[cabfpub] Ballot 185 - Limiting the Lifetime of Certificates
Dean_Coclin at symantec.com
Sat Feb 11 19:14:06 UTC 2017
Minor changes to ballots have traditionally been allowed in the forum. "Minor" has been left to the discretion of the ballot producer/endorsers but we've seldom seen controversy over that.
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Scott Rea via Public
Sent: Saturday, February 11, 2017 1:57 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Scott Rea <scott at scottrea.com>
Subject: Re: [cabfpub] Ballot 185 - Limiting the Lifetime of Certificates
is it permissible to change the ballot applicability date without invalidating the ballot? I thought Ryan indicated earlier this week it was not possible to change anything once the ballot process had started...??
Can someone please clarify?
On 2/11/2017 9:49 PM, Gervase Markham via Public wrote:
> On 09/02/17 21:08, Ryan Sleevi via Public wrote:
>> Ballot 185 - Limiting the Lifetime of Certificates
>> The following motion has been proposed by Ryan Sleevi of Google, Inc
>> and endorsed by Josh Aas of ISRG and Gervase Markham of Mozilla to
> Having endorsed this, I confess I was thinking more about the maximum
> certificate lifetime (which I do support as a target we need to get
> to, and soon) than about the lead time - which, by the time this
> ballot passes, will be about 2 months and a week. Given the level of
> ongoing engagement with the question, having agreed to endorse I was
> also a little surprised to see us enter the formal discussion period so soon.
> In one sense, the argument that "this is just a change of a number in
> some certificate profiles" is right. In another sense, I accept that
> it does take time to adjust customer expectations, even if the
> different action required by said customer may be a year or more in the future.
> While it might be argued CAs should have asked their customers about
> the potential impact of this change after previous discussions, it's
> not reasonable to suggest that they should have been preparing them
> for its enactment before any ballot was passed.
> There are some ways a lifetime ballot might be constructed to ease
> this difficulty, some of which even keep a May date for this first
> step, but they are not in the realm of the sort of minor adjustment
> historically permitted to ballots during the formal discussion period.
> I therefore request that the applicability date in this ballot be
> changed from 1st May 2017 to, at the earliest, 24th August 2017, 6
> months after the ballot voting end date. 6 months has been floated
> before as a reasonable lead time for high-impact changes, so I hope
> this will remove that point of objection even for those who feel this
> change is high-impact.
> As the voting period begins on Thu/Fri next week, I hope we can apply
> this change soon, and continue from there with a process of thoughtful
> listening and discussion on that basis.
> Public mailing list
> Public at cabforum.org
Scott Rea, MSc, CISSP
Ph# (801) 874-4114
Public mailing list
Public at cabforum.org
More information about the Public