[cabfpub] Require commonName in Root and Intermediate Certificates ballot draft (2)

[Ryan Sleevi]

On Thu, Apr 20, 2017 at 12:41 PM, Gervase Markham via Public <
public at cabforum.org> wrote:

> On 13/04/17 17:34, Patrick Tronnier wrote:
> > I will endorse.
>
> Can I get one more endorser for this ballot? I don't think it needs to
> be held up by discussions about when things are applicable; I think it's
> clear in this case that section 2 only states what would be true anyway.
> But if it's required to get another endorsement, I will remove it.


Happy to endorse with it removed, if only so that it's clear that 'extra'
guidance outside of the BRs is not something we should be doing :) It
should be codified within the BRs :)

In this case, if there's the opportunity to strengthen the language to
accomplish that within Section 1, fantastic. If it's accepted that Section
2 is already true here (e.g. can refer to this discussion), we can just
drop Section 2 to the same effect of "the avoidance of doubt" :)

If you're concerned about the impact to CAs that have planned Key
Generation Ceremonies (and Key Generation Scripts) that would be impacted
by this, and their uncertainty as to whether there'd be an IP encumbrance
upon the act of placing a commonName within a Root Certificate or
Intermediate Certificate (which you would think would have been responsibly
disclosed to the IETF at this point), then you could always add a "From two
weeks after the adoption of this ballot" as an effective date statement,
and let that "two weeks" be filled in upon the completion of the IP review
period, barring any disclosures. That would allow CAs concerned about such
encumbrances to wait until the completion of the IP review period to
determine whether or not to update their planned KGCs / KGSes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170420/f483f5e7/attachment.html>