[cabfpub] Pre-ballot for Ballot 190

Ben Wilson ben.wilson at digicert.com
Thu Jun 29 15:47:15 UTC 2017

Hi Mads,

The Validation Working Group met this morning and will add your comments to
a publicly available online tracking worksheet (that I will post later
today).  Although we think that fixing the typo with the "http" reference to
"https" is a good idea, your other suggestions are probably best to add in
with Jeremy's comments and fix any of the confusing language in section after this ballot passes.

Sincerely yours,



Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678


From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Mads Egil
Henriksveen via Public
Sent: Thursday, June 29, 2017 3:44 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Pre-ballot for Ballot 190




I have some comments and suggested edits, see attached document with
proposed changes in the text and corresponding comments. I think this will
clarify some topics and remove some inconsistency. 


Some of the changes are what I consider to be typos. The others may be
categorized in two parts:

1.	Domain Contact vs Domain Name Registrant - section and
The definition of Domain Contact includes Technical and Administrative
Contact in addition to Domain Name Registrant.
My proposed changes is to clarify this, e.g. replace the term Domain Name
Registrant with Domain Contact where relevant to remove inconsistency.
2.	Base Domain Name vs Authorization Domain Name vs FQDN
Some of the sections use these terms differently for the same situation -
see section and This is confusing and I would like to
harmonize the use of these terms. 


I do also propose a change in the title for section since the
definition of Domain Contact do not include this specific case where the
email address is constructed and not listed in a WHOIS record. 


I also think it is important to file this ballot now and I will endorse it.





From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Kirk Hall via
Sent: 18. juni 2017 02:42
To: CA/Browser Forum Public Discussion List
Cc: Kirk Hall
Subject: [cabfpub] Pre-ballot for Ballot 190


After working with some of the chief drafters of the changes to BR
over the past two years, I am posting this revised Ballot 190 which does a
number of things:


1.       There are changes to two Definitions, and a new definition as

2.       The current language of the domain validation section BR is
what we passed in Ballot 181, and is missing validation Methods 1-4 and 7-9
with minor tweaks as indicated.  We are also eliminating Method 11
(previously Method 7) - "any other method."  The language you see inserted
is the same language as we passed in Ballot 169, except for the minor
changes I specifically call out.

3.       We clarify that once the requested FQDN has been verified using a
given validation method, the CA may also issue certificates for higher level
domains that end in the validated FQDN.

4.       Finally, in response to the discussion we have had on whether a
change to a validation method means all prior validations using that method
are no longer valid, we have made some changes.  In essence, the BRs would
not state that data, documents, and prior validations can be reused for the
permitted reuse period under BR 4.2.1, unless the Forum specifically
requires revalidation in a ballot.


I have attached the pre-ballot in two formats: (a) one in "track changes"
from Ballot 181 and including comments (this will be the real ballot once we
finish discussion and the comments are removed), and (b) the other showing
how BR and 4.2.1 plus the definitions will read if Ballot 190 is
adopted.  I am sending the documents in both Word and pdf formats.


We can discuss the ballot this week and on Thursday at the F2F meeting.
Next week, we can then file the ballot and start the discussion period (7
days), followed by the voting period.


One request - if you have comments or edits to suggest, please be VERY
clear.  This is a very complex ballot, and we will make the most progress if
we avoid misunderstanding and talking past each other.  Also, if you don't
like a section, please suggest specific alternate wording for people to

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170629/67bbf9d4/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6118 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170629/67bbf9d4/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170629/67bbf9d4/attachment-0003.p7s>

More information about the Public mailing list