<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe Script";
panose-1:3 11 5 4 2 0 0 0 0 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
h1
{mso-style-priority:9;
mso-style-link:"Heading 1 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:24.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}
h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-link:"Heading 1";
font-family:"Aptos Display",sans-serif;
color:#0F4761;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Aptos Display",sans-serif;
color:#0F4761;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Aptos",sans-serif;
color:#0F4761;
font-style:italic;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:233126605;
mso-list-template-ids:645802978;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:998733362;
mso-list-template-ids:1787563478;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1161435056;
mso-list-template-ids:-1044116860;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1689679764;
mso-list-template-ids:1840818308;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>Yes, I’m under no illusions I got it right on the first try, and alternative approaches might be better.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>-Tim<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Clint Wilson <clintw@apple.com> <br><b>Sent:</b> Friday, May 10, 2024 2:20 PM<br><b>To:</b> Tim Hollebeek <tim.hollebeek@digicert.com>; ServerCert CA/BF <servercert-wg@cabforum.org><br><b>Cc:</b> Roman Fischer <roman.fischer@swisssign.com><br><b>Subject:</b> Re: [Servercert-wg] Ballot SC-74 - Clarify CP/CPS structure according to RFC 3647<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi Tim,<o:p></o:p></p><div><p class=MsoNormal><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On May 10, 2024, at 8:52<span style='font-family:"Arial",sans-serif'> </span>AM, Tim Hollebeek via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org">servercert-wg@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt'>Whether the comparison should be case sensitive or not is not a question of how “strict” the linter should be, but what the requirements are. Linters MUST NOT make their own determinations as to what the requirements are, and SHOULD highlight cases like this where ambiguity may be present. For example, it would be sensible to WARN that a value deviates in case from the correct value, and that the requirements are unclear whether that’s allowed (assuming SC-74 had passed in its current form).</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'>However, I would question whether it’s actually even unclear at all. It’s impossible to interpret the highlighted language into a, b, or c, because the language is completely silent on not just capitalization, but the titles themselves. I interpret the highlighted language as saying you have to include at least every section and subsection, but it doesn’t matter what titles you give those sections or subsections (since there’s no relevant requirements). That’s what the highlighted text says, and questions of whether it has to be capitalized the same way miss the fact that it doesn’t even say the same titles need to be used.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'>There are also some hilarious errors in 3647 if you look closely. I think the best path forward would be something along the lines of:</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><ol style='margin-top:0in' start=1 type=1><li class=MsoListParagraph style='margin-top:0in;margin-bottom:0in;mso-list:l3 level1 lfo1'><span style='font-size:11.0pt'>MUST include at least every section and subsection defined in Appendix ZZ, and MUST use the section and subsection titles listed there</span><o:p></o:p></li><li class=MsoListParagraph style='margin-top:0in;margin-bottom:0in;mso-list:l3 level1 lfo1'><span style='font-size:11.0pt'>The titles SHOULD be formatted, worded, capitalized and spelled the same way, and</span><o:p></o:p></li><li class=MsoListParagraph style='margin-top:0in;margin-bottom:0in;mso-list:l3 level1 lfo1'><span style='font-size:11.0pt'>Errors in formatting or titling sections of a CPS are not grounds for revocation of affected certificates. </span><o:p></o:p></li></ol></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:black'>Overall agreed with what’s stated here, except this part of the proposal. I do agree with what I believe your intent to be, but depending on how this is worded it seems it could lead to overly broad application (e.g. the error in titling “Non-verified subscriber information” results in a title of “Verified subscriber information”). Mostly just drawing attention to it as something that would need to be crafted somewhat carefully and perhaps would be preferable to have the MUST and SHOULD sections worded specifically enough that the intended allowance for errors in formatting or titling are encapsulated as clearly not part of the MUST requirement and clearly part of the SHOULD requirement. That approach would also avoid (I think) needing to consider the interaction of something like #3 with 4.9.1.2.(5).</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:black'>Cheers,</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='color:black'>-Clint</span><o:p></o:p></p></div><p class=MsoNormal><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal><span style='font-size:11.0pt'>And then explicitly list the outline we want in Appendix ZZ. The outline should be very close to what 3647 says, to avoid unnecessary churn or deviation from IETF standards, but it would give us a chance to fix the obvious errors, and perhaps fix some historical baggage.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'>The resulting outline could be submitted back to IETF for publication as an update to 3647, which is starting to show its age.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'>-Tim</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div style='border:none;border-left:solid windowtext 1.5pt;padding:0in 0in 0in 4.0pt;border-color:currentcolor currentcolor currentcolor blue;border-image: none'><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor currentcolor;border-image: none'><div><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span class=apple-converted-space><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span></span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org">servercert-wg-bounces@cabforum.org</a>><span class=apple-converted-space> </span><b>On Behalf Of<span class=apple-converted-space> </span></b>Roman Fischer via Servercert-wg<br><b>Sent:</b><span class=apple-converted-space> </span>Friday, May 10, 2024 4:20 AM<br><b>To:</b><span class=apple-converted-space> </span>CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org">servercert-wg@cabforum.org</a>><br><b>Subject:</b><span class=apple-converted-space> </span>Re: [Servercert-wg] Ballot SC-74 - Clarify CP/CPS structure according to RFC 3647</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Hi Wendy,</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I would definitely go for c) because the documents are overall not standardized enough to do any kind of automatic parsing where a) or b) would maybe help.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Rgds<br>Roman</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span><o:p></o:p></p></div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor currentcolor;border-image: none'><div><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span class=apple-converted-space><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span></span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org">servercert-wg-bounces@cabforum.org</a>><span class=apple-converted-space> </span><b>On Behalf Of<span class=apple-converted-space> </span></b>Wendy Brown - QT3LB-C via Servercert-wg<br><b>Sent:</b><span class=apple-converted-space> </span>Donnerstag, 9. Mai 2024 16:58<br><b>To:</b><span class=apple-converted-space> </span>Aaron Gable <<a href="mailto:aaron@letsencrypt.org">aaron@letsencrypt.org</a>><br><b>Cc:</b><span class=apple-converted-space> </span>CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org">servercert-wg@cabforum.org</a>><br><b>Subject:</b><span class=apple-converted-space> </span>Re: [Servercert-wg] Ballot SC-74 - Clarify CP/CPS structure according to RFC 3647</span><o:p></o:p></p></div></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div><div><div><p class=MsoNormal><span lang=DE>OK - then I have a question for all those voting on SC74 (as an Associate member rep, I do not have a vote)</span><o:p></o:p></p></div><div><div><p class=MsoNormal><span lang=DE>How do you interpret the proposed new language:</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE style='font-size:9.0pt;font-family:Consolas;color:#1F2328;background:#DAFBE1'>include at least every section and subsection defined in section 6 of RFC 3647</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE style='font-size:9.0pt;font-family:Consolas;color:#1F2328'>Does this mean:</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE style='font-size:9.0pt;font-family:Consolas;color:#1F2328'>a) that the section and subsection headers have to exactly match the text in RFC 3647 including its use of capitalization, or<span class=apple-converted-space> </span></span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE style='font-size:9.0pt;font-family:Consolas;color:#1F2328'>b) just that the words must be the same or<span class=apple-converted-space> </span></span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE style='font-size:9.0pt;font-family:Consolas;color:#1F2328'>c) you just have to have the same numbering and the title can be slightly different as long as it covers the intended content?</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE style='font-size:9.0pt;font-family:Consolas;color:#1F2328'>Sorry to not have asked this during the discussion period, until I saw the output of the linter Aaron prepared, it didn't occur to me that anyone would have interpreted it as the capitalization had to match.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE style='font-size:9.0pt;font-family:Consolas;color:#1F2328'>thanks,<br clear=all></span><o:p></o:p></p></div><div><div><div><div><p class=MsoNormal><span lang=DE style='font-family:"Segoe Script"'>Wendy</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>Wendy Brown</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>Supporting GSA</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>FPKIMA Technical Liaison</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>Protiviti Government Services</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE style='font-size:11.0pt;font-family:"Calibri",sans-serif'>703-965-2990 (cell)</span><o:p></o:p></p></div></div></div></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div><div><div><div><p class=MsoNormal><span lang=DE>On Thu, May 9, 2024 at 10:33</span><span lang=DE style='font-family:"Arial",sans-serif'> </span><span lang=DE>AM Aaron Gable <<a href="mailto:aaron@letsencrypt.org">aaron@letsencrypt.org</a>> wrote:</span><o:p></o:p></p></div></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204, 204, 204);border-image: none'><div><div><div><p class=MsoNormal><span lang=DE>I think that is a question to be taken up with the authors of SC-74, and with the root programs. In the interest of caution, I think this linting tool should err on the side of strictness. It is open source, however, so you are of course free to modify it for your own preferences.</span><o:p></o:p></p></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE>Aaron</span><o:p></o:p></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=DE> </span><o:p></o:p></p><div><div><div><p class=MsoNormal><span lang=DE>On Thu, May 9, 2024, 04:57 Wendy Brown - QT3LB-C <<a href="mailto:wendy.brown@gsa.gov" target="_blank">wendy.brown@gsa.gov</a>> wrote:</span><o:p></o:p></p></div></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204, 204, 204);border-image: none'><div><div><p class=MsoNormal><span lang=DE>Aaron - </span><o:p></o:p></p></div><div><div><p class=MsoNormal><span lang=DE>Can I suggest that maybe the comparison should be done in a case blind fashion?</span><o:p></o:p></p></div><div><div><p class=MsoNormal><span lang=DE>For example, requiring the headers for the subsections of 1.3 to have the second word lower case when it is common practice to refer to Certification Authorities as CAs and Registration Authorities as RAs, etc. just makes the document inconsistent. I understand the goal is to try to make comparisons easier, but requiring all Public Trusted CAs have these style inconsistencies in their own documentation seems like a step too far.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE>thanks,<br clear=all></span><o:p></o:p></p></div><div><div><div><div><p class=MsoNormal><span lang=DE style='font-family:"Segoe Script"'>Wendy</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>Wendy Brown</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>Supporting GSA</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>FPKIMA Technical Liaison</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE>Protiviti Government Services</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=DE style='font-size:11.0pt;font-family:"Calibri",sans-serif'>703-965-2990 (cell)</span><o:p></o:p></p></div></div></div></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div></div></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div><div><div><div><p class=MsoNormal><span lang=DE>On Wed, May 8, 2024 at 6:06</span><span lang=DE style='font-family:"Arial",sans-serif'> </span><span lang=DE>PM Aaron Gable via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:</span><o:p></o:p></p></div></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204, 204, 204);border-image: none'><div><div><p class=MsoNormal><span lang=DE>Of course! Done: <a href="https://url.avanan.click/v2/___https:/github.com/cabforum/servercert/issues/513___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OjhhYzY6ZmJmZTNhY2NmMGM2YmMyZjFhMzhmMjcwY2ExNDFkZTc3NGU5M2NkZDI4MzAyYjQwOWViMzNhMmJmZGRkMzAyMjpoOkY" target="_blank" title="Protected by Avanan: https://github.com/cabforum/servercert/issues/513">https://github.com/cabforum/servercert/issues/513</a></span><o:p></o:p></p></div></div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div><div><div><div><p class=MsoNormal><span lang=DE>On Wed, May 8, 2024 at 8:37</span><span lang=DE style='font-family:"Arial",sans-serif'> </span><span lang=DE>AM Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>> wrote:</span><o:p></o:p></p></div></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204, 204, 204);border-image: none'><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=DE>Thanks Aaron,<br><br>Would it be ok for you to create a<span class=apple-converted-space> </span><a href="https://url.avanan.click/v2/___https:/github.com/cabforum/servercert/issues___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OmUwNjI6MzFkMjYyMTQ3NzdmNTM5NzExNDRlODRhYmQzZTcyM2RkMWU2MDk2YzExNzY3NDczZjRkM2FiNWYzYWIyZTYxMDpoOkY" target="_blank" title="Protected by Avanan: https://github.com/cabforum/servercert/issues">GitHub issue</a><span class=apple-converted-space> </span>to identify the specific sections that deviate in content? We might tackle that in a cleanup ballot. I don't think the capitalization is so much of a concern but if others think it is, please speak up :)<span class=apple-converted-space> </span><br><br><br>Dimitris.</span><o:p></o:p></p><div><div><p class=MsoNormal><span lang=DE>On 8/5/2024 1:19 π.μ., Aaron Gable wrote:</span><o:p></o:p></p></div></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><div><p class=MsoNormal><span lang=DE>Two notes on this ballot, findings from our process for handling upcoming requirements:</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE>1) Let's Encrypt has<span class=apple-converted-space> </span><a href="https://url.avanan.click/v2/___https:/github.com/letsencrypt/cp-cps/tree/d5b258a/tools/lint___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OmNjYjI6MmViY2I4M2Y5MmJlNzU4MWM5YWJhMWRhYjk1YmFiNzc0NTdkOWI1OTA5ZWJiNTkzZGNmMGFjZjk2ZjY3NjhhYTpoOkY" target="_blank" title="Protected by Avanan: https://github.com/letsencrypt/cp-cps/tree/d5b258a/tools/lint">created and open-sourced a tool</a><span class=apple-converted-space> </span>for linting a CPS to confirm compliance with RFC 3647 Section 6 and Ballot SC-074. If you maintain your CPS document in markdown, it should be very simple to use or adapt to your particular situation.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE>2) The Baseline Requirements themselves do not quite comply with RFC 3647 Section 6, with several section titles that deviate from that outline in either capitalization or actual content.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE>We hope this information is helpful to others,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE>Aaron</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><div><div><p class=MsoNormal><span lang=DE>On Thu, Apr 25, 2024 at 9:27</span><span lang=DE style='font-family:"Arial",sans-serif'> </span><span lang=DE>AM Dimitris Zacharopoulos (HARICA) via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>> wrote:</span><o:p></o:p></p></div></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204, 204, 204);border-image: none'><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=DE> </span><o:p></o:p></p><h1><span lang=DE>SC-74 - Clarify CP/CPS structure according to RFC 3647</span><o:p></o:p></h1><h2 id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-summary"><span lang=DE>Summary</span><o:p></o:p></h2><p id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-the-tls-baseline-req"><span lang=DE style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>The TLS Baseline Requirements require in section 2.2 that:</span><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p></span></p><p id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-%22the-certificate-pol"><em><span lang=DE style='font-size:9.0pt;font-family:"Aptos",sans-serif'>"The Certificate Policy and/or Certification Practice Statement MUST be structured in accordance with RFC 3647 and MUST include all material required by RFC 3647."</span></em><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p></span></p><p id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-the-intent-of-this-l"><span lang=DE style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>The intent of this language was to ensure that all CAs' CP and/or CPS documents contain a similar structure, making it easier to review and compare against the BRs. However, there was some ambiguity as to the actual structure that CAs should follow. After several discussions in the<span class=apple-converted-space> </span><a href="https://url.avanan.click/v2/___https:/lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OjJmNjc6ZWM5ZWFhNDJkMmU0MGE0OGYxOWU1OWZkM2NkZmNiMTY3YmFjOWJlZDhiYTZiYzE5ZjBlZWM3MzI5YjYzNTM3NTpoOkY" target="_blank" title="Protected by Avanan: https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html">SCWG Public Mailing List</a><span class=apple-converted-space> </span>and F2F meetings, it was agreed that more clarity should be added to the existing requirement, pointing to the outline described in section 6 of RFC 3647.</span><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p></span></p><div><p class=MsoNormal><span lang=DE>The following motion has been proposed by Dimitris Zacharopoulos (HARICA) and endorsed by Aaron Poulsen (Amazon) and Tim Hollebeek (Digicert). <span class=apple-converted-space> </span></span><o:p></o:p></p></div><p><span lang=DE style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>You can view the github pull request representing this ballot<span class=apple-converted-space> </span><a href="https://url.avanan.click/v2/___https:/github.com/cabforum/servercert/pull/503___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OjNhZmM6MGQ5ZWY1YjVmZDBhMmU2MGRmODhlNjZlZDhlOWEzNzkwOGU2NjA3NTllYzg5MjJlYWViMTJmODQ5NzBiMThkNzpoOkY" target="_blank" title="Protected by Avanan: https://github.com/cabforum/servercert/pull/503">here</a>. </span><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p></span></p><h2 id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-motion-begins"><span lang=DE>Motion Begins</span><o:p></o:p></h2><p id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-modify-the-%22baseline"><span lang=DE style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>MODIFY the "Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates" based on Version 2.0.4 as specified in the following redline:</span><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p></span></p><ul style='margin-top:0in' type=disc id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-https%3A%2F%2Fgithub.com%2Fc"><li class=MsoNormal style='mso-list:l2 level1 lfo2'><span lang=DE><a href="https://url.avanan.click/v2/___https:/github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OmFjNTU6ZGE2MDMwNTE5MDk4OGQyZGQzOTI5ODkxMThhMDNhNzM5NDFhY2ZjYjUwZDE1YWUzNTYzZTE4MjcxZTY4ZDY3ODpoOkY" target="_blank" title="Protected by Avanan: https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae">https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae</a></span><o:p></o:p></li></ul><h2 id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-motion-ends"><span lang=DE>Motion Ends</span><o:p></o:p></h2><p id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-this-ballot-proposes"><span lang=DE style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:</span><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p></span></p><h4 id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-discussion-%2811%2B-days"><span lang=DE>Discussion (at least 7 days)</span><o:p></o:p></h4><ul style='margin-top:0in' type=disc id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-start-time%3A-2024-01-"><li class=MsoNormal style='mso-list:l0 level1 lfo3'><span lang=DE>Start time: 2024-04-25 16:30:00 UTC</span><o:p></o:p></li><li class=MsoNormal style='mso-list:l0 level1 lfo3'><span lang=DE>End time: on or after 2024-05-02 16:30:00 UTC</span><o:p></o:p></li></ul><h4 id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-vote-for-approval-%287"><span lang=DE>Vote for approval (7 days)</span><o:p></o:p></h4><ul style='margin-top:0in' type=disc id="m_-3117830645094531052m_-6327247601565009468m_-6450730596943934832m_-335726473920697852m_-8449533255907748392bkmrk-start-time%3A-tbd-end-"><li class=MsoNormal style='mso-list:l1 level1 lfo4'><span lang=DE>Start time: TBD</span><o:p></o:p></li><li class=MsoNormal style='mso-list:l1 level1 lfo4'><span lang=DE>End time: TBD</span><o:p></o:p></li></ul><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div><div><p class=MsoNormal><span lang=DE>_______________________________________________<br>Servercert-wg mailing list<br><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br><a href="https://url.avanan.click/v2/___https:/lists.cabforum.org/mailman/listinfo/servercert-wg___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OjA2MTI6NjAyZjc1OTQ4MmVlOTNkODMwYTNlMjQzYjgzYmYzMjY0OTdiMGNmNjFhZWUwNDA4OWViZDE0MWY0NjU1NTA2ZTpoOkY" target="_blank" title="Protected by Avanan: https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span><o:p></o:p></p></div></blockquote></div></div></blockquote><div><p class=MsoNormal><span lang=DE> </span><o:p></o:p></p></div></div></blockquote></div><div><p class=MsoNormal><span lang=DE>_______________________________________________<br>Servercert-wg mailing list<br><a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br><a href="https://url.avanan.click/v2/___https:/lists.cabforum.org/mailman/listinfo/servercert-wg___.YXAzOmRpZ2ljZXJ0OmE6bzoyZGZmNDkwNjM2NzZkZTVkYTFkY2ZmM2FjZjk2Yzc0Yzo2OjA1NjY6NjM4MTE2ZWYwN2IwMDY4MzJhZmFiOTBjMmNjNTEzMjY5NDgzYjQ2ZjRmOTE1OTk3OGRmNWEyNWRkMDEyOTU4ZDpoOkY" target="_blank" title="Protected by Avanan: https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a></span><o:p></o:p></p></div></blockquote></div></blockquote></div></div></div></blockquote></div></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>_______________________________________________<br>Servercert-wg mailing list<br></span><a href="mailto:Servercert-wg@cabforum.org"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>Servercert-wg@cabforum.org</span></a><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><br></span><a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>https://lists.cabforum.org/mailman/listinfo/servercert-wg</span></a><o:p></o:p></p></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>