[cabfpub] [EXTERNAL]Re: Ballot 190: Domain Validation
Kirk.Hall at entrustdatacard.com
Thu Apr 13 16:53:30 MST 2017
Ryan, you weaken your case when you are patronizing to people. If you don’t want to respond to my question (why not include legislative Notes on transition rules to the BRs right where they apply, as is commonly done), that’s your right, but again you weaken your case.
Peter made an interesting suggestion that we keep layering on transition rules into the BRs themselves – here is his example:
In section 220.127.116.11, replace the last sentence (which currently reads " CAs SHALL NOT include a Domain Name or IP Address in a Subject attribute except as specified in Sections 18.104.22.168 or 22.214.171.124.”) with something like:
“CAs MUST NOT include Domain Name or IP Address in a Subject Attribute unless it has been verified using a procedure covered in section 126.96.36.199 or 188.8.131.52 of the Baseline Requirements that were in effect at the time of verification, Such verification MUST have occurred no more than 39 months prior to certificate issuance if the issuance occurs before 1 March 2018. Such verification MUST have occurred no more than 825 days prior to certificate issuance if the issuance occurs on or after 1 March 2018.”
Yes, that will resolve ONE set of transition rules from ONE ballot – but what do we do when we have another ballot that amends the same section? And then another? (Gerv gave a good example of this possibility this morning relating to the .well-known validation rule as you recall). Do we keep adding transition rules and effective dates over and over again to the same section? That makes no sense, and is not generally how rule sets are amended and codified.
From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Thursday, April 13, 2017 3:12 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [EXTERNAL]Re: [cabfpub] Ballot 190: Domain Validation
On Thu, Apr 13, 2017 at 6:05 PM, Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>> wrote:
Can you explain why you oppose including Sec. 2 of Ballot 190 as a Note at the end of BR 184.108.40.206 as updated? This is commonly done for rule sets around the world, and is the simplest and easiest way to proceed.
I thought your concern was making sure that someone who looked at the updated BRs would see what transition rules had been adopted, and would not have to go back to Ballot 190 to find out. A Notice at the end of BR 220.127.116.11 would accomplish that.
It would be very helpful to the Forum if you would consider alternatives to the exact outcome you want, and evaluate other options that will meet your concerns and also the concerns and opinions of other members. Right now, it’s hard to understand why you are not showing any flexibility.
Flexibility on ambiguity is not flexibility, it's foolishness. I can understand that it may be difficult for you to understand the set of concerns, but I think you're unduly offering suggestions on something that Jeremy is more than capable of addressing. It's unclear why you're attempting to propose a particular solution, rather than allow him, as the ballot author, to understand these concerns, as he no doubt does, and incorporate them.
If you're concerned about ballots you may propose running into the same issue, then if you were to propose a ballot that suffers from the same problem here, I'm more than happy to take the time with you, including on the phone if necessary and helpful for you, to explain these concerns to your satisfaction. However, I think you're unduly presenting a solution that is insufficient, but also irrelevant to the task at hand.
I think there's enough context on this list for Jeremy to understand the concerns and address them. And I'm sure you agree that making progress is more important than satisfying your understanding.
All the best
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public