<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>Yes, I’m willing to help with any cleanups that turn “implied requirements” into “explicit requirements”. It’s actually quite important to me, as the implied requirements are at pretty severe risk of being missed by both implementors and auditors.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>-Tim<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Dimitris Zacharopoulos (HARICA) <dzacharo@harica.gr> <br><b>Sent:</b> Wednesday, August 28, 2024 4:28 AM<br><b>To:</b> Tim Hollebeek <tim.hollebeek@digicert.com>; Clint Wilson <clintw@apple.com>; CABforum3 <validation@cabforum.org><br><b>Subject:</b> Re: [cabf_validation] Proposed ballot on improving Registration Number language in EVGs<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>FWIW I agree with Tim on this. Historically we've tried to move requirements away from definitions and into the main text, as Tim wrote. Effectively it produces the same result but it is more consistently aligned with the RFC 2119 language.<br><br>If there are more definitions that include normative requirements, we could highlight them in a GitHub issue and add them in a clean-up ballot that will ensure consistency in this practice.<br><br><br>Thanks,<br>Dimitris.<o:p></o:p></p><div><p class=MsoNormal>On 27/8/2024 7:58 μ.μ., Tim Hollebeek wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span style='font-size:11.0pt'>My opinion is that all requirements need to be stated in RFC 2119 language and be present in the body of the document in order to be treated as normative requirements. That should be an uncontroversial view. I suspect our auditor friends have a similar view. I don’t think it’s a particularly hard line or strict view, it’s just what’s necessary to prevent ambiguity as to what the requirements are.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>I would be fine with once in the section. Something along the lines of “The Date of Formation MUST be formatted according to the complete representation of an extended format calendar date in ISO 8601 (i.e. YYYY-MM-DD; e.g. 0001-01-01).”</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>-Tim</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Clint Wilson <a href="mailto:clintw@apple.com"><clintw@apple.com></a> <br><b>Sent:</b> Tuesday, August 27, 2024 9:06 AM<br><b>To:</b> Tim Hollebeek <a href="mailto:tim.hollebeek@digicert.com"><tim.hollebeek@digicert.com></a>; CABforum3 <a href="mailto:validation@cabforum.org"><validation@cabforum.org></a><br><b>Cc:</b> Dimitris Zacharopoulos (HARICA) <a href="mailto:dzacharo@harica.gr"><dzacharo@harica.gr></a><br><b>Subject:</b> Re: [cabf_validation] Proposed ballot on improving Registration Number language in EVGs</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Hi Tim,<o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>I think including the format of this specific date type in the definition is totally reasonable, given that it’s not applicable to any other date types and so can very much exist intrinsically as part of the definition. That is, I don’t agree with the seemingly hard line you’re drawing in your statement — and, even moreso, I don’t believe such a statement is backed by consensus within the Forum so I also don’t want it construed as more than your opinion, as indeed is my above statement that it can be part of the definition.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>All that said, I do agree putting it in-line in the EVGs would work just fine too. Are you then imagining we would repeat this format requirement alongside each of the four times the term is used in 7.1.4.2.5 or just state it once somewhere in that section? Do you have some example text you can provide to show what you’re proposing as an alternative approach?<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Thank you,<o:p></o:p></p></div><div><p class=MsoNormal>-Clint<o:p></o:p></p><div><p class=MsoNormal><br><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On Aug 26, 2024, at 10:32<span style='font-family:"Arial",sans-serif'> </span>AM, Tim Hollebeek via Validation <<a href="mailto:validation@cabforum.org">validation@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal> <o:p></o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt'>This is a requirement, and any requirements around how dates should be formatted need to be stated as such in the appropriate profile section. It MUST NOT be stated in the definition.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'>-Tim</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div style='border:none;border-left:solid windowtext 1.5pt;padding:0in 0in 0in 4.0pt;border-color:currentcolor currentcolor currentcolor blue;border-image: none'><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor currentcolor;border-image: none'><div><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span class=apple-converted-space><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span></span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Validation <<a href="mailto:validation-bounces@cabforum.org">validation-bounces@cabforum.org</a>><span class=apple-converted-space> </span><b>On Behalf Of<span class=apple-converted-space> </span></b>Dimitris Zacharopoulos (HARICA) via Validation<br><b>Sent:</b><span class=apple-converted-space> </span>Friday, August 23, 2024 2:26 AM<br><b>To:</b><span class=apple-converted-space> </span>CABforum3 <<a href="mailto:validation@cabforum.org">validation@cabforum.org</a>><br><b>Subject:</b><span class=apple-converted-space> </span>Re: [cabf_validation] Proposed ballot on improving Registration Number language in EVGs</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'> <o:p></o:p></p><div><div><p class=MsoNormal>On 16/8/2024 2:53 π.μ., Clint Wilson via Validation wrote:<o:p></o:p></p></div></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>Hi Corey,<span class=apple-converted-space> </span><o:p></o:p></p></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Overall this seems like a good improvement to clarity of the current expectations related to these sections of the EVGs, reflecting the predominant approach to populating the subject:serialNumber field for EV TLS certificates. I do think it would be valuable to standardize on a date format (admittedly somewhat because it feels like a missed opportunity to not do so). What about something like modifying the newly added definition:<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><blockquote style='margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal>**Date of Formation**: The date on which a Legal Entity is first recognized by the jurisdiction in which it was created or formed. The date is formatted according to the complete representation of an extended format calendar date in ISO 8601 (i.e. YYYY-MM-DD; e.g. 0001-01-01).<o:p></o:p></p></div></div></blockquote></blockquote><div><p class=MsoNormal><br>Hi Clint,<br><br>I'm in favor of examples where they help avoid unintended mistakes, so I would support adding something like "e.g. 2000-12-31" to make it abundantly clear where the month and day is supposed to be represented.<br><br><br>Thanks,<br>Dimitris.<br><br><br><br><br><o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>The parenthetical is probably too much, but you get the idea. And then the three instances of "in any one of the common date formats” could just be deleted.<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Cheers,<o:p></o:p></p></div></div><div><div><p class=MsoNormal>-Clint<o:p></o:p></p></div><div><div><p class=MsoNormal><br><br><br><br><o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal>On Aug 9, 2024, at 8:55<span style='font-family:"Arial",sans-serif'> </span>AM, Corey Bonnell via Validation<span class=apple-converted-space> </span><a href="mailto:validation@cabforum.org"><validation@cabforum.org></a>wrote:<o:p></o:p></p></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><div><p class=MsoNormal><span style='font-size:11.0pt'>Hello,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'>Some time ago, I presented [1] a ballot proposal on improving the requirements for the Registration Number value in the EVGs. Here is the current proposal:<span class=apple-converted-space> </span><a href="https://github.com/cabforum/servercert/compare/main...CBonnell:servercert:govt-entity-serial-number"><span style='color:#467886'>https://github.com/cabforum/servercert/compare/main...CBonnell:servercert:govt-entity-serial-number</span></a>.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'>On the call where the proposal was presented, there was a desire to explore standardizing date formats for the Date of Formation. Is this something that we would like to see added to the ballot? For the sake of minimizing scope of the ballot, I’m in favor of moving forward without such a requirement, but will certainly be happy to incorporate if there are strong feelings that such a requirement should be added in this ballot.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'>Thanks,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'>Corey</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'>[1]<span class=apple-converted-space> </span><a href="https://lists.cabforum.org/pipermail/validation/2024-July/001997.html"><span style='color:#467886'>https://lists.cabforum.org/pipermail/validation/2024-July/001997.html</span></a></span><o:p></o:p></p></div></div><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>_______________________________________________<br>Validation mailing list<br></span><a href="mailto:Validation@cabforum.org"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#467886'>Validation@cabforum.org</span></a><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><br></span><a href="https://lists.cabforum.org/mailman/listinfo/validation"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#467886'>https://lists.cabforum.org/mailman/listinfo/validation</span></a><o:p></o:p></p></div></div></blockquote></div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><p class=MsoNormal><br><br><br><br><o:p></o:p></p></div><pre>_______________________________________________<o:p></o:p></pre><pre>Validation mailing list<o:p></o:p></pre><pre><a href="mailto:Validation@cabforum.org">Validation@cabforum.org</a><o:p></o:p></pre><pre><a href="https://lists.cabforum.org/mailman/listinfo/validation">https://lists.cabforum.org/mailman/listinfo/validation</a><o:p></o:p></pre></blockquote><div><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>_______________________________________________<br>Validation mailing list<br><a href="mailto:Validation@cabforum.org">Validation@cabforum.org</a><br><a href="https://lists.cabforum.org/mailman/listinfo/validation">https://lists.cabforum.org/mailman/listinfo/validation</a></span><o:p></o:p></p></div></blockquote></div><p class=MsoNormal> <o:p></o:p></p></div></div></blockquote><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>