[cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework
ben.wilson at digicert.com
Wed Mar 4 10:30:15 MST 2015
Please see my responses below, flagged with my initials, BTW>
From: Peter Bowen [mailto:pzbowen at gmail.com]
Sent: Wednesday, March 4, 2015 10:22 AM
To: Ben Wilson; questions at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC
(Sent to questions@ list. I give permission to repost to public@ list, if
anyone so desires)
On Tue, Feb 24, 2015 at 7:21 AM, Ben Wilson <ben.wilson at digicert.com> wrote:
> Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework
> Attached is an RFC-3647-formatted Certificate Policy for Baseline
> Requirements for the Issuance and Management of Publicly-Trusted
> Certificates. Comments embedded in the document contain either the
> source of the text (for content copied from the Baseline Requirements)
> or the current text (for provisions incorporated by reference from the
> Network and Certificate System Security Requirements ("NetSec"). It
> was decided that it was better to incorporate the NetSec requirements
> by reference rather than copying and pasting them in. In some limited
> instances the phrase "these Requirements" has been replaced with "this
> CP." However, "these Requirements" is mostly left in to preserve
> consistency with the current Baseline Requirements.
In reviewing this document, I have a few questions.
1) It seems that NetSec sections 1.h, 1.j, 1.k, 2.j, 2.l, and 2.m were not
incorporated by reference. Is this on purpose? Does this ballot propose to
remove them from CA/Browser Forum requirements?
BTW> I am pretty sure I captured all of the Network Security requirements.
It seems that either I didn't send out the most recent version or they are
somehow hidden in the document. I'll take another look at the sections cited
above and make sure they are there, but it is in no way conceivable not to
2) In section 5.3.7 of the document, there is a new paragraph of text added
that does not appear to come from the current BRs. Is this a new requirement?
BTW> That comes from the intro to the Network and Certificate System Security
3) There are numerous blank sections. RFC 3647 suggests that authors address
each section, simply stating "no stipulation" if there is no requirement. Is
there a plan to update this CP to ensure that all sections have content?
BTW> Other sections will be subsequently updated either with content
(developed by the working group) or "no stipulation". During working group
discussions, I argued against putting in "no stipulation" at this point in the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20150304/abea8abd/attachment.bin
More information about the Public