[cabfpub] Voting has started on Ballot 214 - CAA Discovery CNAME Errata

Ryan Sleevi sleevi at google.com
Tue Sep 26 01:22:13 UTC 2017


On Tue, Sep 26, 2017 at 5:39 AM, Kirk Hall via Public <public at cabforum.org>
wrote:

>  So Ballot 214 would be in effect for about 12 days (Oct. 27 – Nov. 9).
> It’s possible a new ballot could say “It is not a violation of the BRs if
> CAs did not comply with Ballot 214 after its effective date but before the
> effective date of this ballot.”  We would know that provision had passed on
> about Oct. 10, but wouldn’t be effective until about Nov. 9 – but if worded
> correctly it would be retroactive to the effective date of Ballot 214.  I
> think auditors would take the position that CAs who ignored Ballot 214 for
> the 12 day period had not violated the BRs – we can check.
>

As noted many, many times before, the suggestion of retroactive immunity is
a decision for root stores - not the CA/Browser Forum. Compliance is
binary, measured over time. You are either compliant or non-compliant. Our
voting process establishes what compliance is - and redefining it changes
it at a future point.

Your suggestion of "not violating the BRs" is also not consistent. It would
be a violation of the BRs - but the suggestion is that it can be informed
through the CA/Browser Forum's consensus process whether that violation is
material to the stated principles and criteria. That is very different than
what you suggest, but a subtle and important distinction worth reiterating
:)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170926/80364ef0/attachment-0003.html>


More information about the Public mailing list