[cabfpub] Ballot 169 problem report

Ben Wilson ben.wilson at digicert.com
Thu Sep 8 14:25:37 UTC 2016


I think those two suggested changes are relatively minor and should be made
on GitHub where they’ll be tracked.  I think they should be made without
the necessity of a ballot.



From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Robin Alden
Sent: Thursday, September 8, 2016 6:20 AM
To: 'Mads Egil Henriksveen' <Mads.Henriksveen at buypass.no>; 'CABFPub'
<public at cabforum.org>
Subject: Re: [cabfpub] Ballot 169 problem report



3.2.2.4.6

2. The presence of the Request Token or Request Value contained in the
content of a file



Should read
2. The presence of the Request Token or Random Value contained in the
content of a file





From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Robin Alden
Sent: 08 September 2016 10:51
To: 'Mads Egil Henriksveen' <Mads.Henriksveen at buypass.no
<mailto:Mads.Henriksveen at buypass.no> >; 'CABFPub' <public at cabforum.org
<mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Ballot 169 problem report



Thanks, Mads.



I agree.  I’ll try to get round to posting a ballot for an update.

I think as we start to implement the new methods we may pick out other minor
niggles like this.


Robin





From: Mads Egil Henriksveen [mailto:Mads.Henriksveen at buypass.no]
Sent: 08 September 2016 07:13
To: Robin Alden <robin at comodo.com <mailto:robin at comodo.com> >; CABFPub
<public at cabforum.org <mailto:public at cabforum.org> >
Subject: RE: [cabfpub] Ballot 169 problem report



Hi Robin



I noticed this and mentioned it at time of voting - see attachment.



I think we should change the reference points to 4.2.1.



Regards

Mads



From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Robin Alden
Sent: 7. september 2016 15:37
To: CABFPub
Subject: [cabfpub] Ballot 169 problem report



Ballot 169 - “Revised Validation Requirements” introduced text into
section 3.2.2.4 which refers to section 3.3.1.



“3.2.2.4

…

Completed confirmations of Applicant authority may be valid for the issuance
of multiple certificates over time. In all cases, the confirmation must have
been initiated within the time period specified in the relevant requirement
(such as Section 3.3.1 of this document) prior to certificate issuance. For
purposes of domain validation, the term Applicant includes the Applicant's
Parent Company, Subsidiary Company, or Affiliate.

…“



Section 3.3.1 of the BRs now consists only of the section heading, with no
body text.

“3.3.1. Identification and Authentication for Routine Re‐key”



The text which was at 3.3.1 in the guidelines when we started working on
what became ballot 169 read:

Section 6.3.2 limits the validity period of Subscriber Certificates. The CA
MAY use the documents and data

provided in Section 3.2 to verify certificate information, provided that the
CA obtained the data or document

from a source specified under Section 3.2 no more than thirty‐nine (39)
months prior to issuing the

Certificate.

(taken from version 1.3.0 of the BRs)



That text now appears as the third paragraph of 4.2.1 (Performing
Identification and Authentication Functions)



Should we move that text back into 3.3.1, or should we change 3.2.2.4 so
that the reference points to 4.2.1 instead of pointing to 3.3.1?



Regards
Robin Alden

Comodo



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160908/e1451d10/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160908/e1451d10/attachment-0001.p7s>


More information about the Public mailing list