[cabfpub] Sunset for exceptions?

Jeremy Rowley jeremy.rowley at digicert.com
Wed Feb 3 06:24:01 UTC 2016

Yes. I'll support that

Peter Bowen <pzb at amzn.com> wrote:

I received one late suggestion to also add a third item to the ballot to address one other exception.  This one is a little different as it removes the expiration of the exception rather than removing the exception.

"3) Modify Section 5 of Appendix F of the EV Guidelines to replace the last sentence with the following sentence:

When a Domain Name with “onion” as the right most label is included in a certificate that complies with this Appendix, the Domain Name shall not be considered an Internal Name."

This removes the contingency on IESG action, as RFC 7686 was approved for publication by the Internet Engineering Steering Group (IESG), has been published by the RFC Editor, and onion. has been added to the Special-Use Domain Names list by the Internet Assigned Numbers Authority.

Do at least three of members agree to include this in the ballot?


On Feb 2, 2016, at 4:23 AM, Dean Coclin <Dean_Coclin at symantec.com<mailto:Dean_Coclin at symantec.com>> wrote:

I think it will be 162 unless Ben has reserved that for one of the Policy ballots.



From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Tuesday, February 02, 2016 7:15 AM
To: CABFPub <public at cabforum.org<mailto:public at cabforum.org>>
Subject: Re: [cabfpub] Sunset for exceptions?

I think more than enough full members have agreed to propose and endorse:
Richard Barnes of Mozilla
Eddy Nigg of StartCom
Jeremy Rowley of DigiCert
Adriano Santoni of Actalis
Ryan Sleevi of Google

Can whoever doles out ballot numbers please assign a number and can the review period please be initiated?


On Jan 19, 2016, at 10:27 PM, Peter Bowen <pzb at amzn.com<mailto:pzb at amzn.com>> wrote:

How about this?

Ballot XXX - Sunset of exceptions

The following motion has been proposed by ______________ of _________ and endorsed by __________ of _________ and _________ of _________.

-----BEGIN MOTION-----

1) Modify section 6.1.7 of the Baseline Requirements to add items 5(f) and 5(g) which read:

f. The CA signs the Subscriber Certificate on or before June 30, 2016

g. The notBefore field in the Subscriber Certificate has a date on or before June 30, 2016

2) Modify section 6.3.2 of the Baseline Requirements to replace the words "Beyond 1 April 2015" with the words "Until 30 June 2016"

-----END MOTION-----

On Jan 19, 2016, at 10:06 PM, Eddy Nigg <eddy_nigg at startcom.org<mailto:eddy_nigg at startcom.org>> wrote:


On 01/20/2016 01:25 AM, Jeremy Rowley wrote:
I’m happy to make the motion or endorse removal of these exceptions.

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Tuesday, January 19, 2016 4:09 PM
To: Ryan Sleevi
Subject: Re: [cabfpub] Sunset for exceptions?

On Jan 19, 2016, at 2:57 PM, Ryan Sleevi <sleevi at google.com<mailto:sleevi at google.com>> wrote:
On Tue, Jan 19, 2016 at 11:27 AM, Peter Bowen <pzb at amzn.com<mailto:pzb at amzn.com>> wrote:
The BRs contain at least two allowances for “legacy” certificate issuance:

6.1.7 (5) allows direct issuance of subscriber certificates from a root CA

6.3.2 allows certificates with validity periods longer than 39 months

Are these still needed?  Are CAs relying upon these exceptions?  If not, does it make sense to ballot to remove these from the BRs?

Peter, I'd be happy to support a ballot if you want to propose one. That tends to be the only way to get timely responses - the discussion period of the ballot.

As an Associate Member, I cannot propose ballots.  Only those who have a full period-of-time audit can propose ballots.  Or at least that is my read of the bylaws.


Public mailing list

Public at cabforum.org<mailto:Public at cabforum.org>




Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org/>


startcom at startcom.org


Join the Revolution!<http://blog.startcom.org/>


Follow Me<http://twitter.com/eddy_nigg>

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160203/114f9486/attachment-0003.html>

More information about the Public mailing list