[cabfpub] CAB Forum Document Versioning

Mon Jan 28 04:08:05 MST 2013

>From an standards point of view that will have implications on the activities of the standardization bodies because will need to update the standards everytime the CABF publishes a new version, and in the case of ETSI don´t know how this will impact its activities.
For those CAs ETSI certified, in the certification it does not say which version of the EVG or BR is used but the version of the current ETSI version which includes the versions of the CABF documents.

>From an auditor point of view would mean to have a deepest control of what their customers have done till now and can cause different behaviours when different versions of the EVG and BR are in place for the same CA

So, from the CA point of view, would that mean that they need to apply or confirm somehow they are "using" the new version? How often? Will there a mínimum version to be aceptable? Will the browsers admit equally those CAs with version 1.3 for example and 1.4.7 if in a year those updates have taken place and the CA is still in a lower version? What will happen when a recertification comes, can the CA choose, I prefer 1.4.5 than the lates 1.4.7 for this and this reason?

Well, I think it´s not as easy as adding more numbers to the versions, it´s something to be discussed and in this particular item, the auditors and the standard bodies have something to say

regards

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net
945067705

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

-----Mensaje original-----
De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Gervase Markham
Enviado el: lunes, 28 de enero de 2013 11:24
Para: CABFPub
Asunto: [cabfpub] CAB Forum Document Versioning

Dear CAB Forum,

Mozilla would like to propose a change to the way we denote versions of our key published documents (EV, BR, Network etc.), which we think would improve matters.

Currently, the process is that we issue an X.Y version of a document every year or so, and in between we have a (perhaps poorly named, but let's go with it) "errata" document which lists all of the changes, updates and improvements we have agreed by ballot to make since the last version was issued. You can see that process in action here:
https://www.cabforum.org/documents.html

We think it would be better for us to issue a new X.Y.Z version each time we agree to make a change, and post that on the website (with the version number and date in the header of the document) under an unchanging URL of this style:

https://www.cabforum.org/EV_SSL_Latest.pdf

as well as e.g.:

https://www.cabforum.org/EV_SSL_1.4.7.pdf

The advantage of this greater granularity is that it allows auditors and other consumers of our documents to take our "best efforts" at any point and use it in their process, while referring to it unambiguously and succinctly. Currently, they have the choice of either saying:

"We are using EV 1.4 with the Errata document which was current as of 20th January 2013, which had 3 errata in it"

which is unambiguous but highly unwieldy, or:

"We are using EV 1.4"

which is succinct, but means they are not getting the benefit of any errata; our good work lies unused for up to a year.

If we adopt this proposal, consumers of this document could instead say, 'We are using EV 1.4.3' to indicate the third minor change to version 1.4 of the guidelines, instead of mentioning an errata and date. It's both succinct and unambiguous.

We think this change would also lessen the need for rigid timetables for handing documents over to auditors and others but, even if we later institute such timetables, this scheme is still an improvement over the status quo.

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public