<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Pedro,<br>
<br>
If the proposed ballot interacts with sections that are modified by
an existing ballot, the second ballot proposer needs to describe
what will the possible results of that section look like, basically
by writing down the expected language if the first ballot passes or
fails.<br>
<br>
Bylaws section 2.4 (10):<br>
<i><br>
If a ballot is proposed to amend the same section of the Final
Guidelines or the Final Maintenance Guidelines as one or more
previous ballot(s) that has/have not yet been finally approved,
the newly proposed ballot must include information about, and a
link to, any such previous ballot(s), and may include provisions
to avoid any conflicts relating to such previous ballots.</i><br>
<br>
<br>
I hope this helps.<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 19/1/2024 2:34 μ.μ., Pedro FUENTES
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:43F59743-1E60-4AB9-8BAD-1B0C27A638DF@wisekey.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Hello,
<div>I’d like to know how this would interact with the change
proposed by Dimitris for the VATEL thing.</div>
<div>In my case I did put on hold my own proposed change
(regulation of use of QGIS for organization validation) until
the doc was in RFC format, and I wonder if we should do the same
for other proposed changes, as I guess the order of the ballots
is important here.</div>
<div>Best,</div>
<div>Pedro<br id="lineBreakAtBeginningOfMessage">
<div><br>
<blockquote type="cite">
<div>On 19 Jan 2024, at 13:27, Inigo Barreira via
Servercert-wg <a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a> wrote:</div>
<br class="Apple-interchange-newline">
<div>
<meta charset="UTF-8">
<div class="WordSection1"
style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Hi all,<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><o:p> </o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">As per
yesterday´s SCWG call, I´ve also updated the BRs
with the new section numbers of the EVG. Only 2
sections have been affected and therefore updated.<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;">Section
3.2.2.4.7<o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;">EVG
11.14.3<span class="Apple-converted-space"> </span><span
style="font-family: Wingdings;">à</span><span
class="Apple-converted-space"> </span>3.2.2.14.3<o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;">Section
7.1.2.7.5<o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;">EVG
9.2<span class="Apple-converted-space"> </span><span
style="font-family: Wingdings;">à</span><span
class="Apple-converted-space"> </span>7.1.4.2<o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"><o:p> </o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">You can find
all the information in the PR 440,<span
class="Apple-converted-space"> </span></span><span
style="font-size: 11pt;"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_servercert_pull_440_commits&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=4yDjCByZihcF66OPg0-LImW7hEJ3BRBPpguv_Dh5h0I&e="
style="color: blue; text-decoration: underline;"
moz-do-not-send="true"><span lang="EN-GB">EVGs
based on RFC3647 by barrini · Pull Request #440
· cabforum/servercert (github.com)</span></a></span><span
style="font-size: 11pt;" lang="EN-GB"><o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">First, I had
to update the current version of the BRs I was
working with (2.0.0) to the current one (2.0.2) and
then make the changes to the newest one.<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"><o:p> </o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Regards<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"><o:p> </o:p></span></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">De:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Inigo
Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>><br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>viernes,
15 de diciembre de 2023 12:42<br>
<b>Para:</b><span class="Apple-converted-space"> </span>Inigo
Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Dimitris Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>;
Bruce Morton <<a
href="mailto:Bruce.Morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>RE:
[Servercert-wg] SC-065: Convert EVGs into RFC
3647 format pre-ballot<o:p></o:p></span></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Hi everyone<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><o:p> </o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">As per last
week discussion during the SCWG, we agreed to follow
section 6 of the RFC 3647 for the new EVG format.<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">With that in
mind, I´ve updated the correspondent PR (#440) to
reflect it that way, so:<o:p></o:p></span></div>
<ul style="margin-bottom: 0cm; margin-top: 0cm;"
type="disc">
<li class="MsoListParagraph"
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Changed
section 1.1 name from scope to overview<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Created a
new section 3.2.1 for possession of the private
key<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Moved all
the other stuff of the old section 11 to a “new”
section 3.2.2 for organization identity.<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Also created
the remaining ones, 3.2.3, 3.2.4, etc.<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Update
section 8 removing section 8.1 and renumbering the
others and putting the self audits under 8.1 and
leaving section 8.7 for readiness audits because
don´t know where it can fit better (this section
does not exist in RFC 3647 section 6)<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Checked all
links<o:p></o:p></span></li>
</ul>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"><o:p> </o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">In any case,
see the comparison here:<span
class="Apple-converted-space"> </span></span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_servercert_compare_90a98dc7c1131eaab01af411968aa7330d315b9b...238ff99fbe04f2aa24f2c58910d8133f2283f11e&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=Fkxi2puIea-XluHGWRpA2fMQdGTdESWl6jTcxt-Mh2I&e="
style="color: blue; text-decoration: underline;"
moz-do-not-send="true"><span lang="EN-GB">Comparing
90a98dc7c1131eaab01af411968aa7330d315b9b...238ff99fbe04f2aa24f2c58910d8133f2283f11e
· cabforum/servercert (github.com)</span></a><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">If you´re ok
with this change, we can move forward a propose the
ballot for which I´ll need 2 endorsers.</span><span
style="font-size: 11pt;" lang="EN-GB"><o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"><o:p> </o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Regards<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"><o:p> </o:p></span></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">De:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Servercert-wg
<<a
href="mailto:servercert-wg-bounces@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg-bounces@cabforum.org</a>><span
class="Apple-converted-space"> </span><b>En
nombre de<span class="Apple-converted-space"> </span></b>Inigo
Barreira via Servercert-wg<br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>jueves,
7 de diciembre de 2023 13:08<br>
<b>Para:</b><span class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>;
Bruce Morton <<a
href="mailto:Bruce.Morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>;
CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>Re:
[Servercert-wg] SC-065: Convert EVGs into RFC
3647 format pre-ballot<o:p></o:p></span></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div style="border: 1pt solid black; padding: 2pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="">CAUTION: This email originated from
outside of the organization. Do not click links or
open attachments unless you recognize the sender
and know the content is safe.<o:p></o:p></span></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><o:p> </o:p></span></div>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Hi there,<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><o:p> </o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">See the comparing one.<o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_servercert_compare_90a98dc7c1131eaab01af411968aa7330d315b9b...13b4f85a494fefa52510512a2fb3c4d7c77a7a36&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=SAlnT_XxVC5MVdb-AWK-2-2ft5iK_-91Uh8zev3Au44&e="
style="color: blue; text-decoration: underline;"
moz-do-not-send="true"><span lang="EN-GB">Comparing
90a98dc7c1131eaab01af411968aa7330d315b9b...13b4f85a494fefa52510512a2fb3c4d7c77a7a36
· cabforum/servercert (github.com)</span></a><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;">Regards<span
style="font-size: 11pt;" lang="EN-GB"><o:p></o:p></span></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"><o:p> </o:p></span></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">De:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>><br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>lunes,
4 de diciembre de 2023 22:18<br>
<b>Para:</b><span
class="Apple-converted-space"> </span>Bruce
Morton <<a
href="mailto:Bruce.Morton@entrust.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>;
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>Re:
[Servercert-wg] SC-065: Convert EVGs into RFC
3647 format pre-ballot<o:p></o:p></span></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div style="border: 1pt solid black; padding: 2pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="">CAUTION: This email originated from
outside of the organization. Do not click links
or open attachments unless you recognize the
sender and know the content is safe.<o:p></o:p></span></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><o:p> </o:p></span></div>
<div>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><o:p> </o:p></p>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;">On
4/12/2023 9:22 μ.μ., Bruce Morton wrote:<o:p></o:p></div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">I thought an
intriguing promise of doing documents in
Github and in the same format is that we would
see the requirements in the same section,
which would allow for better management. Also,
the proposal Paul brought forward for the BR
of BRs would work much better if we use the
same sections. I guess I am encouraging the
move of EV from a non-standard format to a
sort of standard RFC 3647 format would be to
help provide document alignment.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">+1 to Dimitris
original suggestion.</span><o:p></o:p></div>
</blockquote>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><o:p> </o:p></span></div>
<ul style="margin-bottom: 0cm;" type="disc">
<li class="MsoNormal"
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_code-2Dsigning_compare_main...importEVG&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=IH-hz12ss4KJRRKpXUPs_ykN-ftU1yP8_QWnqFumUpE&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">https://github.com/cabforum/code-signing/compare/main...importEVG</a><o:p></o:p></span></li>
</ul>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">This is currently WIP,
maintaining the numbering of RFC 3647 section 6,
and moving the EV Guidelines sections referenced
by the CSBRs into new sections. We've done these
conversions in the past and they worked pretty
well, leading to consistently structured policy
documents across the ecosystem.<br>
<br>
It's not perfect but it tries to move
requirements to where RFC 3647 and the BRs
expect them to be. For example, section 11.14 of
the EV Guidelines talks about re-use of existing
documentation which fits into section 4.2.1 of
the BRs.<br>
<br>
<br>
Thanks,<br>
Dimitris.<o:p></o:p></span></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Thanks, Bruce.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">From:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Servercert-wg<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg-bounces@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg-bounces@cabforum.org></a><span
class="Apple-converted-space"> </span><b>On
Behalf Of<span
class="Apple-converted-space"> </span></b>Inigo
Barreira via Servercert-wg<br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Monday,
December 4, 2023 2:15 PM<br>
<b>To:</b><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA)<span
class="Apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><dzacharo@harica.gr></a>;
Tim Hollebeek<span
class="Apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><tim.hollebeek@digicert.com></a><br>
<b>Cc:</b><span
class="Apple-converted-space"> </span>CA/B
Forum Server Certificate WG Public
Discussion List<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>[EXTERNAL]
Re: [Servercert-wg] SC-065: Convert EVGs
into RFC 3647 format pre-ballot</span><o:p></o:p></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"> <o:p></o:p></div>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 1pt; color: white;">Dimitris,
I think that we should focus on the EVG not
on the CP/CPS. The CA´s CP/CPS will have
that 3. 2. 1 section because it´s in the TLS
BRs but that does not mean that the EVG must
have also that section 3. 2. 1 (BTW, the
section exist in the</span><o:p></o:p></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Dimitris,</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">I think
that we should focus on the EVG not on the
CP/CPS. The CA´s CP/CPS will have that 3.2.1
section because it´s in the TLS BRs but that
does not mean that the EVG must have also that
section 3.2.1 (BTW, the section exist in the
TLS BRs but with no content). At the end of
the day, every CA issuing TLS certs will have
to follow the TLS BRs and EVGs and then
accommodate their CP/CPSes according to both
documents.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">I
understand your point to be stricter in the
implementation of that specific point but for
every CA to change/update their current CP/CPS
with the new EVG in the RFC 3647 format, would
find it easier to where to make those
changes/adjustments in their own CP/CPS if we
can convert easily the current section 11 into
3.2 and not to start looking into different
numbers to make that change.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Regards</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"> </span><o:p></o:p></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">De:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>><br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>lunes,
4 de diciembre de 2023 20:02<br>
<b>Para:</b><span
class="Apple-converted-space"> </span>Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>;
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>><br>
<b>CC:</b><span
class="Apple-converted-space"> </span>CA/B
Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>Re:
[Servercert-wg] SC-065: Convert EVGs into
RFC 3647 format pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border: 1pt solid black; padding: 2pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="">CAUTION: This email originated from
outside of the organization. Do not click
links or open attachments unless you
recognize the sender and know the content is
safe.</span><o:p></o:p></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">FWIW, there are
informational RFCs that include SHOULD
requirements (I didn't check for other
informational RFCs that might contain SHALL
requirements). Take a look at<span
class="Apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_datatracker.ietf.org_doc_html_rfc8894-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBI0YJAc7w-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=eZUOnibdXAEm7TArY-4NlpNDvdpq2qrcI6Os5GzWvtY&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">RFC
8894</a>.<br>
<br>
I agree that there seems to be some
ambiguity in the REQUIRED CP/CPS structure
but the entire reasoning behind using the
"RFC 3647 format" was to align CP and CPS
documents so that comparisons can be made
across different CAs. If one CA reads that
they must follow a 2-level structure based
on section 4, and another CA reads that they
must follow the structure of section 6 of
the RFC, we're not meeting the goal for
alignment and easy comparisons.<br>
<br>
Digicert's CPS seems to follow the structure
of section 6 of RFC 3647. Has anyone spotted
a CPS claiming compliance with the TLS BRs
that is not following the section 6
structure of 3647?<br>
<br>
If all existing public CAs follow the
structure of section 6 of 3647 in their
CP/CPS documents, we can just clarify that
the expectation is what Ben mentioned in<span
class="Apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_github.com_BenWilson-2DMozilla_pkipolicy_commit_1a94642cb95017cf382e4e93811db16a2342a806-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBIIavReJg-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=7yKm78aVhCw6xlE85YVTEd_kGz4SHJhZ83xtcshx1Ag&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">https://github.com/BenWilson-Mozilla/pkipolicy/commit/1a94642cb95017cf382e4e93811db16a2342a806</a>,
so that we address this ambiguity. We
probably don't even need an effective date
if it causes no issue on existing CAs.<br>
<br>
My point is that if we leave this open to
interpretation, we can't compare CP/CPS
sections across multiple CAs efficiently,
and this defeats the whole purpose of the
requirement to structure CP/CPS documents
according to RFC 3647. We might as well
abandon the idea of converting the EV
Guidelines into that format.<br>
<br>
I believe that the intent has always been to
enforce a "stricter" alignment. But if
indeed there are deviations, I'd support
some stricter language to align CP/CPS
documents according to section 6 of RFC 3647
even with a future effective date :)<br>
<br>
<br>
Dimitris.</span><o:p></o:p></p>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">On 4/12/2023 7:27
μ.μ., Tim Hollebeek wrote:</span><o:p></o:p></div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Yeah, the fact
that the section 6 outline goes deeper
than the actual described format in
section 4 is annoying, and you’re right,
it’s probably the source of these
disagreements. I always look at section
4, because it has the actual guidance
about what sort of information should be
considered for inclusion.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">This is what
happens when people try to turn
informational documents into normative
requirements. You have to try to
interpret what phrases like “are strongly
advised to adhere”, which isn’t even a RFC
2119 SHOULD. And it can’t even be a
SHOULD, because as an informational RFC,
it is prohibited from having requirements,
even SHOULDs! That’s why it’s written
that way. Also, informational RFCs are
not examined as closely for
inconsistencies (because there are no
requirements!) which is how divergences
like section 4 vs 6 happen. It wasn’t
intended to be used as a compliance
document.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">I still think
what Inigo did is perfectly fine, although
there are lots of other perfectly fine
solutions, too. What we need to be
discussing is what’s best for us, not RFC
3647 requires, because RFC 3647 has
infinite leeway. As Aaron and I have been
pointing out, you’ll find lots of
divergences at level three, and there’s
even lots of additional content in level
two, just because a lot of newer content
doesn’t really have a good fit in RFC
3647.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Now, that said,
we might want to be more strict in the
future, and if we choose to do so, we can
be. I just don’t want people overstating
what the rules actually are, because a lot
of people’s time has been wasted enforcing
RFC 3647 in a way that is far stricter
than was ever intended (one of the reasons
I’m so vocal on this issue is because I
got this point of view from one of the
original authors).</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">-Tim</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor blue; border-image: none; padding: 0cm 0cm 0cm 4pt;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">From:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA)<span
class="Apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><dzacharo@harica.gr></a><br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Saturday,
December 2, 2023 5:26 AM<br>
<b>To:</b><span
class="Apple-converted-space"> </span>Tim
Hollebeek<span
class="Apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Inigo Barreira<span
class="Apple-converted-space"> </span><a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b><span
class="Apple-converted-space"> </span>CA/B
Forum Server Certificate WG Public
Discussion List<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>Re:
[Servercert-wg] SC-065: Convert EVGs
into RFC 3647 format pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">We still have a
disagreement so please allow me one more
attempt to clarify my position because
it seems you didn't check the links
included in my previous post. I will
copy some of that text here for
convenience.</span><o:p></o:p></p>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">On 1/12/2023
11:31 μ.μ., Tim Hollebeek wrote:</span><o:p></o:p></div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">No.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">IETF has both
Normative and Informative RFCs. While
it is true that compliance with a
Normative RFC is voluntary, if you do
choose to comply, the RFC has
requirements stated in RFC 2119
standards language that make it clear
what the compliance rules are.
Informative RFCs like 3647 do not have
any normative requirements at all.
They merely contain information.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">“all sections
of the RFC 3647 framework” is fine,
this covers the sections enumerated in
RFC 3647 section 4, which includes the
TOP TWO levels of an outline in
numbered form, e.g. the requirements
for section 3.2 are described in RFC
3647 section 4.3.2. There is no RFC
3647 section 4.3.2.1, which proves my
point. RFC 3647 only has a two level
outline structure.</span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
I think I might have a hint on our
disconnect. RFC 3647 has an indicative
Table of Contents in Chapter 6 (<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_datatracker.ietf.org_doc_html_rfc3647-2Asection-2D6-5F-5F-3BIw-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBKp-5FQdGmg-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=cp3VExDM2DhLCKZSB-C46rsVM45LgWuB6qsMlwtjSHY&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">https://datatracker.ietf.org/doc/html/rfc3647#section-6</a>)
outlining the proposed CP/CPS sections
and subsections using 3 levels.<br>
<br>
Here is the text of the opening
paragraph of that section (emphasis
added):<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> This section contains a recommended outline for a set of provisions,<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> intended to serve as a checklist or (with some further development) a<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> standard template for use by CP or CPS writers. Such a common<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> outline will facilitate:<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> <o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> (a) Comparison of two certificate policies during cross-<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> certification or other forms of interoperation (for the purpose<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> of equivalency mapping).<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> <o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> (b) Comparison of a CPS with a CP to ensure that the CPS faithfully<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> implements the policy.<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> <o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> (c) Comparison of two CPSs.<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> <o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"><b> In order to comply with the RFC, the drafters of a compliant CP or</b><o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"><b> CPS are strongly advised to adhere to this outline.</b> While use of an<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> alternate outline is discouraged, it may be accepted if a proper<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> justification is provided for the deviation and a mapping table is<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> provided to readily discern where each of the items described in this<o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"> outline is provided.<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
The reason the CA/B Forum BRs were
structured according to this outline was
to assist with comparisons between
CP/CPS documents of different CAs,
making the review of these documents
easier.<br>
<br>
That's why you see sections like 1.5.4
"CPS approval procedures" in the BRs as
an empty section with "No Stipulation".
There are many such sections in the BRs,
all coming from section 6 of RFC 3647.<br>
<br>
I hope this is clearer now.<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">BR Section
2.2 needs to be re-written, as there
are no materials required by RFC 3647
(because RFC 3647 contains no
requirements). It needs to say
something like “structured in
accordance with RFC 3647 and MUST
include all sections of the outline
described in section 4” or something
like that. What it says right now
doesn’t capture the intent that you
correctly summarized.</span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
During the last couple of years
reviewing CP/CPS documents, I saw some
uniformity at least in Publicly Trusted
CAs, and they all seem to follow the BRs
structure which comes from the outline
of section 6 of RFC 3647. However, it's
not a bad idea to further clarify BR
section 2.2 to better meet the
expectations.<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">The MSRP
language is better, I think I may have
made all of these same points when it
was being drafted, which is why it
says “section and subsection” (two
levels) and uses “structured according
to” and not “complies with the
requirements of”.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">But anyway,
this is all background that supports
what I’ve been saying all along: BR
3.2 is a RFC 3647 section. BR 3.2.1 *<b>is
not</b>* a RFC 3647 required
section, nor is it even a section that
is even mentioned in RFC 3647. If you
don’t believe me, please go to RFC
3647, Section 4.3.2.1 and read what it
says. OH, WAIT, IT DOESN’T EXIST!<span
class="Apple-converted-space"> </span></span><span
style="font-size: 11pt; font-family: "Segoe UI Emoji", sans-serif;">😊</span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
To my point, BR 3.2.1 IS an RFC 3647
required section as it is explicitly
mentioned in the outline of section 6 of
RFC 3647:<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";">3.2.1 Method to prove possession of private key<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
Details about the contents of that
section can be found in the first bullet
of<span class="Apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_datatracker.ietf.org_doc_html_rfc3647-2Asection-2D4.3.2-5F-5F-3BIw-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBIL19sP-5Fw-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=VVgYrcQHYItvxshaRW05i_oEkdLisu_m-OdTzlBeXn8&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">section
4.3.2 of RFC 3647</a>.<span
class="Apple-converted-space"> </span><br>
<br>
Does that make more sense?<br>
<br>
Dimitris.<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">-Tim</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor blue; border-image: none; padding: 0cm 0cm 0cm 4pt;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">From:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA)<span
class="Apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><dzacharo@harica.gr></a><br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Friday,
December 1, 2023 1:04 PM<br>
<b>To:</b><span
class="Apple-converted-space"> </span>Tim
Hollebeek<span
class="Apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Inigo Barreira<span
class="Apple-converted-space"> </span><a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b><span
class="Apple-converted-space"> </span>CA/B
Forum Server Certificate WG
Public Discussion List<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>Re:
[Servercert-wg] SC-065: Convert
EVGs into RFC 3647 format
pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Hi Tim,<br>
<br>
None of the IETF standards set
policy unless they are invited by
some policy authority :) The BRs set
such policy and "import" some
documents, such as RFC 5280, 3647
and others.<br>
<br>
The BRs in section 1.1 state:<br>
<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">These
Requirements do not address all of
the issues relevant to the
issuance and management of
Publicly-Trusted Certificates. In
accordance with RFC 3647 and to
facilitate a comparison of other
certificate policies and CPSs
(e.g. for policy mapping), this
document includes all sections of
the RFC 3647 framework. However,
rather than beginning with a "no
stipulation" comment in all empty
sections, the CA/Browser Forum is
leaving such sections initially
blank until a decision of "no
stipulation" is made</span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
In addition, section 2.2 states
(emphasis added):<br>
<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">The
Certificate Policy and/or
Certification Practice Statement
MUST be structured in accordance
with RFC 3647 and<span
class="Apple-converted-space"> </span><b>MUST
include all material required by
RFC 3647</b>.</span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
If you go back to the discussions
when the CA/B Forum decide to align
with the "RFC 3647 format", we
agreed to include each and every
section of the outline as a minimum
set.<br>
<br>
MRSP states in section 3.3 (5)
(again, emphasis added):<br>
<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">5. all
CPs, CPSes, and combined CP/CPSes
MUST be structured according to
RFC 3647 and MUST:<br>
<br>
- include<span
class="Apple-converted-space"> </span><b>at
least every section and
subsection defined in RFC 3647</b>;<br>
- only use the words "No
Stipulation" to mean that the
particular document imposes no
requirements related to that
section; and<br>
- contain no sections that are
blank and have no subsections;</span><o:p></o:p></div>
</blockquote>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><br>
So, with all that considered, when
we visit<span
class="Apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_datatracker.ietf.org_doc_html_rfc3647-2Asection-2D6-5F-5F-3BIw-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBKp-5FQdGmg-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=cp3VExDM2DhLCKZSB-C46rsVM45LgWuB6qsMlwtjSHY&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true">section
6 of RFC 3647</a><span
class="Apple-converted-space"> </span>("the
outline"), the expectation is to
include each and every section and
subsection of the outline (up to
three levels).<br>
<br>
CAs are free to add MORE sections
and subsections as they desire, just
like the BRs have done, but we can't
escape or "hijack" an existing RFC
3647 section number. The outline
contains a specific section labeled
as "3.2.1 Method to prove
possession of private key". That
means we cannot re-use the number
3.2.1 for something else.<br>
<br>
I hope this sounds reasonable to
people.<br>
<br>
Dimitris.<br>
<br>
</span><o:p></o:p></p>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">On
1/12/2023 6:51 μ.μ., Tim Hollebeek
wrote:</span><o:p></o:p></div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">This is
unfortunately wrong. There are
lots of misconceptions about RFC
3647 “compliance”.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">The first
point is that RFC 3647 is an
INFORMATIONAL RFC. You can see
this right at the top, where it
says “Category: Informational”.
This means that it contains no
requirements and it’s impossible
to be out of compliance with it.
This is why I put quotes around
“compliance”. Any requirements
around it need to come from
elsewhere, for example, a root
program requirement that requires
a particular document to be in RFC
3647 format. But that’s vague and
informal, because 3647 doesn’t
have requirements, it just has an
outline and suggested contents.
It’s not 100% precise what “MUST
be in RFC 3647 format” means, and
we need to just acknowledge that
(specifying it precisely would be
a colossal waste of time).</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">So what
does “RFC 3647 format” mean? RFC
3647’s outline only covers the
first two levels. So “Section
3.2: Initial Identity Validation”
is a RFC 3647 section header, and
most reasonable interpretations of
“RFC 3647 format” would require it
to exist with that or a
substantially similar name and
contents.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Section
3.2.1, on the other hand, is not
an RFC 3647 section. It’s common
to have a third level of headers
that mirror the “bullet points” in
the suggested content for the
section, but those are just
unordered bullet lists in RFC
3647. Claiming that section 3.2.1
of a document in RFC 3647 must
describe private key protection
goes beyond what RFC 3647 says.
Section 3.2 just “contains the
following elements”, so private
key protection is just one of
several topics that one might
discuss in section 3.2. It could
be section 3.2.1, but it could be
elsewhere in 3.2, and it’s
perfectly fine for 3.2.1 to not
exist, have different content,
etc.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Figuring
out where section 11.1 goes is not
trivial, but at first glance,
section 3.2 is not an unreasonable
choice, and I can understand why
Inigo made it. And there isn’t a
compliance reason why it can’t be
section 3.2.1, if that’s what we
want.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Of
course, we could convert the
recommended bulleted sections to a
numbered list of subsections (we
often do elsewhere), in which case
section 3.2.1 could be “Private
Key Protection” with contents “No
Stipulation”. If we do that, I
suggest we follow the rest of the
bullets as well.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Either
way works.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">-Tim</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor blue; border-image: none; padding: 0cm 0cm 0cm 4pt;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">From:</span></b><span
style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Dimitris Zacharopoulos<span
class="Apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><dzacharo@harica.gr></a><br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Friday, December 1, 2023 10:48 AM<br>
<b>To:</b><span
class="Apple-converted-space"> </span>Inigo Barreira<span
class="Apple-converted-space"> </span><a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b><span
class="Apple-converted-space"> </span>Tim Hollebeek<span
class="Apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
CA/B Forum Server
Certificate WG Public
Discussion List<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>Re: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647
format pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt; font-family: Arial, sans-serif;">We MUST comply
with RFC 3647 which means that
we must include sections that
are listed in the outline of
3647, and if we have nothing
to say, we leave it empty. We
can't "hijack" the numbering
just because we have no
requirements to describe.<span
class="Apple-converted-space"> </span><br>
<br>
That's my interpretation of
the RFC 3647 compliance.
Perhaps others can chime in
and state their opinion.<br>
<br>
<br>
Thanks,<span
class="Apple-converted-space"> </span></span><o:p></o:p></div>
</div>
<div>
<p><span
style="font-family: Arial, sans-serif;">DZ.</span><o:p></o:p></p>
</div>
<div>
<div>
<p><span
style="font-family: Arial, sans-serif;">Dec 1, 2023 14:50:23 Inigo
Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>:</span><o:p></o:p></p>
</div>
<blockquote
style="border-width: medium medium medium 2.25pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor rgb(204, 204, 204); border-image: none; padding: 0cm 0cm 0cm 8pt; margin: 5pt 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Thanks
Dimitris.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">I think that
strictly speaking, in RFC
3647 this section is the
4.3.2 Initial Identity
Validation and the first
bullet is about proving the
possession of the private
key, but there´s no specific
section other than the
general approach that we´ve
implemented.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">That said, the
current EVG does not include
anything about the
possession of the private
key because that´s covered
in the TLS BRs so that
section does not exist in
the EVGs and therefore I
didn´t know how to
avoid/implement it.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">I decided to
continue with the normal
numbering for an easy
checking, so all 11 section
is moved into section 3.2
and the rest of the
sub-numbers do not change
(so 11.1 would be 3.2.1,
11.1.1 would be 3.2.1.1,
etc.)</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">I understand
your point but I think we
can´t create a section 3.2.1
for private key possession
because there´s no such a
text in the EVGs (and don´t
think we should add anything
new, even a NA for that) and
don´t know which other
sections we can create under
3.2 that can break the
current equivalence, which
again was done for an easy
comparison.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">So, what would
you suggest to “comply” with
that? I don´t have a clear
idea.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">Regards</span><o:p></o:p></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">De:</span></b><span style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)
<<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>><br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>jueves, 30 de noviembre de 2023
13:16<br>
<b>Para:</b><span
class="Apple-converted-space"> </span>Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>; Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>; CA/B
Forum Server Certificate
WG Public Discussion
List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>Re: [Servercert-wg] SC-065:
Convert EVGs into RFC
3647 format pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="border: 1pt solid black; padding: 2pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="">CAUTION: This
email originated from
outside of the
organization. Do not click
links or open attachments
unless you recognize the
sender and know the
content is safe.</span><o:p></o:p></div>
</div>
<div>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Inigo,<br>
<br>
As I am working to migrate
the EV Guidelines into the
EV Code Signing Baseline
Requirements I took a look
at the mapping you
provided for the EV
Guidelines and noticed
that you are proposing
migration of EVG section
11.1 into section 3.2.1.
This particular section is
labeled "Method to prove
possession of private key"
in RFC 3647 so I don't
think it is appropriate. I
think it's best to create
new subsections under 3.2.<br>
<br>
Thanks,<br>
Dimitris.</span><o:p></o:p></p>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">On
8/9/2023 7:54 μ.μ.,
Inigo Barreira wrote:</span><o:p></o:p></div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Hi
all,<span
class="Apple-converted-space"> </span></span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">Attached
you´ll find the EVG
v1.8.0 with comments in
all sections indicating
where those sections,
and the content, have
been moved into the new
EVG RFC3647 format. So,
with this document, plus
the redlined version, I
hope you can have now a
clearer view of the
changes done.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">Let me know
if you need anything
else to clarify the new
version.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">Regards</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">De:</span></b><span style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Inigo Barreira<span
class="Apple-converted-space"> </span><a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>martes, 29 de agosto de 2023 17:06<br>
<b>Para:</b><span
class="Apple-converted-space"> </span>Tim Hollebeek<span
class="Apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Dimitris
Zacharopoulos
(HARICA)<span
class="Apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><dzacharo@harica.gr></a>;
CA/B Forum Server
Certificate WG
Public Discussion
List<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>RE: [Servercert-wg] SC-065:
Convert EVGs into
RFC 3647 format
pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">Thanks
Dimitris and Tim.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">I did
something of that
internally but didn´t
reflect on the document,
so will try to reproduce
to have it clearer.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">OTOH, and
as indicated in the PR,
the whole section 11 has
been placed in section
3.2 keeping the rest of
the numbering. So, for
example:</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">EVG
EVG3647</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.1
3.2.1</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.1.1
3.2.1.1</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.1.2
3.2.1.2</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.1.3
3.2.1.3</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.2
3.2.2</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.2.1
3.2.2.1</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">…..
…. </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.13
3.2.13</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.14
3.2.14</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.14.1
3.2.14.1</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.14.2
3.2.14.2</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">11.14.3
3.2.14.3</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">Hope this
can clarify the main
difficult that I found
in the document, where
to place it and how.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB">Regards</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;" lang="EN-GB">De:</span></b><span
style="font-size: 11pt;" lang="EN-GB"><span
class="Apple-converted-space"> </span>Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>martes, 29 de agosto de 2023 16:59<br>
<b>Para:</b><span
class="Apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)
<<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>; Inigo Barreira
<<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>; CA/B
Forum Server
Certificate WG
Public Discussion
List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>RE: [Servercert-wg] SC-065:
Convert EVGs into
RFC 3647 format
pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"
lang="EN-GB"> </span><o:p></o:p></div>
<div
style="border: 1pt solid black; padding: 2pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="">CAUTION: This
email originated from
outside of the
organization. Do not
click links or open
attachments unless you
recognize the sender
and know the content
is safe.</span><o:p></o:p></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 12pt; font-family: "Times New Roman", serif;"> </span><o:p></o:p></div>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Yes, exactly. I would like to see a list that
shows that EVG-classic
section 1.4 is now in
EVG-3647 section 4.1.
Then I can look at
where the new text
landed, see how the
conversion was
handled, we can all
verify that nothing
was lost or left out,
etc.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Without that, anyone attempting to review the
document is forced to
recreate the mapping
just to figure out
where everything went
and that nothing was
missed or put in the
wrong place. Redlines
are not sufficient
when large amounts of
text are moving around
to different places.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">I’m saying this because from my spot-checking,
the conversion appears
to be pretty good, and
I’d like to be able to
do a final
verification that it’s
mostly correct so I
can endorse.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">-Tim</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor blue; border-image: none; padding: 0cm 0cm 0cm 4pt;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">From:</span></b><span style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA)
<<a
href="mailto:dzacharo@harica.gr"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">dzacharo@harica.gr</span></a>><br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Tuesday, August 29, 2023 7:58 AM<br>
<b>To:</b><span
class="Apple-converted-space"> </span>Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">Inigo.Barreira@sectigo.com</span></a>>;
CA/B Forum
Server
Certificate WG
Public
Discussion List
<<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">servercert-wg@cabforum.org</span></a>>;
Tim Hollebeek
<<a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">tim.hollebeek@digicert.com</span></a>><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>Re: [Servercert-wg] SC-065:
Convert EVGs
into RFC 3647
format
pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Hi Inigo,<br>
<br>
You can take some
guidance from
previous successful
efforts to convert
existing documents
into RFC 3647
format. The latest
attempt was in the
Code Signing BRs
conversion in May
2022. Check out the
mapping document and
the comments in the<span
class="Apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_lists.cabforum.org_pipermail_cscwg-2Dpublic_2022-2DMay_000795.html-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBLzwUxa3A-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=TGjiVAjhtCpZQCCjIYU8mS3GeEAe0BeKPM0KSCsbZZU&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">ballot
discussion
period</span></a>.<br>
<br>
For each existing
section/paragraph,
it would be nice to
have a comment
describing where
that existing
language will land
in the converted
document
(destination). This
will allow all
existing text to be
accounted for.<br>
<br>
During this process,
you might encounter
duplicate or
redundant text which
needs to be flagged
accordingly. You
might also get into
some uncertainty as
to which RFC3647
section is a best
fit for existing
text that might
require additional
discussion.<br>
<br>
I hope this helps.<br>
<br>
<br>
Dimitris.</span><o:p></o:p></p>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">On 29/8/2023 12:42 μ.μ., Inigo Barreira via
Servercert-wg
wrote:</span><o:p></o:p></div>
</div>
<blockquote
style="margin-top: 5pt; margin-bottom: 5pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Hi Tim,</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">See attached redlined and current
versions. I just
used what Martijn
suggested
yesterday but let
me know if this is
what you were
looking for.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB">Regards</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;" lang="EN-GB"> </span><o:p></o:p></div>
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">De:</span></b><span style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Tim Hollebeek<span
class="Apple-converted-space"> </span><a
href="mailto:tim.hollebeek@digicert.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US"><tim.hollebeek@digicert.com></span></a><br>
<b>Enviado el:</b><span
class="Apple-converted-space"> </span>lunes, 28 de agosto de 2023 19:49<br>
<b>Para:</b><span
class="Apple-converted-space"> </span>Inigo Barreira<span
class="Apple-converted-space"> </span><a
href="mailto:Inigo.Barreira@sectigo.com"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US"><Inigo.Barreira@sectigo.com></span></a>;
CA/B Forum
Server
Certificate WG
Public
Discussion
List<span
class="Apple-converted-space"> </span><a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US"><servercert-wg@cabforum.org></span></a><br>
<b>Asunto:</b><span
class="Apple-converted-space"> </span>RE: SC-065: Convert EVGs into RFC
3647 format
pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border: 1pt solid black; padding: 2pt;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif; line-height: 12pt; background: rgb(250, 250, 3);"><span
style="">CAUTION:
This email
originated from
outside of the
organization. Do
not click links
or open
attachments
unless you
recognize the
sender and know
the content is
safe.</span><o:p></o:p></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Thanks for doing this Inigo … I know
re-organizations
like this are a
lot of work and
fall very much
in the category
of “important
but not fun”.
So thanks for
taking an
initial stab at
this.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Is there a mapping that shows where all the
original text
ended up? I
think that’s
going to be
essential for
people to be
able to review
this. I did
some spot
checking, and
your conversion
looks pretty
good, but I
wasn’t able to
do a more
detailed review
without a
mapping.</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">-Tim</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="border-width: medium medium medium 1.5pt; border-style: none none none solid; border-color: currentcolor currentcolor currentcolor blue; border-image: none; padding: 0cm 0cm 0cm 4pt;">
<div>
<div
style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentcolor currentcolor; border-image: none; padding: 3pt 0cm 0cm;">
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 11pt;">From:</span></b><span style="font-size: 11pt;"><span
class="Apple-converted-space"> </span>Servercert-wg <<a
href="mailto:servercert-wg-bounces@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">servercert-wg-bounces@cabforum.org</span></a>><span
class="Apple-converted-space"> </span><b>On Behalf Of<span
class="Apple-converted-space"> </span></b>Inigo Barreira via
Servercert-wg<br>
<b>Sent:</b><span
class="Apple-converted-space"> </span>Monday, August 28, 2023 5:20 AM<br>
<b>To:</b><span
class="Apple-converted-space"> </span>CA/B Forum Server Certificate WG
Public
Discussion
List <<a
href="mailto:servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">servercert-wg@cabforum.org</span></a>><br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>[Servercert-wg] SC-065: Convert
EVGs into RFC
3647 format
pre-ballot</span><o:p></o:p></div>
</div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Hello,</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">The current Extended Validation Guidelines
(EVGs) are
written in a
non-standardized
format. For
many years it
has been
discussed to
convert this
document into
the RFC 3647
format and
follow the
standardized
model for this
type of
documents.<span
class="Apple-converted-space"> </span></span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Given that this has been known for several
years, I have
prepared the
following
ballot text,
which converts
the EVGs into
the RFC 3647
format:</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_url.avanan.click_v2_-5F-5F-5Fhttps-3A_github.com_cabforum_servercert_pull_440-5F-5F-5F.YXAzOmRpZ2ljZXJ0OmE6bzoyOGIxNWVhZGVmZDlkZTM0NjQzZTA3YTlmYTA2MzM5YTo2OmExZWM6NGZmMGEzM2U0ZWZjOTU4MTM1NWRkNjU3ZDE5YjU3Y2YxNzg1NWU0ZTVjYzkzY2NjM2M0MWU5MzEyYzJmZTQ0NzpoOkY-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBKpiKVP6w-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=4LtAX3juZdnfOu4veRi4pBALPtRI-GZYgeAImFWYm9Y&e="
title="Protected by Avanan: https://github.com/cabforum/servercert/pull/440"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-GB">EVGs
based on
RFC3647 by
barrini · Pull
Request #440 ·
cabforum/servercert (github.com)</span></a></span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">I am currently seeking two endorsers as well as
any feedback
on the ballot
content itself
(wording,
effective
dates, etc.).</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;">Thanks,</span><o:p></o:p></div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
</div>
</div>
<p class="MsoNormal"
style="margin: 0cm 0cm 12pt; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></p>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"><span>_______________________________________________</span><o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"><span>Servercert-wg mailing list</span><o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"><span><a
href="mailto:Servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">Servercert-wg@cabforum.org</span></a></span><o:p></o:p></pre>
<pre
style="margin: 0cm; font-size: 10pt; font-family: "Courier New";"><span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A_lists.cabforum.org_mailman_listinfo_servercert-2Dwg-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz-5Foc-2DH9s1zZDBI3Tfxaxw-24&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=yeobGHenyzbD__BZjEynW1bSj_O1h07XqBgobkCMO5w&e="
style="color: blue; text-decoration: underline;" moz-do-not-send="true"><span
lang="EN-US">https://lists.cabforum.org/mailman/listinfo/servercert-wg</span></a></span><o:p></o:p></pre>
</blockquote>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
</div>
</blockquote>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
</div>
</blockquote>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"> </span><o:p></o:p></div>
</div>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><i><span
style="font-size: 11pt;">Any email and
files/attachments transmitted with it are
intended solely for the use of the
individual or entity to whom they are
addressed. If this message has been sent to
you in error, you must not copy, distribute
or disclose of the information it contains.<span
class="Apple-converted-space"> </span><u>Please
notify Entrust immediately and delete the
message from your system.</u></span></i><span
style="font-size: 11pt;"><o:p></o:p></span></div>
</blockquote>
<div
style="margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif;"><span
style="font-size: 11pt;"><o:p> </o:p></span></div>
</div>
</div>
</div>
<span
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">_______________________________________________</span><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">Servercert-wg
mailing list</span><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<a href="mailto:Servercert-wg@cabforum.org"
style="color: blue; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"
moz-do-not-send="true" class="moz-txt-link-freetext">Servercert-wg@cabforum.org</a><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=NI2v6X_p5sLdAuQxYnL49SedZwqRk1slWN8V5zVZkQs&e="
style="color: blue; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"
moz-do-not-send="true">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=wsg-TdwvnM_b-Pg3U1XTwuszyojufD0lb45hNqvXdBXdCbT5NwVJ3w_4u0QY-JUd&s=NI2v6X_p5sLdAuQxYnL49SedZwqRk1slWN8V5zVZkQs&e=</a></div>
</blockquote>
</div>
<br>
<div>
<meta charset="UTF-8">
<div dir="auto"
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div dir="auto"
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div dir="auto"
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<div
style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><font
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;"><b><font
style="font-size: 11px;"
color="#f62400"><br
class="Apple-interchange-newline">
WISeKey SA<br>
</font></b></font>
<div
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font
style="color: rgb(0, 0, 0); font-size: 12px; font-weight: normal; font-style: normal;"><span
style="font-size: 11px;"><b>Pedro
Fuentes<br>
</b>CSO - Trust Services Manager</span><br>
<font size="1">Office: + 41 (0) 22 594
30 00<br>
Mobile: + 41 (0) </font></font><span
style="color: rgb(0, 0, 0); font-size: x-small; font-weight: normal; font-style: normal;">791
274 790</span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"><font
size="1">Address: </font></font><font
size="1">Avenue Louis-Casaï 58 | </font><span
style="font-size: x-small;">1216
Cointrin | Switzerland</span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font><font
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"
size="1"><b>Stay connected with <a
href="http://www.wisekey.com"
moz-do-not-send="true"><font
color="#f62400">WISeKey</font></a><br>
</b></font></font><span
style="caret-color: rgb(0, 0, 0); color: rgb(169, 169, 169); font-size: 10px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; orphans: 2; widows: 2;"><br>
</span></div>
<div
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;">
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span
style="orphans: 2; widows: 2;"><font
size="1" color="#78a600"><b>THIS
IS A TRUSTED MAIL</b>: This
message is digitally signed with a
WISeKey identity. If you get a
mail from WISeKey please check
the signature to avoid security
risks</font></span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span
style="orphans: 2; widows: 2; font-size: 9px;"><font color="#a9a9a9"><br>
</font></span></div>
<div
style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;">
<div style="orphans: 2; widows: 2;"><font
style="font-size: 9px;"
color="#a9a9a9"><b>CONFIDENTIALITY: </b>This
email and any files
transmitted with it can be
confidential and it’s intended
solely for the use of
the individual or entity to which
they are addressed. If you are not
the named addressee you should not
disseminate, distribute or copy
this e-mail. If you have
received this email in error
please notify the sender</font></div>
<div style="orphans: 2; widows: 2;"><font
style="font-size: 9px;"
color="#a9a9a9"><br>
</font></div>
<div style="orphans: 2; widows: 2;"><font
style="font-size: 9px;"
color="#a9a9a9"><b>DISCLAIMER: </b>WISeKey
does not warrant the accuracy
or completeness of this message
and does not accept any liability
for any errors or omissions herein
as this message has
been transmitted over a public
network. Internet
communications cannot be
guaranteed to be secure or
error-free as information may be
intercepted, corrupted, or contain
viruses. Attachments to this
e-mail are checked for viruses;
however, we do not accept any
liability for any damage sustained
by viruses and therefore you are
kindly requested to check for
viruses upon receipt.</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>