … I know re-organizations
like this are a lot of work and fall very
much in the category of “important but not
fun”. So thanks for taking an initial
stab at this.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">Is there a
mapping that shows where all the original
text ended up? I think that’s going to be
essential for people to be able to review
this. I did some spot checking, and your
conversion looks pretty good, but I wasn’t
able to do a more detailed review without
a mapping.</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">-Tim</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:JA">From:</span></b><span
style="mso-fareast-language:JA">
Servercert-wg <</span><span
style="mso-fareast-language:JA"
lang="ES"><a
href="mailto:servercert-wg-bounces@cabforum.org" moz-do-not-send="true"><span
lang="EN-US">servercert-wg-bounces@cabforum.org</span></a></span><span
style="mso-fareast-language:JA">>
<b>On Behalf Of </b>Inigo Barreira
via Servercert-wg<br>
<b>Sent:</b> Monday, August 28, 2023
5:20 AM<br>
<b>To:</b> CA/B Forum Server
Certificate WG Public Discussion
List <</span><span
style="mso-fareast-language:JA"
lang="ES"><a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><span
lang="EN-US">servercert-wg@cabforum.org</span></a></span><span
style="mso-fareast-language:JA">><br>
<b>Subject:</b> [Servercert-wg]
SC-065: Convert EVGs into RFC 3647
format pre-ballot</span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">Hello,</span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">The
current Extended Validation Guidelines
(EVGs) are written in a non-standardized
format. For many years it has been
discussed to convert this document into
the RFC 3647 format and follow the
standardized model for this type of
documents. </span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">Given
that this has been known for several
years, I have prepared the following
ballot text, which converts the EVGs
into the RFC 3647 format:</span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"
lang="ES"><a
href="https://url.avanan.click/v2/___https:/github.com/cabforum/servercert/pull/440___.YXAzOmRpZ2ljZXJ0OmE6bzoyOGIxNWVhZGVmZDlkZTM0NjQzZTA3YTlmYTA2MzM5YTo2OmExZWM6NGZmMGEzM2U0ZWZjOTU4MTM1NWRkNjU3ZDE5YjU3Y2YxNzg1NWU0ZTVjYzkzY2NjM2M0MWU5MzEyYzJmZTQ0NzpoOkY"
title="Protected by Avanan: https://github.com/cabforum/servercert/pull/440"
moz-do-not-send="true"><span
lang="EN-GB">EVGs based on RFC3647
by barrini · Pull Request #440 ·
cabforum/servercert (github.com)</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">I am
currently seeking two endorsers as well
as any feedback on the ballot content
itself (wording, effective dates, etc.).</span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA">Thanks,</span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA"
lang="ES"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
<pre><span style="mso-fareast-language:JA">_______________________________________________</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></pre>
<pre><span style="mso-fareast-language:JA">Servercert-wg mailing list</span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></pre>
<pre><span style="mso-fareast-language:JA"
lang="ES"><a
href="mailto:Servercert-wg@cabforum.org"
moz-do-not-send="true"><span lang="EN-US">Servercert-wg@cabforum.org</span></a><o:p></o:p></span></pre>
<pre><span style="mso-fareast-language:JA"
lang="ES"><a
href="https://lists.cabforum.org/mailman/listinfo/servercert-wg"
moz-do-not-send="true"><span lang="EN-US">https://lists.cabforum.org/mailman/listinfo/servercert-wg</span></a><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span
style="mso-fareast-language:JA"> </span><span
style="mso-fareast-language:JA" lang="ES"><o:p></o:p></span></p>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>