[cabfpub] Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework

Mon Apr 6 15:34:05 UTC 2015

On Apr 6, 2015 8:26 AM, "Peter Bowen" <pzbowen at gmail.com> wrote:
> Ben,
>
> I did a review of the doc and found some issues with the formatting,
> mostly missing and duplicate sections.  The full list is below.
>
> Thanks,
> Peter
>
> 4.9.1.1 is listed twice (the second should be 4.9.1.2)
>
> 6.5.1.1 is an extraneous heading
>
> 8.1, 8.2, 8.3, and 8.4 are out of order and misnumbered
>
> 9.6.2 is a created section and empty (delete and renumber 9.6.3 to 9.6.2)
>
> 9.9.2 and 9.9.3 are created sections and empty; 9.9.1 is a created
> section and the only  thing under 9.9 (move 9.9.1 to 9.9 and remove
> 9.9.1, 9.9.2, and 9.9.3)
>
> There are 3647 sections present, without text, and with no children;
> these should be filled with "No stipulation." or some similar text
>
> Several section titles are modified compared to the 3647 outline.
>
> The following 3647 sections are missing:
> -1.5.1 organization administering the document
> -1.5.2 contact person
> -1.5.3 person determining cps suitability for the policy
> -1.5.4 cps approval procedures
> -3.1.1 types of names
> -3.1.2 need for names to be meaningful
> -3.1.3 anonymity or pseudonymity of subscribers
> -3.1.4 rules for interpreting various name forms
> -3.1.5 uniqueness of names
> -3.1.6 recognition, authentication, and role of trademarks
> -4.4.1 conduct constituting certificate acceptance
> -4.4.2 publication of the certificate by the ca
> -4.4.3 notification of certificate issuance by the ca to other entities
>  4.5 key pair and certificate usage
> -4.5.1 subscriber private key and certificate usage
> -4.5.2 relying party public key and certificate usage
> -4.6.1 circumstance for certificate renewal
> -4.6.2 who may request renewal
> -4.6.3 processing certificate renewal requests
> -4.6.4 notification of new certificate issuance to subscriber
> -4.6.5 conduct constituting acceptance of a renewal certificate
> -4.6.6 publication of the renewal certificate by the ca
> -4.6.7 notification of certificate issuance by the ca to other entities
> -4.7.1 circumstance for certificate re-key
> -4.7.2 who may request certification of a new public key
> -4.7.3 processing certificate re-keying requests
> -4.7.4 notification of new certificate issuance to subscriber
> -4.7.5 conduct constituting acceptance of a re-keyed certificate
> -4.7.6 publication of the re-keyed certificate by the ca
> -4.7.7 notification of certificate issuance by the ca to other entities
> -4.8.1 circumstance for certificate modification
> -4.8.2 who may request certificate modification
> -4.8.3 processing certificate modification requests
> -4.8.4 notification of new certificate issuance to subscriber
> -4.8.5 conduct constituting acceptance of modified certificate
> -4.8.6 publication of the modified certificate by the ca
> -4.8.7 notification of certificate issuance by the ca to other entities
> -4.12.1 key escrow and recovery policy and practices
> -4.12.2 session key encapsulation and recovery policy and practices
> -5.1.1 site location and construction
> -5.1.2 physical access
> -5.1.3 power and air conditioning
> -5.1.4 water exposures
> -5.1.5 fire prevention and protection
> -5.1.6 media storage
> -5.1.7 waste disposal
> -5.1.8 off-site backup
> -6.4.1 activation data generation and installation
> -6.4.2 activation data protection
> -6.6.1 system development controls
> -6.6.2 security management controls
> -6.6.3 life cycle security controls
> -7.2.1 version number(s)
> -7.2.2 crl and crl entry extensions
> -7.3.1 version number(s)
> -7.3.2 ocsp extensions
> -9.1.1 certificate issuance or renewal fees
> -9.1.2 certificate access fees
> -9.1.3 revocation or status information access fees
> -9.1.4 fees for other services
> -9.1.5 refund policy
> -9.2.1 insurance coverage
> -9.2.2 other assets
> -9.2.3 insurance or warranty coverage for end-entities
> -9.3.1 scope of confidential information
> -9.3.2 information not within the scope of confidential information
> -9.3.3 responsibility to protect confidential information
> -9.4.1 privacy plan
> -9.4.2 information treated as private
> -9.4.3 information not deemed private
> -9.4.4 responsibility to protect private information
> -9.4.5 notice and consent to use private information
> -9.4.6 disclosure pursuant to judicial or administrative process
> -9.4.7 other information disclosure circumstances
> -9.10.1 term
> -9.10.2 termination
> -9.10.3 effect of termination and survival
> -9.12.1 procedure for amendment
> -9.12.2 notification mechanism and period
> -9.12.3 circumstances under which oid must be changed
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150406/13b0b9f6/attachment-0003.html>