[cabfpub] Restarting Ballot 190 v6

Jeremy Rowley jeremy.rowley at digicert.com
Tue Aug 29 09:29:30 MST 2017


I agree we don't want to try and include fixes for the issues identified in
the validation WG. We can start those fixes once the ballot passes.

 

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Kirk Hall via
Public
Sent: Monday, August 28, 2017 6:29 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] Restarting Ballot 190 v6

 

I think the time has come to restart Ballot 190 v6 (as it was ready to go on
July 6 - see attached).  Here is my reasoning.

 

Background

 

As a reminder, the Forum approved ten updated domain validation methods (and
elimination of old Method 7 - "any other method") in Ballot 169, back in
August 2016.  We then realized we had not followed the exact review
procedures of our IPR Agreement (which was intended to create royalty free
licenses for all procedures in the Baseline Requirements), so we set out to
fix that in Ballots 180-182 in January 2017.  

 

It worked!  However, at that point only Methods 5, 6, and 10 had been added
to the BRs; we needed to add back Method 1-4 and 7-9 to the BRs from prior
Ballot 169 in a new ballot.  We also needed to remove the temporary Method
11 - "any other method."  That's what Ballot 190 was intended to do.

 

Ballot 190 circulated starting in April, but a problem arose with
conflicting opinions as to transition rules for the new authentication
methods - for example, if a validation method changed, were CAs and website
owners require to go through a new validation of all domains validated under
the previous version of the method, or could they rely on prior validations
under the old methods for the period allowed by BR 4.2.1, etc.  So we had to
add language clarifying those transition rules, which we did.

 

Version 6 of Ballot 190 was ready to go to a vote in early July, 2017.
However, a few members did not like the use of "Notes" after each validation
method, and preferred we instead use our Definitions to accomplish
everything that was covered by the Notes.  I was fine with that, and pulled
back Ballot 190 v6 so it could be modified to use Definitions instead of
Notes.

 

Unfortunately, our current BR Definitions had problems, and needed to be
amended before being added to the validation methods of BR 3.2.2.4 in Ballot
190.  We tried to fix the Definitions in Ballot 202, but it failed on July
26 for technical reasons that can be fixed.  However, some members are
getting impatient now to get the ten new vetting methods completed in the
BRs, and to remove Method 11 "any other method" as soon as possible.  I
agree.  A new Definitions ballot is still being drafted, and I don't think
we should wait for that - it could take two or three months to finish Ballot
190 if we first vote on a new Definitions ballot.

 

New Issues

 

Over the past few weeks, new questions have arisen about the BR 3.2.2.4
validation methods, including when it's proper to re-use Random Values, when
it's acceptable to follow redirects when using Method 6, and a few other
issues.  These are not quick fixes, and in my opinion it would be a mistake
to try to include any of these changes in Ballot 190.

 

Proposal

 

In order for us to complete the basic step of re-inserting all the Ballot
169 methods with the related clarifications re transition rules, I would
propose we go ahead and vote on Ballot 190 v6 (attached), then immediately
work on the new Definitions, removing the Notes, dealing with reuse of
Random Values and with redirects, etc.  Let's not make the "perfect" ballot
the enemy of the very, very good ballot - we can get to perfection in
stages.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170829/88c2f42d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4984 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170829/88c2f42d/attachment-0001.p7s>


More information about the Public mailing list