[cabfpub] Domain validation

Jeremy Rowley jeremy.rowley at digicert.com
Tue May 16 16:13:43 UTC 2017

That’s fine.  How would you like it broken up? I could break it up by validation method or by issue statement. 


From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Tuesday, May 16, 2017 10:06 AM
To: Jeremy Rowley <jeremy.rowley at digicert.com>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Domain validation




On Tue, May 16, 2017 at 11:55 AM, Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com> > wrote: 

1) The document is presented as a ballot because I based the revisions on 190.  If there are discrete sub-components someone doesn’t like, I don’t mind breaking it up into chunks.  


The problem is not about 'not liking'. It's about a tremendous amount of text that tries to solve a whole host of issues, all at once, and without clear identification of the goals or related changes. This makes it incredibly difficult to review, and all the more likely of a Ballot 193/197 problem being introduced. Further, the approach to creating the ballot creates issues like recently discovered by Ben in Ballot 198, in which the 'proposed text' and the 'redlined version' actually substantially differed from what was actually adopted (more on that for another thread).


It's not that I disagree with your goals - I think you've captured some very useful things to do. I'm just not sure there's any reasonable hope that we'd be confident it was appropriately reviewed, especially in light of the substantive discussion re: Ballot 190 that still needs adoption, and because of that, makes it very hard to consider voting in favor. This is, for what it's worth, notably similar to some of the subordinate CA discussions.


While that comes across negative (and almost certainly would be reflected in a vote, should it come to that), I'm incredibly thrilled that someone such as yourself has taken a comprehensive look at it, and I'm thrilled that you've found and identified issues. Just the means of attempting to fix them is perhaps less than ideal, and much like I'd send back an overly complex code review back to the submitter as "overly complex; simplify", I'm trying to figure out if there's a way to tease out the issues or look at incrementalist approaches here.


This is why even with a 'small' change (the OCSP profile), which only removes a few lines of text, I tried to extensively annotate the reasonings behind each change, the dependencies, and their relationship - see https://github.com/sleevi/cabforum-docs/pull/2


I'm also not sure I'd agree with some of your problem statements, so that's where helping identify what you see as the problem can sort out an appropriate solution :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170516/3b840bea/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170516/3b840bea/attachment-0001.p7s>

More information about the Public mailing list