[cabfpub] Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework
Ben Wilson
ben.wilson at digicert.com
Wed Apr 8 03:49:38 UTC 2015
Peter and all,
In accordance with your comments below, please see the attached doc version of the Baseline Requirements (without changes made by the recent amendment made by Ballot 148). Note, however, that I am opposed to placing "no stipulations" throughout this first version because there will be too many. Instead, I propose a cleaner document and that the following be inserted into the second paragraph:
In accordance with RFC 3647 and to facilitate a comparison of other certificate policies and CPSs (e.g. for policy mapping), this CP includes all sections of the RFC 3647 framework. However, rather than beginning with a “no stipulation” comment in all empty sections, the CA/Browser Forum is leaving such sections initially blank until a decision of “no stipulation” is made.
Ben
-----Original Message-----
From: Peter Bowen [mailto:pzbowen at gmail.com]
Sent: Monday, April 6, 2015 9:26 AM
To: Ben Wilson
Cc: CABFPub
Subject: Re: [cabfpub] Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework
Ben,
I did a review of the doc and found some issues with the formatting, mostly missing and duplicate sections. The full list is below.
Thanks,
Peter
4.9.1.1 is listed twice (the second should be 4.9.1.2)
6.5.1.1 is an extraneous heading
8.1, 8.2, 8.3, and 8.4 are out of order and misnumbered
9.6.2 is a created section and empty (delete and renumber 9.6.3 to 9.6.2)
9.9.2 and 9.9.3 are created sections and empty; 9.9.1 is a created section and the only thing under 9.9 (move 9.9.1 to 9.9 and remove 9.9.1, 9.9.2, and 9.9.3)
There are 3647 sections present, without text, and with no children; these should be filled with "No stipulation." or some similar text
Several section titles are modified compared to the 3647 outline.
The following 3647 sections are missing:
-1.5.1 organization administering the document
-1.5.2 contact person
-1.5.3 person determining cps suitability for the policy
-1.5.4 cps approval procedures
-3.1.1 types of names
-3.1.2 need for names to be meaningful
-3.1.3 anonymity or pseudonymity of subscribers
-3.1.4 rules for interpreting various name forms
-3.1.5 uniqueness of names
-3.1.6 recognition, authentication, and role of trademarks
-4.4.1 conduct constituting certificate acceptance
-4.4.2 publication of the certificate by the ca
-4.4.3 notification of certificate issuance by the ca to other entities
4.5 key pair and certificate usage
-4.5.1 subscriber private key and certificate usage
-4.5.2 relying party public key and certificate usage
-4.6.1 circumstance for certificate renewal
-4.6.2 who may request renewal
-4.6.3 processing certificate renewal requests
-4.6.4 notification of new certificate issuance to subscriber
-4.6.5 conduct constituting acceptance of a renewal certificate
-4.6.6 publication of the renewal certificate by the ca
-4.6.7 notification of certificate issuance by the ca to other entities
-4.7.1 circumstance for certificate re-key
-4.7.2 who may request certification of a new public key
-4.7.3 processing certificate re-keying requests
-4.7.4 notification of new certificate issuance to subscriber
-4.7.5 conduct constituting acceptance of a re-keyed certificate
-4.7.6 publication of the re-keyed certificate by the ca
-4.7.7 notification of certificate issuance by the ca to other entities
-4.8.1 circumstance for certificate modification
-4.8.2 who may request certificate modification
-4.8.3 processing certificate modification requests
-4.8.4 notification of new certificate issuance to subscriber
-4.8.5 conduct constituting acceptance of modified certificate
-4.8.6 publication of the modified certificate by the ca
-4.8.7 notification of certificate issuance by the ca to other entities
-4.12.1 key escrow and recovery policy and practices
-4.12.2 session key encapsulation and recovery policy and practices
-5.1.1 site location and construction
-5.1.2 physical access
-5.1.3 power and air conditioning
-5.1.4 water exposures
-5.1.5 fire prevention and protection
-5.1.6 media storage
-5.1.7 waste disposal
-5.1.8 off-site backup
-6.4.1 activation data generation and installation
-6.4.2 activation data protection
-6.6.1 system development controls
-6.6.2 security management controls
-6.6.3 life cycle security controls
-7.2.1 version number(s)
-7.2.2 crl and crl entry extensions
-7.3.1 version number(s)
-7.3.2 ocsp extensions
-9.1.1 certificate issuance or renewal fees
-9.1.2 certificate access fees
-9.1.3 revocation or status information access fees
-9.1.4 fees for other services
-9.1.5 refund policy
-9.2.1 insurance coverage
-9.2.2 other assets
-9.2.3 insurance or warranty coverage for end-entities
-9.3.1 scope of confidential information
-9.3.2 information not within the scope of confidential information
-9.3.3 responsibility to protect confidential information
-9.4.1 privacy plan
-9.4.2 information treated as private
-9.4.3 information not deemed private
-9.4.4 responsibility to protect private information
-9.4.5 notice and consent to use private information
-9.4.6 disclosure pursuant to judicial or administrative process
-9.4.7 other information disclosure circumstances
-9.10.1 term
-9.10.2 termination
-9.10.3 effect of termination and survival
-9.12.1 procedure for amendment
-9.12.2 notification mechanism and period
-9.12.3 circumstances under which oid must be changed
On Thu, Apr 2, 2015 at 1:47 PM, Ben Wilson <ben.wilson at digicert.com> wrote:
> Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework
>
>
>
> The Certificate Policy Review Working Group was chartered by Ballot
> 128 to
> (i) consider existing and proposed standards, (ii) create a list of
> potential improvements based on the considered standards that improve
> the existing CAB Forum work product, (iii) evaluate the transition to
> a 3647 format based on the amount [of work involved]. One deliverable
> of the CP Review WG was to propose a ballot to improve CA
> infrastructure based on existing standards and documents and recommend
> whether to finish the 3647 conversion presented by Jeremy Rowley in January 2014.
>
>
>
> The CP Review WG has met and concluded that the best path forward for
> the Forum is to complete a conversion to the RFC 3647 for the Baseline
> Requirements with an initial step that merely moves existing content
> from the Baseline Requirements into the RFC 3647 format.
>
>
>
> Available at
> https://cabforum.org/wp-content/uploads/CAB-Forum-BR-1.2.5-Ballot146-w
> ith-comments.pdf is the proposed RFC-3647-formatted Baseline
> Requirements for the Issuance and Management of Publicly-Trusted
> Certificates.
>
>
>
> Ben Wilson of DigiCert made the following motion, Tim Hollebeek from
> Trustwave and Jody Cloutier from Microsoft have endorsed it.
>
>
>
> Motion Begins
>
>
>
> Be it resolved that the CA / Browser Forum adopts the attached CA/B
> Forum Baseline Requirements for the Issuance and Management of
> Publicly-Trusted Certificates, v.1.2.5, effective upon adoption.
>
>
>
> Motion Ends
>
>
>
> The review period for this ballot shall commence at 2200 UTC on
> Thursday 2 April 2015 and will close at 2200 UTC on Thursday 9 April
> 2015. Unless the motion is withdrawn during the review period, the
> voting period will start immediately thereafter and will close at 2200 UTC on 16 April 2015.
>
>
>
> Votes must be cast by posting an on-list reply to this thread. A vote
> in favor of the ballot must indicate a clear ‘yes’ in the response. A
> vote against the ballot must indicate a clear ‘no’ in the response. A
> vote to abstain must indicate a clear ‘abstain’ in the response.
> Unclear responses will not be counted. The latest vote received from
> any representative of a voting member before the close of the voting period will be counted.
>
>
>
> Voting members are listed here: https://cabforum.org/members/. In
> order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and more than one half of the votes
> cast by members in the browser category must be in favor. Quorum is
> currently nine (9) members– at least nine members must participate in
> the ballot, either by voting in favor, voting against, or by abstaining for the vote to be valid.
>
>
>
> A copy of this Ballot 146 is posted here:
>
> https://cabforum.org/2015/04/02/ballot-146-convert-baseline-requiremen
> ts-to-rfc-3647-framework/
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CAB Forum BR 1.2.6-Ballot146.doc
Type: application/msword
Size: 512000 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150408/10580e9d/attachment-0003.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150408/10580e9d/attachment-0001.p7s>
More information about the Public
mailing list