[cabfpub] Voting has started on Ballot 208 - dnQualifiers

Devon O'Brien asymmetric at google.com
Tue Oct 24 19:50:20 UTC 2017

Google votes YES on Ballot 208.

On Fri, Oct 20, 2017 at 8:28 AM, Kirk Hall via Public <public at cabforum.org>

> Voting ends Thursday, Oct. 26 at 22:00 UTC
> *From:* Public [mailto:public-bounces at cabforum.org] * On Behalf Of *Ben
> Wilson via Public
> *Sent:* Thursday, October 12, 2017 11:05 AM
> *To:* CABFPub <public at cabforum.org>
> *Subject:* [EXTERNAL][cabfpub] Ballot 208 - dnQualifiers
> *Ballot 208 - dnQualifiers*
> This ballot allows CAs to use dnQualifiers in certificates to partition
> groups of certificates into different sets and to allow non-identity
> information to be included in DV certificates.
> The following motion has been proposed by Peter Bowen of Amazon and
> endorsed by Ben Wilson of DigiCert and Ryan Sleevi of Google.
> In the Baseline Requirements, REPLACE the definition of "Subject Identity
> Information" with:
> "Information that identifies the Certificate Subject. Subject Identity
> Information does not include [strikeout]a domain name listed in the
> subjectAltName extension or the Subject commonName field[/strikeout]
> [insert]*dnQualifier attributes in Distinguished Names, commonName
> attributes in Distinguished Names, dNSName Subject Alternative Names,
> iPAddress Subject Alternative Names, or SRVName Subject Alternative Names*[/insert]."
> In Section Subject Distinguished Name Fields, re-letter "j"
> (Other Subject Attributes) as letter "k" and INSERT a new subsection j.
> that reads:
> j. Certificate Field: subject:dnQualifier
>    - Optional. Contents: This field is intended to be used when several
>    certificates with the same subject can be partitioned into sets of related
>    certificates. Each related certificate set MAY have the same dnQualifier.
>    The CA may include a dnQualifier attribute with a zero length value to
>    explicitly indicate that the CA makes no assertion about relationship with
>    other certificates with the same subject. The CA MAY set the dnQualifer
>    value to the base64 encoding of the SHA1 hash of the subjectAlternativeName
>    extnValue if it wishes to indicate grouping of certificates by alternative
>    name set.
> The procedure for approval of this Final Maintenance Guideline ballot is
> as follows (exact start and end times may be adjusted to comply with
> applicable Bylaws and IPR Agreement):
> BALLOT 208 Status: Final Maintenance Guideline Start time (22:00 UTC) End
> time (22:00 UTC)
> Discussion begins October 12, 2017 22:00 UTC and ends October 19, 2017
> 22:00 UTC (7 days)
> Vote for approval begins October 19, 2017 22:00 UTC and ends October 26,
> 2017 22:00 UTC (7 days)
> If vote approves ballot: Review Period (Chair to send Review Notice) (30
> days). If Exclusion Notice(s) filed, ballot approval is rescinded and PAG
> to be created. If no Exclusion Notices filed, ballot becomes effective at
> end of Review Period. Upon filing of Review Notice by Chair 30 days after
> filing of Review Notice by Chair
> From Bylaw 2.3: If the Draft Guideline Ballot is proposing a Final
> Maintenance Guideline, such ballot will include a redline or comparison
> showing the set of changes from the Final Guideline section(s) intended to
> become a Final Maintenance Guideline, and need not include a copy of the
> full set of guidelines. Such redline or comparison shall be made against
> the Final Guideline section(s) as they exist at the time a ballot is
> proposed, and need not take into consideration other ballots that may be
> proposed subsequently, except as provided in Bylaw Section 2.3(j).
> Votes must be cast by posting an on-list reply to this thread on the
> Public list. A vote in favor of the motion must indicate a clear 'yes' in
> the response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response. Unclear
> responses will not be counted. The latest vote received from any
> representative of a voting member before the close of the voting period
> will be counted. Voting members are listed here:
> https://cabforum.org/members/
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes cast
> by members in the browser category must be in favor. Quorum is shown on
> CA/Browser Forum wiki. Under Bylaw 2.2(g), at least the required quorum
> number must participate in the ballot for the ballot to be valid, either by
> voting in favor, voting against, or abstaining.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171024/5e0f5a5d/attachment-0003.html>

More information about the Public mailing list