<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Inigo,<br>
<br>
Can you please point me to the latest draft of the ballot/redline?
I'd like to take a look and compare against my work of <a
href="https://github.com/cabforum/code-signing/compare/main...importEVG">importing
the EV Guidelines into the CSBRs</a> and the mapping file
(attached).<br>
<br>
Of course, this work is different from a plain conversion of the
existing EVG into RFC 3647, but it might be worth to consider the
CSBR work and find possible better locations for some text. <br>
<br>
As mentioned at the last meeting, we need to also update the BRs in
the same ballot to update possible references to the EV Guidelines.<br>
<br>
<br>
Best regards,<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 8/2/2024 11:20 μ.μ., Pedro FUENTES
via Servercert-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100018d8a97c833-db81e7df-61f5-4a2b-bc3a-3b0ea290c000-000000@email.amazonses.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Count me in</div>
<div dir="ltr"><br>
<blockquote type="cite">Le 8 févr. 2024 à 18:53, Inigo Barreira
via Servercert-wg <a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a> a écrit :<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face { font-family: Wingdings; }@font-face { font-family: "Cambria Math"; }@font-face { font-family: Calibri; }@font-face { font-family: Aptos; }@font-face { font-family: "Segoe UI Emoji"; }@font-face { font-family: Consolas; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0cm; font-size: 10pt; font-family: Calibri, sans-serif; }a:link, span.MsoHyperlink { color: blue; text-decoration: underline; }pre { margin: 0cm; font-size: 10pt; font-family: "Courier New"; }p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph { margin: 0cm 0cm 0cm 36pt; font-size: 10pt; font-family: Calibri, sans-serif; }span.HTMLconformatoprevioCar { font-family: Consolas; }span.EstiloCorreo24 { font-family: Aptos, sans-serif; color: windowtext; }.MsoChpDefault { font-size: 10pt; }div.WordSection1 { page: WordSection1; }ol { margin-bottom: 0cm; }ul { margin-bottom: 0cm; }</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">As mentioned in the past SCWG call, I´m
looking for 2 endorsers for this ballot.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt">De:</span></b><span
style="font-size:11.0pt"> Servercert-wg
<a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg-bounces@cabforum.org"><servercert-wg-bounces@cabforum.org></a> <b>En
nombre de </b>Inigo Barreira via Servercert-wg<br>
<b>Enviado el:</b> viernes, 19 de enero de 2024
13:28<br>
<b>Para:</b> CA/B Forum Server Certificate WG Public
Discussion List <a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a>;
Dimitris Zacharopoulos (HARICA)
<a class="moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr"><dzacharo@harica.gr></a>; Bruce Morton
<a class="moz-txt-link-rfc2396E" href="mailto:Bruce.Morton@entrust.com"><Bruce.Morton@entrust.com></a>; Tim Hollebeek
<a class="moz-txt-link-rfc2396E" href="mailto:tim.hollebeek@digicert.com"><tim.hollebeek@digicert.com></a><br>
<b>Asunto:</b> Re: [Servercert-wg] SC-065: Convert
EVGs into RFC 3647 format pre-ballot<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black">CAUTION: This email originated
from outside of the organization. Do not click links
or open attachments unless you recognize the sender
and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US">Hi
all,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">As per yesterday´s SCWG call, I´ve also
updated the BRs with the new section numbers of the
EVG. Only 2 sections have been affected and therefore
updated. <o:p></o:p></span></p>
<p class="MsoNormal">Section 3.2.2.4.7<o:p></o:p></p>
<p class="MsoNormal">EVG 11.14.3 <span
style="font-family:Wingdings">à</span> 3.2.2.14.3<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Section 7.1.2.7.5<o:p></o:p></p>
<p class="MsoNormal">EVG 9.2 <span
style="font-family:Wingdings">à</span> 7.1.4.2<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">You can find all the information in the
PR 440, </span><span style="font-size:11.0pt"><a
href="https://github.com/cabforum/servercert/pull/440/commits"
moz-do-not-send="true"><span lang="EN-GB">EVGs based
on RFC3647 by barrini · Pull Request #440 ·
cabforum/servercert (github.com)</span></a></span><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">First, I had to update the current
version of the BRs I was working with (2.0.0) to the
current one (2.0.2) and then make the changes to the
newest one.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt">De:</span></b><span
style="font-size:11.0pt"> Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>
<br>
<b>Enviado el:</b> viernes, 15 de diciembre de
2023 12:42<br>
<b>Para:</b> Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
CA/B Forum Server Certificate WG Public Discussion
List <<a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Dimitris Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>;
Bruce Morton <<a
href="mailto:Bruce.Morton@entrust.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b> RE: [Servercert-wg] SC-065: Convert
EVGs into RFC 3647 format pre-ballot<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US">Hi
everyone<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">As per last week discussion during the
SCWG, we agreed to follow section 6 of the RFC 3647
for the new EVG format.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">With that in mind, I´ve updated the
correspondent PR (#440) to reflect it that way, so:<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Changed section 1.1 name from scope to
overview<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Created a new section 3.2.1 for
possession of the private key<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Moved all the other stuff of the old
section 11 to a “new” section 3.2.2 for organization
identity.<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Also created the remaining ones, 3.2.3,
3.2.4, etc.<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Update section 8 removing section 8.1
and renumbering the others and putting the self
audits under 8.1 and leaving section 8.7 for
readiness audits because don´t know where it can fit
better (this section does not exist in RFC 3647
section 6)<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Checked all links<o:p></o:p></span></li>
</ul>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">In any case, see the comparison here: </span><a
href="https://github.com/cabforum/servercert/compare/90a98dc7c1131eaab01af411968aa7330d315b9b...238ff99fbe04f2aa24f2c58910d8133f2283f11e"
moz-do-not-send="true"><span lang="EN-GB">Comparing
90a98dc7c1131eaab01af411968aa7330d315b9b...238ff99fbe04f2aa24f2c58910d8133f2283f11e
· cabforum/servercert (github.com)</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-GB">If you´re ok with this change, we can
move forward a propose the ballot for which I´ll need
2 endorsers.</span><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt">De:</span></b><span
style="font-size:11.0pt"> Servercert-wg <<a
href="mailto:servercert-wg-bounces@cabforum.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg-bounces@cabforum.org</a>>
<b>En nombre de </b>Inigo Barreira via
Servercert-wg<br>
<b>Enviado el:</b> jueves, 7 de diciembre de 2023
13:08<br>
<b>Para:</b> Dimitris Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>;
Bruce Morton <<a
href="mailto:Bruce.Morton@entrust.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>;
CA/B Forum Server Certificate WG Public Discussion
List <<a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b> Re: [Servercert-wg] SC-065: Convert
EVGs into RFC 3647 format pre-ballot<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black">CAUTION: This email originated
from outside of the organization. Do not click links
or open attachments unless you recognize the sender
and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US">Hi
there,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US">See
the comparing one.<o:p></o:p></span></p>
<p class="MsoNormal"><a
href="https://github.com/cabforum/servercert/compare/90a98dc7c1131eaab01af411968aa7330d315b9b...13b4f85a494fefa52510512a2fb3c4d7c77a7a36"
moz-do-not-send="true"><span lang="EN-GB">Comparing
90a98dc7c1131eaab01af411968aa7330d315b9b...13b4f85a494fefa52510512a2fb3c4d7c77a7a36
· cabforum/servercert (github.com)</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards<span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">De:</span></b><span
style="font-size:11.0pt"> Dimitris Zacharopoulos
(HARICA) <<a href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>
<br>
<b>Enviado el:</b> lunes, 4 de diciembre de 2023
22:18<br>
<b>Para:</b> Bruce Morton <<a
href="mailto:Bruce.Morton@entrust.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Bruce.Morton@entrust.com</a>>;
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>;
CA/B Forum Server Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>><br>
<b>Asunto:</b> Re: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647 format pre-ballot<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black">CAUTION: This email originated
from outside of the organization. Do not click
links or open attachments unless you recognize the
sender and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 4/12/2023 9:22 μ.μ., Bruce
Morton wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">I
thought an intriguing promise of doing documents
in Github and in the same format is that we
would see the requirements in the same section,
which would allow for better management. Also,
the proposal Paul brought forward for the BR of
BRs would work much better if we use the same
sections. I guess I am encouraging the move of
EV from a non-standard format to a sort of
standard RFC 3647 format would be to help
provide document alignment.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">+1
to Dimitris original suggestion.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<ul type="disc">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo6"><span
style="font-size:11.0pt"><a
href="https://github.com/cabforum/code-signing/compare/main...importEVG"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://github.com/cabforum/code-signing/compare/main...importEVG</a><o:p></o:p></span></li>
</ul>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:11.0pt">This is currently WIP,
maintaining the numbering of RFC 3647 section 6,
and moving the EV Guidelines sections referenced
by the CSBRs into new sections. We've done these
conversions in the past and they worked pretty
well, leading to consistently structured policy
documents across the ecosystem.<br>
<br>
It's not perfect but it tries to move requirements
to where RFC 3647 and the BRs expect them to be.
For example, section 11.14 of the EV Guidelines
talks about re-use of existing documentation which
fits into section 4.2.1 of the BRs.<br>
<br>
<br>
Thanks,<br>
Dimitris.<o:p></o:p></span></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks,
Bruce.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Servercert-wg <a
href="mailto:servercert-wg-bounces@cabforum.org" moz-do-not-send="true"><servercert-wg-bounces@cabforum.org></a>
<b>On Behalf Of </b>Inigo Barreira via
Servercert-wg<br>
<b>Sent:</b> Monday, December 4, 2023 2:15 PM<br>
<b>To:</b> Dimitris Zacharopoulos (HARICA) <a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"><dzacharo@harica.gr></a>;
Tim Hollebeek <a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"><tim.hollebeek@digicert.com></a><br>
<b>Cc:</b> CA/B Forum Server Certificate WG
Public Discussion List <a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b> [EXTERNAL] Re: [Servercert-wg]
SC-065: Convert EVGs into RFC 3647 format
pre-ballot</span><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-line-height-alt:.75pt"><span
style="font-size:1.0pt;color:white">Dimitris,
I think that we should focus on the EVG not on
the CP/CPS. The CA´s CP/CPS will have that
3. 2. 1 section because it´s in the TLS BRs
but that does not mean that the EVG must have
also that section 3. 2. 1 (BTW, the section
exist in the </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US">Dimitris,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US" lang="EN-GB">I think
that we should focus on the EVG not on the
CP/CPS. The CA´s CP/CPS will have that 3.2.1
section because it´s in the TLS BRs but that
does not mean that the EVG must have also that
section 3.2.1 (BTW, the section exist in the TLS
BRs but with no content). At the end of the day,
every CA issuing TLS certs will have to follow
the TLS BRs and EVGs and then accommodate their
CP/CPSes according to both documents. </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US" lang="EN-GB">I
understand your point to be stricter in the
implementation of that specific point but for
every CA to change/update their current CP/CPS
with the new EVG in the RFC 3647 format, would
find it easier to where to make those
changes/adjustments in their own CP/CPS if we
can convert easily the current section 11 into
3.2 and not to start looking into different
numbers to make that change.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US" lang="EN-GB">Regards</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US" lang="EN-GB"> </span><o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">De:</span></b><span
style="font-size:11.0pt"> Dimitris
Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>
<br>
<b>Enviado el:</b> lunes, 4 de diciembre de
2023 20:02<br>
<b>Para:</b> Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>;
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>><br>
<b>CC:</b> CA/B Forum Server Certificate WG
Public Discussion List <<a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b> Re: [Servercert-wg] SC-065:
Convert EVGs into RFC 3647 format pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black">CAUTION: This email
originated from outside of the organization.
Do not click links or open attachments unless
you recognize the sender and know the content
is safe.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:11.0pt">FWIW, there are
informational RFCs that include SHOULD
requirements (I didn't check for other
informational RFCs that might contain SHALL
requirements). Take a look at <a
href="https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc8894__;!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBI0YJAc7w$"
moz-do-not-send="true">RFC 8894</a>.<br>
<br>
I agree that there seems to be some ambiguity
in the REQUIRED CP/CPS structure but the
entire reasoning behind using the "RFC 3647
format" was to align CP and CPS documents so
that comparisons can be made across different
CAs. If one CA reads that they must follow a
2-level structure based on section 4, and
another CA reads that they must follow the
structure of section 6 of the RFC, we're not
meeting the goal for alignment and easy
comparisons.<br>
<br>
Digicert's CPS seems to follow the structure
of section 6 of RFC 3647. Has anyone spotted a
CPS claiming compliance with the TLS BRs that
is not following the section 6 structure of
3647?<br>
<br>
If all existing public CAs follow the
structure of section 6 of 3647 in their CP/CPS
documents, we can just clarify that the
expectation is what Ben mentioned in <a
href="https://urldefense.com/v3/__https:/github.com/BenWilson-Mozilla/pkipolicy/commit/1a94642cb95017cf382e4e93811db16a2342a806__;!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBIIavReJg$"
moz-do-not-send="true">https://github.com/BenWilson-Mozilla/pkipolicy/commit/1a94642cb95017cf382e4e93811db16a2342a806</a>,
so that we address this ambiguity. We probably
don't even need an effective date if it causes
no issue on existing CAs.<br>
<br>
My point is that if we leave this open to
interpretation, we can't compare CP/CPS
sections across multiple CAs efficiently, and
this defeats the whole purpose of the
requirement to structure CP/CPS documents
according to RFC 3647. We might as well
abandon the idea of converting the EV
Guidelines into that format.<br>
<br>
I believe that the intent has always been to
enforce a "stricter" alignment. But if indeed
there are deviations, I'd support some
stricter language to align CP/CPS documents
according to section 6 of RFC 3647 even with a
future effective date :)<br>
<br>
<br>
Dimitris.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt">On 4/12/2023 7:27
μ.μ., Tim Hollebeek wrote:</span><o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">Yeah, the fact that
the section 6 outline goes deeper than the
actual described format in section 4 is
annoying, and you’re right, it’s probably
the source of these disagreements. I always
look at section 4, because it has the actual
guidance about what sort of information
should be considered for inclusion.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">This is what
happens when people try to turn
informational documents into normative
requirements. You have to try to interpret
what phrases like “are strongly advised to
adhere”, which isn’t even a RFC 2119
SHOULD. And it can’t even be a SHOULD,
because as an informational RFC, it is
prohibited from having requirements, even
SHOULDs! That’s why it’s written that way.
Also, informational RFCs are not examined as
closely for inconsistencies (because there
are no requirements!) which is how
divergences like section 4 vs 6 happen. It
wasn’t intended to be used as a compliance
document.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">I still think what
Inigo did is perfectly fine, although there
are lots of other perfectly fine solutions,
too. What we need to be discussing is
what’s best for us, not RFC 3647 requires,
because RFC 3647 has infinite leeway. As
Aaron and I have been pointing out, you’ll
find lots of divergences at level three, and
there’s even lots of additional content in
level two, just because a lot of newer
content doesn’t really have a good fit in
RFC 3647.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">Now, that said, we
might want to be more strict in the future,
and if we choose to do so, we can be. I just
don’t want people overstating what the rules
actually are, because a lot of people’s time
has been wasted enforcing RFC 3647 in a way
that is far stricter than was ever intended
(one of the reasons I’m so vocal on this
issue is because I got this point of view
from one of the original authors).</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">-Tim</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Dimitris
Zacharopoulos (HARICA) <a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"><dzacharo@harica.gr></a>
<br>
<b>Sent:</b> Saturday, December 2,
2023 5:26 AM<br>
<b>To:</b> Tim Hollebeek <a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Inigo Barreira <a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b> CA/B Forum Server
Certificate WG Public Discussion List
<a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b> Re: [Servercert-wg]
SC-065: Convert EVGs into RFC 3647
format pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt">We still have a
disagreement so please allow me one more
attempt to clarify my position because it
seems you didn't check the links included
in my previous post. I will copy some of
that text here for convenience.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt">On 1/12/2023
11:31 μ.μ., Tim Hollebeek wrote:</span><o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">No.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">IETF has both
Normative and Informative RFCs. While
it is true that compliance with a
Normative RFC is voluntary, if you do
choose to comply, the RFC has
requirements stated in RFC 2119
standards language that make it clear
what the compliance rules are.
Informative RFCs like 3647 do not have
any normative requirements at all. They
merely contain information.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">“all sections
of the RFC 3647 framework” is fine, this
covers the sections enumerated in RFC
3647 section 4, which includes the TOP
TWO levels of an outline in numbered
form, e.g. the requirements for section
3.2 are described in RFC 3647 section
4.3.2. There is no RFC 3647 section
4.3.2.1, which proves my point. RFC
3647 only has a two level outline
structure.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
I think I might have a hint on our
disconnect. RFC 3647 has an indicative
Table of Contents in Chapter 6 (<a
href="https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3647*section-6__;Iw!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBKp_QdGmg$"
moz-do-not-send="true">https://datatracker.ietf.org/doc/html/rfc3647#section-6</a>)
outlining the proposed CP/CPS sections and
subsections using 3 levels.<br>
<br>
Here is the text of the opening paragraph
of that section (emphasis added):</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre> This section contains a recommended outline for a set of provisions,<o:p></o:p></pre>
<pre> intended to serve as a checklist or (with some further development) a<o:p></o:p></pre>
<pre> standard template for use by CP or CPS writers. Such a common<o:p></o:p></pre>
<pre> outline will facilitate:<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> (a) Comparison of two certificate policies during cross-<o:p></o:p></pre>
<pre> certification or other forms of interoperation (for the purpose<o:p></o:p></pre>
<pre> of equivalency mapping).<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> (b) Comparison of a CPS with a CP to ensure that the CPS faithfully<o:p></o:p></pre>
<pre> implements the policy.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> (c) Comparison of two CPSs.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre><b> In order to comply with the RFC, the drafters of a compliant CP or</b><o:p></o:p></pre>
<pre><b> CPS are strongly advised to adhere to this outline.</b> While use of an<o:p></o:p></pre>
<pre> alternate outline is discouraged, it may be accepted if a proper<o:p></o:p></pre>
<pre> justification is provided for the deviation and a mapping table is<o:p></o:p></pre>
<pre> provided to readily discern where each of the items described in this<o:p></o:p></pre>
<pre> outline is provided.<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
The reason the CA/B Forum BRs were
structured according to this outline was
to assist with comparisons between CP/CPS
documents of different CAs, making the
review of these documents easier.<br>
<br>
That's why you see sections like 1.5.4
"CPS approval procedures" in the BRs as an
empty section with "No Stipulation". There
are many such sections in the BRs, all
coming from section 6 of RFC 3647.<br>
<br>
I hope this is clearer now.</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">BR Section 2.2
needs to be re-written, as there are no
materials required by RFC 3647 (because
RFC 3647 contains no requirements). It
needs to say something like “structured
in accordance with RFC 3647 and MUST
include all sections of the outline
described in section 4” or something
like that. What it says right now
doesn’t capture the intent that you
correctly summarized.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
During the last couple of years reviewing
CP/CPS documents, I saw some uniformity at
least in Publicly Trusted CAs, and they
all seem to follow the BRs structure which
comes from the outline of section 6 of RFC
3647. However, it's not a bad idea to
further clarify BR section 2.2 to better
meet the expectations.</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">The MSRP
language is better, I think I may have
made all of these same points when it
was being drafted, which is why it says
“section and subsection” (two levels)
and uses “structured according to” and
not “complies with the requirements of”.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">But anyway,
this is all background that supports
what I’ve been saying all along: BR 3.2
is a RFC 3647 section. BR 3.2.1 *<b>is
not</b>* a RFC 3647 required section,
nor is it even a section that is even
mentioned in RFC 3647. If you don’t
believe me, please go to RFC 3647,
Section 4.3.2.1 and read what it says.
OH, WAIT, IT DOESN’T EXIST! </span><span
style="font-size:11.0pt;font-family:"Segoe UI Emoji",sans-serif">😊</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
To my point, BR 3.2.1 IS an RFC 3647
required section as it is explicitly
mentioned in the outline of section 6 of
RFC 3647:</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>3.2.1 Method to prove possession of private key<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
Details about the contents of that section
can be found in the first bullet of <a
href="https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3647*section-4.3.2__;Iw!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBIL19sP_w$"
moz-do-not-send="true">section 4.3.2 of
RFC 3647</a>. <br>
<br>
Does that make more sense?<br>
<br>
Dimitris.</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">-Tim</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Dimitris
Zacharopoulos (HARICA) <a
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"><dzacharo@harica.gr></a>
<br>
<b>Sent:</b> Friday, December 1,
2023 1:04 PM<br>
<b>To:</b> Tim Hollebeek <a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Inigo Barreira <a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b> CA/B Forum Server
Certificate WG Public Discussion
List <a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b> Re:
[Servercert-wg] SC-065: Convert
EVGs into RFC 3647 format
pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt">Hi Tim,<br>
<br>
None of the IETF standards set policy
unless they are invited by some policy
authority :) The BRs set such policy
and "import" some documents, such as
RFC 5280, 3647 and others.<br>
<br>
The BRs in section 1.1 state:<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">These
Requirements do not address all of
the issues relevant to the issuance
and management of Publicly-Trusted
Certificates. In accordance with RFC
3647 and to facilitate a comparison
of other certificate policies and
CPSs (e.g. for policy mapping), this
document includes all sections of
the RFC 3647 framework. However,
rather than beginning with a "no
stipulation" comment in all empty
sections, the CA/Browser Forum is
leaving such sections initially
blank until a decision of "no
stipulation" is made</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
In addition, section 2.2 states
(emphasis added):<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">The
Certificate Policy and/or
Certification Practice Statement
MUST be structured in accordance
with RFC 3647 and <b>MUST include
all material required by RFC 3647</b>.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
If you go back to the discussions when
the CA/B Forum decide to align with
the "RFC 3647 format", we agreed to
include each and every section of the
outline as a minimum set.<br>
<br>
MRSP states in section 3.3 (5) (again,
emphasis added):<br>
<br>
</span><o:p></o:p></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">5. all CPs,
CPSes, and combined CP/CPSes MUST be
structured according to RFC 3647 and
MUST:<br>
<br>
- include <b>at least every
section and subsection defined in
RFC 3647</b>;<br>
- only use the words "No
Stipulation" to mean that the
particular document imposes no
requirements related to that
section; and<br>
- contain no sections that are
blank and have no subsections;</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt"><br>
So, with all that considered, when we
visit <a
href="https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3647*section-6__;Iw!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBKp_QdGmg$"
moz-do-not-send="true">section 6 of
RFC 3647</a> ("the outline"), the
expectation is to include each and
every section and subsection of the
outline (up to three levels).<br>
<br>
CAs are free to add MORE sections and
subsections as they desire, just like
the BRs have done, but we can't escape
or "hijack" an existing RFC 3647
section number. The outline contains a
specific section labeled as "3.2.1
Method to prove possession of private
key". That means we cannot re-use the
number 3.2.1 for something else.<br>
<br>
I hope this sounds reasonable to
people.<br>
<br>
Dimitris.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt">On
1/12/2023 6:51 μ.μ., Tim Hollebeek
wrote:</span><o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">This is
unfortunately wrong. There are lots
of misconceptions about RFC 3647
“compliance”.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">The first
point is that RFC 3647 is an
INFORMATIONAL RFC. You can see this
right at the top, where it says
“Category: Informational”. This
means that it contains no
requirements and it’s impossible to
be out of compliance with it. This
is why I put quotes around
“compliance”. Any requirements
around it need to come from
elsewhere, for example, a root
program requirement that requires a
particular document to be in RFC
3647 format. But that’s vague and
informal, because 3647 doesn’t have
requirements, it just has an outline
and suggested contents. It’s not
100% precise what “MUST be in RFC
3647 format” means, and we need to
just acknowledge that (specifying it
precisely would be a colossal waste
of time).</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">So what
does “RFC 3647 format” mean? RFC
3647’s outline only covers the first
two levels. So “Section 3.2:
Initial Identity Validation” is a
RFC 3647 section header, and most
reasonable interpretations of “RFC
3647 format” would require it to
exist with that or a substantially
similar name and contents.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">Section
3.2.1, on the other hand, is not an
RFC 3647 section. It’s common to
have a third level of headers that
mirror the “bullet points” in the
suggested content for the section,
but those are just unordered bullet
lists in RFC 3647. Claiming that
section 3.2.1 of a document in RFC
3647 must describe private key
protection goes beyond what RFC 3647
says. Section 3.2 just “contains
the following elements”, so private
key protection is just one of
several topics that one might
discuss in section 3.2. It could be
section 3.2.1, but it could be
elsewhere in 3.2, and it’s perfectly
fine for 3.2.1 to not exist, have
different content, etc.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">Figuring
out where section 11.1 goes is not
trivial, but at first glance,
section 3.2 is not an unreasonable
choice, and I can understand why
Inigo made it. And there isn’t a
compliance reason why it can’t be
section 3.2.1, if that’s what we
want.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">Of course,
we could convert the recommended
bulleted sections to a numbered list
of subsections (we often do
elsewhere), in which case section
3.2.1 could be “Private Key
Protection” with contents “No
Stipulation”. If we do that, I
suggest we follow the rest of the
bullets as well.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">Either way
works.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt">-Tim</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt">
Dimitris Zacharopoulos <a
href="mailto:dzacharo@harica.gr" moz-do-not-send="true"><dzacharo@harica.gr></a>
<br>
<b>Sent:</b> Friday, December
1, 2023 10:48 AM<br>
<b>To:</b> Inigo Barreira <a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a><br>
<b>Cc:</b> Tim Hollebeek <a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
CA/B Forum Server Certificate
WG Public Discussion List <a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject:</b> Re:
[Servercert-wg] SC-065:
Convert EVGs into RFC 3647
format pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">We
MUST comply with RFC 3647 which
means that we must include
sections that are listed in the
outline of 3647, and if we have
nothing to say, we leave it
empty. We can't "hijack" the
numbering just because we have
no requirements to describe. <br>
<br>
That's my interpretation of the
RFC 3647 compliance. Perhaps
others can chime in and state
their opinion. <br>
<br>
<br>
Thanks, </span><o:p></o:p></p>
</div>
<div>
<p><span
style="font-family:"Arial",sans-serif">DZ.</span><o:p></o:p></p>
</div>
<div>
<div>
<p><span
style="font-family:"Arial",sans-serif">Dec 1, 2023 14:50:23
Inigo Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>:</span><o:p></o:p></p>
</div>
<blockquote
style="border:none;border-left:solid #CCCCCC 2.25pt;padding:0cm 0cm 0cm 8.0pt;margin-left:0cm;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">Thanks
Dimitris.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">I think that
strictly speaking, in RFC 3647
this section is the 4.3.2
Initial Identity Validation
and the first bullet is about
proving the possession of the
private key, but there´s no
specific section other than
the general approach that
we´ve implemented.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">That said, the
current EVG does not include
anything about the possession
of the private key because
that´s covered in the TLS BRs
so that section does not exist
in the EVGs and therefore I
didn´t know how to
avoid/implement it.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">I decided to
continue with the normal
numbering for an easy
checking, so all 11 section is
moved into section 3.2 and the
rest of the sub-numbers do not
change (so 11.1 would be
3.2.1, 11.1.1 would be
3.2.1.1, etc.)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">I understand your
point but I think we can´t
create a section 3.2.1 for
private key possession because
there´s no such a text in the
EVGs (and don´t think we
should add anything new, even
a NA for that) and don´t know
which other sections we can
create under 3.2 that can
break the current equivalence,
which again was done for an
easy comparison. </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">So, what would
you suggest to “comply” with
that? I don´t have a clear
idea.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">Regards</span><o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:KO">De:</span></b><span
style="font-size:11.0pt;mso-fareast-language:KO"> Dimitris Zacharopoulos
(HARICA) <<a
href="mailto:dzacharo@harica.gr" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>> <br>
<b>Enviado el:</b> jueves,
30 de noviembre de 2023
13:16<br>
<b>Para:</b> Inigo
Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>; Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>>; CA/B
Forum Server Certificate
WG Public Discussion List
<<a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b> Re:
[Servercert-wg] SC-065:
Convert EVGs into RFC 3647
format pre-ballot</span><o:p></o:p></p>
</div>
</div>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black;mso-fareast-language:JA">CAUTION: This email
originated from outside of
the organization. Do not
click links or open
attachments unless you
recognize the sender and
know the content is safe.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt;mso-fareast-language:JA">Inigo,<br>
<br>
As I am working to migrate
the EV Guidelines into the
EV Code Signing Baseline
Requirements I took a look
at the mapping you provided
for the EV Guidelines and
noticed that you are
proposing migration of EVG
section 11.1 into section
3.2.1. This particular
section is labeled "Method
to prove possession of
private key" in RFC 3647 so
I don't think it is
appropriate. I think it's
best to create new
subsections under 3.2.<br>
<br>
Thanks,<br>
Dimitris.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">On 8/9/2023 7:54 μ.μ.,
Inigo Barreira wrote:</span><o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt">Hi
all, </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">Attached
you´ll find the EVG v1.8.0
with comments in all
sections indicating where
those sections, and the
content, have been moved
into the new EVG RFC3647
format. So, with this
document, plus the
redlined version, I hope
you can have now a clearer
view of the changes done.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">Let me know
if you need anything else
to clarify the new
version.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">Regards</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB"> </span><o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:JA">De:</span></b><span
style="font-size:11.0pt;mso-fareast-language:JA"> Inigo Barreira <a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"><Inigo.Barreira@sectigo.com></a>
<br>
<b>Enviado el:</b>
martes, 29 de agosto
de 2023 17:06<br>
<b>Para:</b> Tim
Hollebeek <a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"><tim.hollebeek@digicert.com></a>;
Dimitris Zacharopoulos
(HARICA) <a
href="mailto:dzacharo@harica.gr" moz-do-not-send="true"><dzacharo@harica.gr></a>;
CA/B Forum Server
Certificate WG Public
Discussion List <a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Asunto:</b> RE:
[Servercert-wg]
SC-065: Convert EVGs
into RFC 3647 format
pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">Thanks
Dimitris and Tim.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">I did
something of that
internally but didn´t
reflect on the document,
so will try to reproduce
to have it clearer.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">OTOH, and as
indicated in the PR, the
whole section 11 has been
placed in section 3.2
keeping the rest of the
numbering. So, for
example:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">EVG
EVG3647</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.1
3.2.1</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.1.1
3.2.1.1</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.1.2
3.2.1.2</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.1.3
3.2.1.3</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.2
3.2.2</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.2.1
3.2.2.1</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">…..
…. </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.13
3.2.13</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.14
3.2.14</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.14.1
3.2.14.1</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.14.2
3.2.14.2</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">11.14.3
3.2.14.3</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">Hope this can
clarify the main difficult
that I found in the
document, where to place
it and how.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB">Regards</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt"
lang="EN-GB"> </span><o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB">De:</span></b><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB"> Tim
Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"
class="moz-txt-link-freetext">tim.hollebeek@digicert.com</a>> <br>
<b>Enviado el:</b>
martes, 29 de agosto
de 2023 16:59<br>
<b>Para:</b> Dimitris
Zacharopoulos (HARICA)
<<a
href="mailto:dzacharo@harica.gr" moz-do-not-send="true"
class="moz-txt-link-freetext">dzacharo@harica.gr</a>>; Inigo Barreira
<<a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"
class="moz-txt-link-freetext">Inigo.Barreira@sectigo.com</a>>; CA/B
Forum Server
Certificate WG Public
Discussion List <<a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"
class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>><br>
<b>Asunto:</b> RE:
[Servercert-wg]
SC-065: Convert EVGs
into RFC 3647 format
pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB"> </span><o:p></o:p></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black;mso-fareast-language:JA">CAUTION: This email
originated from outside
of the organization. Do
not click links or open
attachments unless you
recognize the sender and
know the content is
safe.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:JA"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Yes, exactly. I would
like to see a list that
shows that EVG-classic
section 1.4 is now in
EVG-3647 section 4.1.
Then I can look at where
the new text landed, see
how the conversion was
handled, we can all
verify that nothing was
lost or left out, etc.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Without that, anyone
attempting to review the
document is forced to
recreate the mapping
just to figure out where
everything went and that
nothing was missed or
put in the wrong place.
Redlines are not
sufficient when large
amounts of text are
moving around to
different places.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">I’m saying this because
from my spot-checking,
the conversion appears
to be pretty good, and
I’d like to be able to
do a final verification
that it’s mostly correct
so I can endorse.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">-Tim</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:JA">From:</span></b><span
style="font-size:11.0pt;mso-fareast-language:JA"> Dimitris Zacharopoulos
(HARICA) <<a
href="mailto:dzacharo@harica.gr" moz-do-not-send="true"><span
lang="EN-US">dzacharo@harica.gr</span></a>>
<br>
<b>Sent:</b>
Tuesday, August
29, 2023 7:58 AM<br>
<b>To:</b> Inigo
Barreira <<a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"><span
lang="EN-US">Inigo.Barreira@sectigo.com</span></a>>;
CA/B Forum Server
Certificate WG
Public Discussion
List <<a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><span
lang="EN-US">servercert-wg@cabforum.org</span></a>>;
Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"><span
lang="EN-US">tim.hollebeek@digicert.com</span></a>><br>
<b>Subject:</b>
Re:
[Servercert-wg]
SC-065: Convert
EVGs into RFC 3647
format pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt;mso-fareast-language:JA">Hi Inigo,<br>
<br>
You can take some
guidance from previous
successful efforts to
convert existing
documents into RFC
3647 format. The
latest attempt was in
the Code Signing BRs
conversion in May
2022. Check out the
mapping document and
the comments in the <a
href="https://urldefense.com/v3/__https:/lists.cabforum.org/pipermail/cscwg-public/2022-May/000795.html__;!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBLzwUxa3A$"
moz-do-not-send="true"><span lang="EN-US">ballot discussion period</span></a>.<br>
<br>
For each existing
section/paragraph, it
would be nice to have
a comment describing
where that existing
language will land in
the converted document
(destination). This
will allow all
existing text to be
accounted for.<br>
<br>
During this process,
you might encounter
duplicate or redundant
text which needs to be
flagged accordingly.
You might also get
into some uncertainty
as to which RFC3647
section is a best fit
for existing text that
might require
additional discussion.
<br>
<br>
I hope this helps.<br>
<br>
<br>
Dimitris.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">On 29/8/2023 12:42
μ.μ., Inigo Barreira
via Servercert-wg
wrote:</span><o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB">Hi Tim,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB">See
attached redlined
and current
versions. I just
used what Martijn
suggested yesterday
but let me know if
this is what you
were looking for.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB">Regards</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA" lang="EN-GB"> </span><o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:JA">De:</span></b><span
style="font-size:11.0pt;mso-fareast-language:JA"> Tim Hollebeek <a
href="mailto:tim.hollebeek@digicert.com" moz-do-not-send="true"><span
lang="EN-US"><tim.hollebeek@digicert.com></span></a>
<br>
<b>Enviado el:</b>
lunes, 28 de
agosto de 2023
19:49<br>
<b>Para:</b>
Inigo Barreira <a
href="mailto:Inigo.Barreira@sectigo.com" moz-do-not-send="true"><span
lang="EN-US"><Inigo.Barreira@sectigo.com></span></a>;
CA/B Forum
Server
Certificate WG
Public
Discussion List
<a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><span
lang="EN-US"><servercert-wg@cabforum.org></span></a><br>
<b>Asunto:</b>
RE: SC-065:
Convert EVGs
into RFC 3647
format
pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black;mso-fareast-language:JA">CAUTION: This email
originated from
outside of the
organization. Do
not click links or
open attachments
unless you
recognize the
sender and know
the content is
safe.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Thanks for doing this
Inigo … I know
re-organizations
like this are a
lot of work and
fall very much in
the category of
“important but not
fun”. So thanks
for taking an
initial stab at
this.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Is there a mapping that
shows where all
the original text
ended up? I think
that’s going to be
essential for
people to be able
to review this. I
did some spot
checking, and your
conversion looks
pretty good, but I
wasn’t able to do
a more detailed
review without a
mapping.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">-Tim</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<div
style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p
class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:JA">From:</span></b><span
style="font-size:11.0pt;mso-fareast-language:JA"> Servercert-wg <<a
href="mailto:servercert-wg-bounces@cabforum.org" moz-do-not-send="true"><span
lang="EN-US">servercert-wg-bounces@cabforum.org</span></a>>
<b>On Behalf
Of </b>Inigo
Barreira via
Servercert-wg<br>
<b>Sent:</b>
Monday, August
28, 2023 5:20
AM<br>
<b>To:</b>
CA/B Forum
Server
Certificate WG
Public
Discussion
List <<a
href="mailto:servercert-wg@cabforum.org" moz-do-not-send="true"><span
lang="EN-US">servercert-wg@cabforum.org</span></a>><br>
<b>Subject:</b>
[Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Hello,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">The current Extended
Validation
Guidelines
(EVGs) are
written in a
non-standardized
format. For many
years it has
been discussed
to convert this
document into
the RFC 3647
format and
follow the
standardized
model for this
type of
documents. </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Given that this has
been known for
several years, I
have prepared
the following
ballot text,
which converts
the EVGs into
the RFC 3647
format:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"><a
href="https://urldefense.com/v3/__https:/url.avanan.click/v2/___https:/github.com/cabforum/servercert/pull/440___.YXAzOmRpZ2ljZXJ0OmE6bzoyOGIxNWVhZGVmZDlkZTM0NjQzZTA3YTlmYTA2MzM5YTo2OmExZWM6NGZmMGEzM2U0ZWZjOTU4MTM1NWRkNjU3ZDE5YjU3Y2YxNzg1NWU0ZTVjYzkzY2NjM2M0MWU5MzEyYzJmZTQ0NzpoOkY__;!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBKpiKVP6w$"
title="Protected by Avanan: https://github.com/cabforum/servercert/pull/440"
moz-do-not-send="true"><span lang="EN-GB">EVGs based on RFC3647 by
barrini · Pull
Request #440 ·
cabforum/servercert (github.com)</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">I am currently seeking
two endorsers as
well as any
feedback on the
ballot content
itself (wording,
effective dates,
etc.).</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
<pre><span
style="mso-fareast-language:JA">_______________________________________________</span><o:p></o:p></pre>
<pre><span
style="mso-fareast-language:JA">Servercert-wg mailing list</span><o:p></o:p></pre>
<pre><span
style="mso-fareast-language:JA"><a
href="mailto:Servercert-wg@cabforum.org" moz-do-not-send="true"><span
lang="EN-US">Servercert-wg@cabforum.org</span></a></span><o:p></o:p></pre>
<pre><span
style="mso-fareast-language:JA"><a
href="https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/servercert-wg__;!!FJ-Y8qCqXTj2!cDhQeVwolbnJ6hdDSRwEKs2w1lDqgYkiUHc4ApuZ3kUIV3BDxbQ0XAAIsJDbSWbqRevehayXBz_oc-H9s1zZDBI3Tfxaxw$"
moz-do-not-send="true"><span
lang="EN-US">https://lists.cabforum.org/mailman/listinfo/servercert-wg</span></a></span><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:JA"> </span><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><i><span
style="font-size:11.0pt">Any email and
files/attachments transmitted with it are
intended solely for the use of the individual
or entity to whom they are addressed. If this
message has been sent to you in error, you
must not copy, distribute or disclose of the
information it contains. <u>Please notify
Entrust immediately and delete the message
from your system.</u></span></i><span
style="font-size:11.0pt"> <o:p></o:p></span></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
<span>_______________________________________________</span><br>
<span>Servercert-wg mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a></span><br>
<span><a class="moz-txt-link-freetext" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=UFocQoshgs6A7y3VVUWNpjYvy1MGwzVRpaJVTPPj0j8k85AG_213ljbbMPfVmGns&s=TpsamnALNBCQb88SZMy3daFkDd6hPsEPDIVThY9hie0&e=">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=UFocQoshgs6A7y3VVUWNpjYvy1MGwzVRpaJVTPPj0j8k85AG_213ljbbMPfVmGns&s=TpsamnALNBCQb88SZMy3daFkDd6hPsEPDIVThY9hie0&e=</a></span><br>
</div>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
<br>
</body>
</html>