[cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework

Ben Wilson ben.wilson at digicert.com
Wed Mar 4 17:30:15 UTC 2015


Please see my responses below, flagged with my initials, BTW>

-----Original Message-----
From: Peter Bowen [mailto:pzbowen at gmail.com]
Sent: Wednesday, March 4, 2015 10:22 AM
To: Ben Wilson; questions at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot 146 - Convert Baseline Requirements to RFC 
3647 Framework

(Sent to questions@ list.  I give permission to repost to public@ list, if 
anyone so desires)

On Tue, Feb 24, 2015 at 7:21 AM, Ben Wilson <ben.wilson at digicert.com> wrote:
> Ballot 146 - Convert Baseline Requirements to RFC 3647 Framework
> Attached is an RFC-3647-formatted Certificate Policy for Baseline
> Requirements for the Issuance and Management of Publicly-Trusted
> Certificates. Comments embedded in the document contain either the
> source of the text (for content copied from the Baseline Requirements)
> or the current text (for provisions incorporated by reference from the
> Network and Certificate System Security Requirements ("NetSec"). It
> was decided that it was better to incorporate the NetSec requirements
> by reference rather than copying and pasting them in. In some limited
> instances the phrase "these Requirements" has been replaced with "this
> CP." However, "these Requirements" is mostly left in to preserve
> consistency with the current Baseline Requirements.

In reviewing this document, I have a few questions.

1) It seems that NetSec sections 1.h, 1.j, 1.k, 2.j, 2.l, and 2.m were not 
incorporated by reference.  Is this on purpose?  Does this ballot propose to 
remove them from CA/Browser Forum requirements?

BTW>  I am pretty sure I captured all of the Network Security requirements. 
It seems that either I didn't send out the most recent version or they are 
somehow hidden in the document.  I'll take another look at the sections cited 
above and make sure they are there, but it is in no way conceivable not to 
include them.

2) In section 5.3.7 of the document, there is a new paragraph of text added 
that does not appear to come from the current BRs.  Is this a new requirement?

BTW> That comes from the intro to the Network and Certificate System Security 

3) There are numerous blank sections.  RFC 3647 suggests that authors address 
each section, simply stating "no stipulation" if there is no requirement.  Is 
there a plan to update this CP to ensure that all sections have content?

BTW> Other sections will be subsequently updated either with content 
(developed by the working group) or "no stipulation".  During working group 
discussions, I argued against putting in "no stipulation" at this point in the 
document-development process.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150304/abea8abd/attachment-0001.p7s>

More information about the Public mailing list