[cabfpub] Ballot 190
gerv at mozilla.org
Fri Apr 28 06:35:11 MST 2017
On 27/04/17 21:00, Jeremy Rowley via Public wrote:
> Ben let me know that there were questions about Ballot 190. The ballot
> was withdrawn and hasn’t gone to vote yet because of Section 2:
My concerns with ballot 190 are threefold:
1) I think that applicability and sunset dates for sections should be
encoded in the BRs themselves. This has been our previous practice, and
it's not too messy. We often clean them up when revisiting that section;
several recent ballots or ballot proposals have done that.
2) A blanket "all previous validations are OK" seems unacceptable to
Google, and I'd have concerns about it too, because of the flaws in th
website validation method, and the wild west that was 18.104.22.168.11. On the
other hand, a blanket "all previous validations need to be redone" is
unlikely to find support among CAs.
3) It's not totally clear how wildcard validations interact with each
method. It can be worked out, but it could be clearer.
Therefore, my proposal is that you enhance the ballot to add two
additional sections/paragraphs/statements to each of the ten methods:
* This method is suitable for wildcard validations of the form
"*.FQDN", where FQDN is the domain validated.
* This method is not suitable for wildcard validations.
After that, you could put a revalidation statement for each method which
could be something like:
* Previous validations done under this section can be reused.
* Previous validations done under this section as it appeared in BRs
v.1.X.X or later can be reused.
* Previous validations done under this section must be redone for
issuances after <date>.
or whatever the rule turns out to be, as negotiated. I would start by
saying reuse is possible for 22.214.171.124.1-5, and not for 126.96.36.199.6, and see
where we get. The advantage of doing it this way is that when and if we
update a method to improve the validation, we can also edit the
applicable reuse statement at the same time, if necessary, and the scope
is nicely right.
We'd also need something like:
* Previous validations under section 188.8.131.52.11 "Any Other Method" (or
section 184.108.40.206.7 for versions of the BRs before version 1.X.X) which do
not fit the criteria of any other current section must be redone for
issuances after <date soon in the future>.
We should also permanently mark section 220.127.116.11.11 as "Reserved", in the
manner that some sections are now, to avoid confusion in the future.
Additional methods should start at number 12.
> 1. Does the proposed language resolve the previous concern with Ballot 190?
> 2. If not, should section 2 be dropped entirely.
> 3. If section 2 remains, would you vote against the ballot?
> 4. If section 2 was dropped, would you vote for the ballot?
> 5. Is there other language you’d prefer to see included instead?
5. See above.
More information about the Public