[cabfpub] Domain validation

Ryan Sleevi sleevi at google.com
Tue May 16 09:06:14 MST 2017 

On Tue, May 16, 2017 at 11:55 AM, Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:
>
> 1) The document is presented as a ballot because I based the revisions on
> 190.  If there are discrete sub-components someone doesn’t like, I don’t
> mind breaking it up into chunks.
>

The problem is not about 'not liking'. It's about a tremendous amount of
text that tries to solve a whole host of issues, all at once, and without
clear identification of the goals or related changes. This makes it
incredibly difficult to review, and all the more likely of a Ballot 193/197
problem being introduced. Further, the approach to creating the ballot
creates issues like recently discovered by Ben in Ballot 198, in which the
'proposed text' and the 'redlined version' actually substantially differed
from what was actually adopted (more on that for another thread).

It's not that I disagree with your goals - I think you've captured some
very useful things to do. I'm just not sure there's any reasonable hope
that we'd be confident it was appropriately reviewed, especially in light
of the substantive discussion re: Ballot 190 that still needs adoption, and
because of that, makes it very hard to consider voting in favor. This is,
for what it's worth, notably similar to some of the subordinate CA
discussions.

While that comes across negative (and almost certainly would be reflected
in a vote, should it come to that), I'm incredibly thrilled that someone
such as yourself has taken a comprehensive look at it, and I'm thrilled
that you've found and identified issues. Just the means of attempting to
fix them is perhaps less than ideal, and much like I'd send back an overly
complex code review back to the submitter as "overly complex; simplify",
I'm trying to figure out if there's a way to tease out the issues or look
at incrementalist approaches here.

This is why even with a 'small' change (the OCSP profile), which only
removes a few lines of text, I tried to extensively annotate the reasonings
behind each change, the dependencies, and their relationship - see
https://github.com/sleevi/cabforum-docs/pull/2

I'm also not sure I'd agree with some of your problem statements, so that's
where helping identify what you see as the problem can sort out an
appropriate solution :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170516/0d5b0654/attachment.html>

More information about the Public mailing list