[cabfpub] Ballot 201 - .onion Revisions

Dimitris Zacharopoulos jimmy at it.auth.gr
Mon Jun 5 16:41:58 UTC 2017

HARICA votes "yes" to ballot 201.


On 25/5/2017 10:50 μμ, Ben Wilson via Public wrote:
> *Ballot 201 - .Onion Revisions*
> This ballot is meant to cure any potential problems with Ballot 198, 
> which may have been invalid due to ambiguities in what was presented 
> to the Forum for vote. This Ballot 201 attempts to clarify Appendix F 
> of the EV Guidelines concerning the Tor Service Descriptor Hash 
> extension and that inclusion of the extension in the TBSCertificate is 
> required.
> The following motion has been proposed by Jeremy Rowley of DigiCert 
> and endorsed by Ryan Sleevi of Google and Wayne Thayer of GoDaddy to 
> introduce new Final Maintenance Guidelines for the "Guidelines for the 
> Issuance and Management of Extended Validation Certificates" (EV 
> Guidelines).
> Attached is a PDF with a redline showing how Appendix F of the current 
> EV Guidelines will be amended.
> Part 1:
> The CA/Browser Forum, recognizing that Ballot 198 did not include a 
> redline version against the current Final Maintenance Guidelines, 
> thereby constitutes an invalid Ballot. As a consequence, the Forum 
> agrees that the changes shall not be made to the appropriate Final 
> Maintenance Guideline, and as such, no IPR Review Notice is in force 
> for Ballot 198:
> Part 2:
> Revise Appendix F, Section 1, to read as follows:
> Appendix F – Issuance of Certificates for .onion Domain Names
> A CA may issue an EV Certificate with .onion in the right-most label 
> of the Domain Name provided that issuance complies with the 
> requirements set forth in this Appendix:
> 1. CAB Forum Tor Service Descriptor Hash extension (
> The CA MUST include the CAB Forum Tor Service Descriptor Hash in the 
> TBSCertificate to convey hashes of keys related to .onion addresses. 
> The CA MUST include the Tor Service Descriptor Hash extension using 
> the following format:
> cabf-TorServiceDescriptorHash OBJECT IDENTIFIER ::= { }
> SEQUENCE ( 1..MAX ) of TorServiceDescriptorHash
> TorServiceDescriptorHash:: = SEQUENCE {
> onionURI UTF8String
> algorithm AlgorithmIdentifier
> subjectPublicKeyHash BIT STRING
> }
> Where the AlgorithmIdentifier is a hashing algorithm (defined in RFC 
> 6234) performed over the DER-encoding of an ASN.1 SubjectPublicKey of 
> the .onion service and SubjectPublicKeyHash is the hash output.
> --Motion Ends--
> The procedure for approval of this Final Maintenance Guideline ballot 
> is as follows (exact start and end times may be adjusted to comply 
> with applicable Bylaws and IPR Agreement):
> BALLOT 201 Status: Final Maintenance Guideline            Start time 
> (22:00 UTC)   End time (22:00 UTC)
> Discussion (7 to 14 days)                             
>                               May 25, 2017                    June 1, 
> 2017
> Vote for approval (7 days)                           
>                               June 1, 2017                      June 
> 8, 2017
> If a vote of the Forum approves this ballot, the Chair will initiate a 
> 30-day IPR Review Period by sending out an IPR Review Notice.
> After 30 days of announcing the IPR Review period by the Chair:
>  1. If Exclusion Notice(s) are filed, this ballot approval is
>     rescinded and a PAG will be created; or
>  2. If no Exclusion Notices are filed, this ballot becomes effective
>     at end of the IPR Review Period.
> From Bylaw 2.3: If the Draft Guideline Ballot is proposing a Final 
> Maintenance Guideline, such ballot will include a redline or 
> comparison showing the set of changes from the Final Guideline 
> section(s) intended to become a Final Maintenance Guideline, and need 
> not include a copy of the full set of guidelines. Such redline or 
> comparison shall be made against the Final Guideline section(s) as 
> they exist at the time a ballot is proposed, and need not take into 
> consideration other ballots that may be proposed subsequently, except 
> as provided in Bylaw Section 2.3(j).
> Votes must be cast by posting an on-list reply to this thread on the 
> Public list. A vote in favor of the motion must indicate a clear 'yes' 
> in the response. A vote against must indicate a clear 'no' in the 
> response. A vote to abstain must indicate a clear 'abstain' in the 
> response. Unclear responses will not be counted. The latest vote 
> received from any representative of a voting member before the close 
> of the voting period will be counted. Voting members are listed here: 
> https://cabforum.org/members/
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> half of the number of currently active Members, which is the average 
> number of Member organizations that have participated in the previous 
> three Forum-wide meetings (both teleconferences and face-to-face 
> meetings).  Under Bylaw 2.2(g), at least the required quorum number 
> must participate in the ballot for the ballot to be valid, either by 
> voting in favor, voting against, or abstaining.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170605/048f9a97/attachment-0003.html>

More information about the Public mailing list