[cabfpub] Revised domain validation ballot

Wed Mar 22 09:55:56 MST 2017

Forwarding this along if only because it suggests removing something rather
than adding it.

The current BRs define "Authorized Port" as:

One of the following ports: 80 (http), 443 (http), 115 (sftp), 25
(smtp), 22 (ssh).

Port 115 appears to be on this list in error, because this port number
was assigned to an Internet protocol "Simple File Transfer Protocol"
that never saw widespread use, it is not the correct port for the SFTP
(SSH File Transfer Protocol) SSH subsystem of the SSH protocol which,
like SSH itself, uses well-known port 22.

Unless the committee which came up with these recommendations has a
separate rationale for listing port 115 it seems as though the ballot
to add domain validation methods is a good place to make this small
change, removing the text "115 (sftp)," from this definition.

I don't intend this proposal to have any effect operationally, it's
simply a suggestion to ensure the BR text matches the reality on the
ground more closely. If it proves controversial of course it should not
be included in Jeremy's ballot.

On Wed, Mar 22, 2017 at 11:43 AM, Jeremy Rowley via Public <
public at cabforum.org> wrote:

> Sorry – I thought I’d incorporated those changes. I’ve gotten a couple
> other comments as well that I’ll merge into a new draft.
>
>
>
> *From:* Robin Alden [mailto:robin at comodo.com]
> *Sent:* Wednesday, March 22, 2017 9:42 AM
> *To:* 'CA/Browser Forum Public Discussion List' <public at cabforum.org>
> *Cc:* Jeremy Rowley <jeremy.rowley at digicert.com>
> *Subject:* RE: [cabfpub] Revised domain validation ballot
>
>
>
> Hi Jeremy,
>
>                 The text for the example of a request token has become
> mangled by copying and pasting over the years.
>
> It should read..
>
>
>
> echo `date -u +%Y%m%d%H%M` `sha256sum <r2.csr` | sed "s/[ -]//g"
>
> Those back-quotes need to be back-quotes.
>
>
>
> I see another item that I think needs attention.  I don’t think it is
> contentious.
>
> The sentence is this one:
>
>
>
> “The presence of the Request Token or Random Value contained in the form
> of a meta tag where the Request Token or Random Value MUST NOT appear in
> the request.”
>
>
>
> The problem is that the token or value mustn’t appear in the request,
> period.  It doesn’t matter whether the token or value are in a meta tag in
> a page or in file content.
>
> I think it should probably read
>
>
>
> “The Request Token or Random Value MUST NOT appear in the request for the
> file or web-page.”
>
>
>
> May we incorporate those changes?
>
>
>
> Regards
> Robin
>
>
>
>
>
> *From:* Public [mailto:public-bounces at cabforum.org
> <public-bounces at cabforum.org>] *On Behalf Of *Jeremy Rowley via Public
> *Sent:* 22 March 2017 09:59
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Cc:* Jeremy Rowley <jeremy.rowley at digicert.com>
> *Subject:* [cabfpub] Revised domain validation ballot
>
>
>
> Hi everyone,
>
>
>
> Attached is a proposed domain validation ballot that accomplishes three
> things:
>
>
>
>    1. The ballot adds the domain methods removed by ballot 180-182 back
>    into the BRs.
>    2. The ballot removes the “any other method’
>    3. The ballot revises the .well-known method to fix some issues
>    identified by the WG
>    4. The ballot fixes an incorrect cross-reference.
>
>
>
> Jeremy
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170322/e64fcd5f/attachment.html>