[cabfpub] Merge EV Guidelines into Baseline Requirements CP?

Doug Beattie doug.beattie at globalsign.com
Mon Aug 31 15:16:31 UTC 2015

I'd prefer combining them into one document based on what I know now.  I think it will be hard to read and follow a document that contains a lot of references to another document, and each time a change is made to the BR document we'll need to ask ourselves how this impacts EV (if that section is used or not).

Also, many of the sections will be close, but not 100% identical to the BRs which will mean duplicating that section and then trying to keep the common items in-sync.  For example the Certificate Warranties: many are the same, some are different.  Wouldn't it be better to have this in a table with the list of all warrantees and then indicate which apply to OV/DV vs. EV? This also lets you clearly see the differences between the different types of certificates.  This same approach could be used in lots of places throughout.

It's also possible that once we start merging it some hard to solve issues will arise....  I support  investigating what it would take to merge it in and to identify what obstacles we might encounter.


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Tim Hollebeek
Sent: Monday, August 31, 2015 10:51 AM
To: Bruce Morton <bruce.morton at entrust.com>; Ben Wilson <ben.wilson at digicert.com>; CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Merge EV Guidelines into Baseline Requirements CP?

I tend to agree with this.  I'd prefer a separate document, even if much of it is "Section X: As in the baseline requirements".


From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Bruce Morton
Sent: Monday, August 31, 2015 10:17 AM
To: Ben Wilson; CABFPub
Subject: Re: [cabfpub] Merge EV Guidelines into Baseline Requirements CP?


I'm thinking that this will start to make it hard to understand what is EV and what is not. It might also be hard for the auditing community to mage their EV audit criteria.

Currently, we can align Baseline Requirements with a Baseline Requirements audit criteria; we can also do the same for EV. If we merge the two together can we still separate them for CAs which do not issue EV certificates?


From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Monday, August 31, 2015 9:58 AM
To: CABFPub <public at cabforum.org<mailto:public at cabforum.org>>
Subject: [cabfpub] Merge EV Guidelines into Baseline Requirements CP?

As I've looked at what is ahead of us (in the Policy Review Working Group), I have concluded that I'd prefer to put the EV Guidelines into the Baseline Requirements CP.  The EV Guidelines would lose their identity as a separate document, but if we merge the two, we can avoid a lot of back and forth between two documents because everything would be in one document.  Other CPs have taken this approach of having multiple policies in the same CP document.  Not sure what other people think, but I thought I'd mention this idea here, in case it helps guide the WG as we review the EVG document in the upcoming weeks.  (I did send out a rough draft of an RFC-3647-formatted EV Guidelines to the Policy Review Working Group to get us started.)  If people are amenable to merging the documents, then that might save us some work in the long run.  Otherwise, we can move forward with editing of the RFC-3647 formatted version of the EV Guidelines as a separate document, which is fine, too.


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150831/dac2f2ec/attachment-0003.html>

More information about the Public mailing list