[cabfpub] Ballot 167 - Baseline Requirements Corrections
sleevi at google.com
Thu Apr 7 08:52:38 UTC 2016
On Thu, Apr 7, 2016 at 12:55 AM, Ryan Sleevi <sleevi at google.com> wrote:
> On Apr 7, 2016 12:45 AM, "Dimitris Zacharopoulos" <jimmy at it.auth.gr>
> > On 7/4/2016 10:30 πμ, Ryan Sleevi wrote:
> >> Dimitris,
> >> Your changes are actually quite opposite of what I was suggesting, and
> is even more problematic to support.
> >> I think the best step would be to simply drop that item from this
> ballot, and then I can work with Peter to see if we can propose a suitable
> text that provides the same degree of clarification, while addresses the
> concerns I raised.
> >> To be explicit: I do not want to see 22.214.171.124 deleted.
> > Hello Ryan,
> > You mentioned:
> > "
> > - Let's work up a ballot that:
> > - Moves the remarks about "required/optional" for subject names (which
> is only relevant to subscriber certificates) into a new 126.96.36.199 (g) [thus
> mirroring 188.8.131.52 [e] and 184.108.40.206 [h])
> > - Moves the remarks about "required/optional" for subjectAltNames to a
> new 220.127.116.11 [h]
> > "
> > I don't think I did the opposite. Perhaps I did not follow your entire
> line of thought. Anyway, at least I discovered some incorrect references
> which should be resolved a soon as possible.
> You moved the entire section, rather than the required/optional, which
> introduced the very loophole I was concerned about introducing - namely,
> that it limits the validation procedures for optional nametypes to
> subscriber certificates.
> The overarching goal is to separate out validation procedures for
> obtaining information (aka the 3.2.2 sections), how that information is to
> be used / when that information needs to be used (aka 18.104.22.168), and when
> such information is required to appear in an actual certificate (the
> profiles of 22.214.171.124/.2/.3)
> Alternatively stated a third way, the goal being that 7.1.2.[1-3] covers
> the profile, but just makes reference to the name types and whether they're
> required or optional •but says nothing about what information must appear
> in that type•, 126.96.36.199 covers what is acceptable to appear in that name
> type, and applies to ANY certificate that contains that name type, as well
> as what vetting sections to use, and 3.2.2.* covers the actual procedures
> to use to vet that information.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public