[cabfpub] Preballot - Revised Ballot 190

Ryan Sleevi sleevi at google.com
Thu May 18 14:33:17 UTC 2017

On Thu, May 18, 2017 at 10:13 AM, Gervase Markham <gerv at mozilla.org> wrote:

> On 17/05/17 17:40, Ryan Sleevi via Public wrote:
> > As such, it's unclear what the intended outcome of this is. Is it meant
> > to be binding on CAs? If so, we should look to be more explicit.
> The intent is to be explicit about what is currently implicit; there was
> a message to this list a while back saying that all methods except IP
> Address were suitable for issuance of wildcards, but that required a
> very close reading of the text, and it seemed to make sense to make it
> explicit.
> So yes, it's intended to be normative.

Would you be open to addressing it in a separate ballot, so that we can
work through the issues and nuance here (and in relation to authorized
domain names and base domain names)?

> > It's also unclear whether the 'intent' of the wildcard certificate was
> > also to encompass the validation of subdomains, or their use in
> > Authorization Domain Names.
> At one point in one draft, the phrase covered both.

I see. Was this just a private draft? I'm trying to better understand what
has been explored and discussed, to make more productive contributions.

> I think it was Peter who did the analysis; but again, the aim here is to
> make clear existing rules, not to make new rules. If we are failing in
> that, we should change it. If you want to change the rules, that would
> probably be a separate ballot :-)

The fact that you highlighted it requires a very strict reading, but I'm
having trouble of finding that discussion, suggests that it's reasonable
that some folks may see even the 'notes' as introducing new rules.

Certainly, we saw a number of CAs feeling that the 'data reuse' was new
rules, despite it also being long-standing in the BRs through reading, and
what CAs voted on (in Ballot 169).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170518/ad800168/attachment-0003.html>

More information about the Public mailing list