[cabfpub] Canonize vs. Canonicalize
Virginia Fournier
vfournier at apple.com
Mon Aug 28 23:59:25 UTC 2017
Hi all,
Just got back from vacation and trying to catch up on email.
I could not find “canonicalise” in the dictionary. Perhaps you mean “canonize"?
http://www.dictionary.com/browse/canonize?s=ts
Just trying to avoid any possible added confusion...
Best regards,
Virginia Fournier
Senior Standards Counsel
Apple Inc.
☏ 669-227-9595
✉︎ vmf at apple.com
On Aug 22, 2017, at 11:09 AM, public-request at cabforum.org wrote:
Send Public mailing list submissions to
public at cabforum.org
To subscribe or unsubscribe via the World Wide Web, visit
https://cabforum.org/mailman/listinfo/public
or, via email, send a message with subject or body 'help' to
public-request at cabforum.org
You can reach the person managing the list at
public-owner at cabforum.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."
Today's Topics:
1. Re: [Ext] [EXTERNAL] Ballot 212: Canonicalise formal name of
the Baseline Requirements (Paul Hoffman)
2. Re: [EXTERNAL] Ballot 212: Canonicalise formal name of the
Baseline Requirements (Gervase Markham)
3. Re: [EXTERNAL] Ballot 212: Canonicalise formal name of the
Baseline Requirements (Kirk Hall)
4. Final Minutes for CA/Browser Forum Teleconference ? August 3,
2017 (Kirk Hall)
----------------------------------------------------------------------
Message: 1
Date: Mon, 21 Aug 2017 20:28:01 +0000
From: Paul Hoffman <paul.hoffman at icann.org>
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] [Ext] [EXTERNAL] Ballot 212: Canonicalise
formal name of the Baseline Requirements
Message-ID: <127938B4-DE4D-461D-A6AB-F32B430C002D at icann.org>
Content-Type: text/plain; charset="utf-8"
On Aug 21, 2017, at 1:59 PM, Kirk Hall via Public <public at cabforum.org> wrote:
> Gerv, I was asked by my team ?what problem is this ballot solving?? Not in opposition, but just wondering why we need it?
An outside view:
I have had to point people to the BR a few times, and have sometimes gotten back "is that their membership rules?" and "are there other sets of requirements?". Having a single stable name for your single important document would be helpful to those outside CABForum. (It's not just the IETF who has naming problems!)
--Paul Hoffman
------------------------------
Message: 2
Date: Mon, 21 Aug 2017 18:16:28 -0700
From: Gervase Markham <gerv at mozilla.org>
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>, CA/Browser Forum Public
Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] [EXTERNAL] Ballot 212: Canonicalise formal name
of the Baseline Requirements
Message-ID: <2ecd46ac-d74e-4299-4c5a-8f1acb591c77 at mozilla.org>
Content-Type: text/plain; charset=utf-8
On 21/08/17 10:59, Kirk Hall wrote:
> Gerv, I was asked by my team ?what problem is this ballot solving??? Not
> in opposition, but just wondering why we need it?
Hi Kirk,
The ballot was in response to a discussion of an inconsistency in the
name raised by Li-Chun, and specifically in response to a request from a
Forum member named Kirk Hall, who wrote on the 22nd of June:
"Gerv ? would you consider adding a Section 4 that officially renames
the BRs as raised by Li-Chun in the earlier string (to remove the words
?Certificate Policy?? I?m not sure we ever officially named the BRs,
but Sec. 4 could simply say ?The official name of the Baseline
Requirements shall be ?The Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates??. Would that solve the
problem?"
:-) I didn't want to add it to an existing ballot, so I created a new one.
Gerv
------------------------------
Message: 3
Date: Tue, 22 Aug 2017 05:25:39 +0000
From: Kirk Hall <Kirk.Hall at entrustdatacard.com>
To: Gervase Markham <gerv at mozilla.org>, "CA/Browser Forum Public
Discussion List" <public at cabforum.org>
Subject: Re: [cabfpub] [EXTERNAL] Ballot 212: Canonicalise formal name
of the Baseline Requirements
Message-ID:
<1b45bf688dac48b7a773a74c68f808ea at PMSPEX04.corporate.datacard.com>
Content-Type: text/plain; charset="utf-8"
How little we remember... but that goes all the way back to June! I can't even remember what I had for breakfast. And we never continued with that topic in June (I think you said you didn't like ballots with multiple subjects), so your new ballot was a surprise to me. Thanks for the explanation.
-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Monday, August 21, 2017 6:16 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [EXTERNAL][cabfpub] Ballot 212: Canonicalise formal name of the Baseline Requirements
On 21/08/17 10:59, Kirk Hall wrote:
> Gerv, I was asked by my team ?what problem is this ballot solving???
> Not in opposition, but just wondering why we need it?
Hi Kirk,
The ballot was in response to a discussion of an inconsistency in the name raised by Li-Chun, and specifically in response to a request from a Forum member named Kirk Hall, who wrote on the 22nd of June:
"Gerv ? would you consider adding a Section 4 that officially renames the BRs as raised by Li-Chun in the earlier string (to remove the words ?Certificate Policy?? I?m not sure we ever officially named the BRs, but Sec. 4 could simply say ?The official name of the Baseline Requirements shall be ?The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates??. Would that solve the problem?"
:-) I didn't want to add it to an existing ballot, so I created a new one.
Gerv
------------------------------
Message: 4
Date: Tue, 22 Aug 2017 18:09:12 +0000
From: Kirk Hall <Kirk.Hall at entrustdatacard.com>
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] Final Minutes for CA/Browser Forum Teleconference ?
August 3, 2017
Message-ID:
<59d214350ce646ddb0f2048549d922ff at PMSPEX04.corporate.datacard.com>
Content-Type: text/plain; charset="windows-1252"
Final Minutes for CA/Browser Forum Teleconference ? August 3, 2017 (approved Aug. 17, 2017)
Attendees: Ben Wilson (DigiCert), Christopher Kemmerer (SSL.com), Curt Spann (Apple), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Geoff Keating, (Apple), Gervase Markham (Mozilla), Jeff Ward (WebTrust), Jeremy Rowley (DigiCert), Jos Purvis (Cisco), Kirk Hall (Entrust), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (BuyPass), Mike Reilly (Microsoft), Neil Dunbar (Trustcor), Patrick Tronnier (OATI), Peter Bowen (Amazon), Peter Miscovic (Disig), Rich Smith (Comodo), Rick Andrews (Symantec), Robin Alden (Comodo), Ryan Hurst (Google), Tim Hollebeek (Trustwave), Tyler Myers (GoDaddy), Virginia Fournier (Apple), Wayne Thayer (GoDaddy), Wendy Brown (FPKI).
1. Roll Call
2. Read Antitrust Statement
3. Review Agenda. Agenda was approved.
4. Approve Minutes of F2F meeting of July 20, 2017. The minutes as amended were approved and will be posted to the Public list.
5. Governance Change Working Group. Virginia said a draft ballot with a red-line version of the Bylaws and IPR Agreement had been distributed to the list and is ready for a vote. She hopes to receive any questions or comments during the next week, after which the ballot (Ballot 206) will start the formal discussion and voting periods.
Kirk asked if the WG had yet drafted a charter for the first Working Group under the new governance rules ? previously referred to as the ?Server Certificate Working Group? or something similar. This new Working Group would take over the current work of the Forum. Ben answered no. Kirk said he had a procedural concern ? if Ballot 206 is passed without approving a charter for a new ?Server Certificate Working Group?, then the old Bylaws would no longer exist and the Forum could no longer do work as it does at present. He suggested the WG add a transition rule that says the new governance structure only becomes effective when the first new Working Group charter is approved by the Forum (which would be the ?Server Certificate Working Group? covering the Forum?s current activities) ? until then, we would continue to operate under the old Bylaws. Virginia again stressed the WG would like to receive all comments and suggested edits from members now.
6. Validation Working Group update. Jeremy said the WG had met recently and discussed two main topics: (1) how to handle redirects to ports during domain validation, and what types of redirects are allowed, and (2) some differences in the validation rules as to when and how Random Values can be reused (including whether the same Random Value can be used for multiple domain validations using different validation methods). This has been discussed in some detail in the VWG minutes previously distributed.
Jeremy prefers that a Random Value can only be used once, and cannot be reused, for increased security and less customer confusion. Kirk thought it could lead to more customer confusion if a customer says ?I didn?t get the Random Value email?, gets a new Random Value in a new email, then clicks the first Random Value and is told it?s not valid. Peter said that wouldn?t happen, the Random Values in the two emails would both continue to be valid, but only 30 days for each. Rick said it might be proper to require a new Random Value each time when using email methods, but that probably won?t work if the Random Value is posted to a customer page in a customer portal for use in one of the other methods (e.g., posting the Random Value in the DNS record). The VWG will continue to work on these issues.
7. Policy Review Working Group update. Ben said the WG had a call the previous hour, and reviewed Dimitris? recent work. The WG is still trying to make clarifying changes to distinguish between internally operated sub-CAs versus externally operated sub-CAs. Ben thinks this subject is handled better in the EV Guidelines than in the Baseline Requirements. Dimitris said the WG is trying to remove references to internally operated sub-CAs wherever possible
8. Network Security Working Group update. Ben noted there is a draft Ballot 210 that would make simple changes now to the existing Network Security guidelines, and asked for comments. Kirk said the draft added multi-person control as an alternative to multi-factor control for Issuing Systems and Certificate Management Systems, but the text showed ?multi-factor / multi-party authentication? ? could the ?/? be changed to ?or? for clarity (so the auditors don?t think both are required)? Ben agreed. Ryan Hurst said the WG also planned to provide examples in the NetSec text for clarity, which Kirk said was a great idea. Peter noted the draft ballot is only a revision to the current NetSec requirements, and the WG had still not decided whether to keep and revise the current requirements, or look to external criteria to adopt new requirements entirely.
9. WebTrust Task Force request for review of WebTrust for CAs v2.1 changes. Kirk said he had posted a new draft Ballot 211 which would formally approve the proposed changes to WebTrust for CAs in v. 2.1 concerning key destruction and transportation, and asked if there were comments.
Dimitris asked why this ballot was needed, and whether his company should be involved when it had ETSI audits and not WebTrust audits. Jeff said the original WTCA was based on ISO 21188, but those criteria don?t cover the issues of key destruction and transportation. The WebTrust Task Force does not normally create standards to be audited, so it was looking for Forum approval of its draft audit criteria (which were based on recent auditor activity) to fill that gap ? and Ballot 211 would work for the Task Force?s purposes. Kirk said perhaps ETSI-audited CAs should abstain or not vote on the ballot, and Gerv suggested abstention was better in order to meet quorum requirements. Kirk said he would proceed with the Ballot.
10. Status of Ballot 202 successor ballot (definitions), Ballot 190. Peter noted that Ballot 202 did not pass because of three separate concerns from different CAs. One concern re use of Unicode seemed to be resolved among the three Chinese CAs that voted no, a second concern on definitions such as Domain Names would be resolved by using IETF definitions for clarity, and a third concern would be resolved by creating Forum-specific definitions that can then be used in other parts of the BRs. He had been waiting for the discussion to die down, and will draft a revised ballot as successor to Ballot 202 and seek endorsers.
Kirk said that Ballot 190 had almost started its voting period, but then some members had indicated they preferred to use updated definitions in the text of BR 3.2.2.4 validation methods instead of relying on clarifying Notes, as the most recent ballot draft did. Kirk had pulled back the ballot to wait for the BR definitions to be modified in Peter?s Ballot 202, and will move forward rapidly to complete a vote on Ballot 190 once the new definitions have been fixed.
11. Ballot Status - Discussion of ballots (See Ballot Status table at end of Agenda). Ben noted there was a growing list of ballots ready to go, and asked for opinions as to how many ballots to start at one time. Kirk suggesting staggering them, or even restricting to one at a time, to avoid confusion and ballot fatigue. Ben said he thought the Forum could handle an overlapping two or three ballots at a time. Peter suggested we first look to see if the draft ballots overlap ? if there is no significant overlap in subject matter, the ballots could proceed simultaneously. Kirk asked that most of the ballots start with a short pre-ballot period if possible and not immediately start with the limited seven-day discussion period followed by voting ? that may not be enough time (especially during summer holiday season) if any ballot includes any controversial or difficult issues.
As to pending ballots, Jos said Kirk could remove the ballot ?Bylaw change - Voting rules? from the list, as the Governance Change WG had incorporated those proposals in its current governance change Ballot 206.
12. Membership application of SSL Corp. Kirk noted that SSL.com had participated as an Associate Member since last fall, and had now completed its WebTrust audits and applied for full membership. He said the application appeared to meet the Bylaws requirements to him, and asked if there were any questions for the three SSL.com representatives on the call. There were no questions, so the three representatives dropped off the call. Kirk noted that membership decisions were generally made by consensus on a teleconference call, and asked if any member believed SSL.com did not meet the Bylaws membership criteria. There were no questions or concerns expressed and so SSL.com was added as a full member of the Forum by consensus. Kirk said he would notify the SSL.com representatives.
13. Any Other Business. There was no other business. Kirk reminded members who planned to attend the next F2F meeting hosted by Chunghwa Telecom in Taipei to make hotel reservations very soon.
14. Next call August 17, 2017
15. Adjourn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170822/ad2df329/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
------------------------------
End of Public Digest, Vol 64, Issue 48
**************************************
More information about the Public
mailing list