[cabfpub] Require commonName in Root and Intermediate Certificates ballot draft (2)

Jeremy Rowley jeremy.rowley at digicert.com
Mon Apr 17 12:01:25 MST 2017 

I agree. If the date is omitted, the effective date is immediately then it should be right after the review period ends.

 

I don’t see any impact from the change (and 30 v. 60 makes no difference for the particular ballot). My only goal is to clarify the process for future ballots and get everyone on the same page about the impact of including (or omitting dates) in ballots.   

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Monday, April 17, 2017 11:22 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Gervase Markham <gerv at mozilla.org>; Patrick Tronnier <Patrick.Tronnier at oati.net>; Jeremy Rowley <jeremy.rowley at digicert.com>
Subject: Re: [cabfpub] Require commonName in Root and Intermediate Certificates ballot draft (2)

 

 

 

On Mon, Apr 17, 2017 at 1:17 PM, Jeremy Rowley via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

Why the sigh? I think we should have a bright-line rule about when the
scope/date should be in the proposed ballot vs. when the scope/date must be in
the document itself.  Otherwise, the objection to including a date in the
ballot v. BR text seems arbitrary.  If I understand correctly, the accepted
rule proposed is:

1) The only point in time action that matters is certificate issuance;
2) If BR change exempts future certificate issuance from a requirement, the
requirement date must be specified in the BR language; and
3) If the BR change only exempts previously issued certificates, no exception
or requirement date should be included in the ballot or BR language.

A lot of the confusion/conflict originates on a perceived shift in the point
of action. Previously, I've generally thought of the point of action of the
BRs as the validation of the certificate data. Over the past year, we've
clearly moved to certificate issuance being the point of action. This shift is
fine, but I think it's worth explicitly stating.

 

I think you're mostly correct there. The only debate is whether #2 is universally required.

 

That is, in the absence of an explicit date, the date is effective "immediately", where "immediately" is defined as the completion of the Ballot and the IP review period (meaning there's always at least 30 days of buffer built-in). It's useful to understand what impact that could have, and that's generally consistent with the request for a phase in. Is 30 days phase in not sufficient? Could you explain why, and whether 60 days would be sufficient (30 days following the adoption of the Ballot) 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170417/b5df871f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170417/b5df871f/attachment.bin>

More information about the Public mailing list