[Infrastructure] Questions from working through the BRs

Tim Hollebeek tim.hollebeek at digicert.com
Wed Apr 24 13:52:30 MST 2019



From: Infrastructure <infrastructure-bounces at cabforum.org> On Behalf Of Jos Purvis (jopurvis)
Sent: Wednesday, April 24, 2019 1:47 PM
To: infrastructure at cabforum.org
Subject: [Infrastructure] Questions from working through the BRs


Forgot to raise these earlier, but I ran across some questions as I hacked my way through the BR content. I thought I’d raise them here to start, and then can raise() any that aren’t handled at this level to the SCWG for discussion.


1.	In 1.6.1, under ‘Definitions’, we define ‘Effective Date’ as just ‘1 July 2012’. No context or anything else, just the date. Was that meant to be an example of an effective date, or the date the BRs became effective, or…?


Effective Date of the BRs.


2.	The BRs seem to be now the exclusive ‘property’ of the SCWG, which then focuses them on TLS Client/Server certificates, with S/MIME and email certificates handed off to the nascent S/MIME WG. With that in mind, do we still need section 3.2.3 (“Authentication of Individual Identity”)?


Individually validated TLS server certificates are still a thing.


3.	Not quite a question, but I think we should either remove all of the “No stipulations” or add them in everywhere—it looks kind of weird to have them in some places and not in others.


IIRC “No stipulations” was explicitly added to sections that were discussed by the previously existing Policy Working Group.  Sections that are still blank are blank because there wasn’t consensus that they should be blank.


4.	Should we prune section 6.1.5 to remove all of the key sizes that are now no longer usable, like MD5 and RSA-1024?


If people want, it can be handled in the spring cleanup ballot, which should be out for discussion soon (I’m waiting for Wayne’s Bylaw ballot to make ballots easier).


5.	Can we re-word the list in section 8.2 to make it more grammatically agreeable? :)
6.	It looks like sections to 7 could use some re-wording to make them full sentences and turn them into requirements (they read like descriptions). Would that be a ballot for those changes, or simply a proposed wording change on the SCWG?







Jos Purvis (jopurvis at cisco.com <mailto:jopurvis at cisco.com> )
.:|:.:|:. cisco systems  | Cryptographic Services
PGP: 0xFD802FEE07D19105  | +1 919.991.9114 (desk)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/infrastructure/attachments/20190424/f56e1135/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/infrastructure/attachments/20190424/f56e1135/attachment-0001.p7s>

More information about the Infrastructure mailing list