[cabfpub] Ballot 169 status

Dimitris Zacharopoulos jimmy at it.auth.gr
Mon Sep 19 22:19:52 MST 2016


Hi Kirk,

CAs that comply with the BRs commit to adhere to "the latest" version published by the CABforum. I know that in several F2F meetings the Webtrust and ETSI representatives stated that they will make efforts to *annually* adjust the respective standards and incorporate the latest ballots but the way the BRs are currently written, they trigger changes to policies and operations as soon as a ballot passes (for some CAs sooner than later).

I am sure several CAs already started the update process of their policies as soon as ballot 169 "passed" so it is important to clarify if this ballot should be "paused". Of course, we can't reveal details about the last call before the minutes are approved but that will take 10 more days. It would be nice to get some guidance from the forum's legal experts sooner, about how the current forum rules apply, as this appears to be the first time we have a situation like this. 


Thanks,
Dimitris. 



> On 15 Σεπ 2016, at 22:24, Kirk Hall <Kirk.Hall at entrust.com> wrote:
> 
> Doug, I have a slightly different opinion about where we are.  Remember that the Forum can’t impose rules on anyone.  The rules come from browser root programs, and we are checked for compliance by our periodic WebTrust/ETSI audits.
>  
> There is already a current set of BRs and EVGL out there (even if we need to go through certain steps to have them readopted in exact compliance with our IPR policy), and I believe the browsers through their own root programs expect us to comply with those guidelines for now (and our auditors will probably audit us using their own WebTrust / ETSI audit standards – which they adopted, not the Forum).  So my feeling is that my own CA should continue to operate as before, and in order to meet browser and WebTrust requirements we should follow the current BRs and EVGL.
>  
> Also, I expect that after we go through a re-adoption process following the exact steps of our IPR policy, the effective date for the new domain validation methods of BR 3.2.2.4 will be the same.  The point of re-adopting the BRs and EVGL is so we all get the benefits and protections of our IPR policy, but there’s no real reason not to follow the current BRs and EVGL in the meantime.
>  
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Doug Beattie
> Sent: Thursday, September 15, 2016 12:11 PM
> To: CABFPub <public at cabforum.org>
> Subject: [cabfpub] Ballot 169 status
>  
> As I understand it from the call today, Ballot 169 has effectively been rejected as a valid ballot and therefor the dates for compliance (March 1, 2017) no longer exist as milestones.  Dean and Kirk are going to propose a process for reviewing the IPR Exclusion notices and define next steps.
>  
> Will there be an updated BR soon with the changes reversed?
>  
>  
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160920/bad0cc9e/attachment-0001.html 


More information about the Public mailing list