[cabfpub] Discussion Period to End/Voting to Begin on Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag
jimmy at it.auth.gr
Mon Apr 2 14:23:42 UTC 2018
I'm afraid you've passed the 21 days from first introduction and
according to the Bylaws (section 2.3 c) the ballot automatically fails.
I think this is actually the first time we have this situation so I
would like at least another member to confirm or correct my interpretation.
If I am correct, you should pick a new ballot number and send a new
ballot to start the 7-day (minimum) discussion period. If you are
certain that you will not need more than 7 days for discussion, you
could indicate that the voting period begins exactly after the 7-days
On 2/4/2018 4:52 μμ, Corey Bonnell via Public wrote:
> IETF 101 has transpired two weeks ago and erratum 5244
> (https://www.rfc-editor.org/errata/eid5244) was discussed. There is
> acknowledgement by the RFC 6844-bis author that the wording will be
> clarified in the next version of the RFC (see Jacob Hoffman-Andrews’s
> acknowledgement at
> https://www.ietf.org/mail-archive/web/spasm/current/msg01203.html<https://scanmail.trustwave.com/?c=4062&d=sqm_2mcKYKQ12aW4ctq0BDIiQzy2hIa4Xyq7D7WpIg&s=5&u=https%3a%2f%2fclicktime%2esymantec%2ecom%2fa%2f1%2fuUwicKB8-pbHUWekhZLLnL1-iQ4iv8xW0naYU8AFGIw%3d%3fd%3dq3oyNowL2aeaPqmICQ6FILMGQnUfIOKUv5cXNx7atOigOD%5fQT40kd5gytm1HYEMEC5lPaH7h2Z8%5frmod645WTM4RcJ0f2NjDMvKUaPdN%5fNMSYIvaHstwmn7QNVmPT8lyOMUi--ogk2eOrlGGaWrMS9A6FiBImZuZ3OPHhoEWrCgKUUWTwngjo-SM%5fS3gSUr8NNNN2zTX2c2EHeYXnHvU5FgDJofsezIeuOxr2iYXJMYqQCCKHEq-m5mX66RT-wjoereyGuNb5VjIn9QGZuB-ds1QFnrLQKdMRrxIaIiDLgSqSlkfUqIU1BzVD-AaoO8sTJlufu3%5f0hW6KIgY5aKiDcHcgZZQSZwNjiazIwVkAGQeel0RrA%253D%253D%26u%3dhttps%253A%252F%252Fwww%2eietf%2eorg%252Fmail-archive%252Fweb%252Fspasm%252Fcurrent%252Fmsg01203%2ehtml> and
> my response at
> However, there is still no indication that the erratum state will
> change to “Held for Document Update” or “Approved” anytime soon.
> We believe that the acknowledgement from the RFC author to fix this in
> the next version of the RFC is a sufficient surrogate to getting the
> erratum state changed. Waiting for the erratum state to change is
> merely red-tape in the process. As such, we intend to proceed with the
> ballot in its current form by closing the Discussion Period on Ballot
> 219 and begin voting tomorrow evening (UTC time).
> Ballot 219 v2: Clarify handling of CAA Record Sets with no
> "issue"/"issuewild" property tag
> Purpose of this ballot:
> RFC 6844 contains an ambiguity in regard to the correct processing of
> a non-empty CAA Resource Record Set that does not contain any issue
> property tag (and also does not contain any issuewild property tag in
> the case of a Wildcard Domain Name). It is ambiguous if a CA must not
> issue when such a CAA Resource Record Set is encountered, or if such a
> Resource Record Set is implicit permission to issue.
> Given that the intent of the RFC is clear (such a CAA Resource Record
> Set is implicit permission to issue), we are proposing the following
> change to allow for CAA processing consistent with the intent of the RFC.
> The following motion has been proposed by Corey Bonnell of Trustwave
> and endorsed by Tim Hollebeek of Digicert and Mads Egil Henriksveen of
> -- MOTION BEGINS --
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as follows, based upon
> Version 1.5.6:
> In section 220.127.116.11, add this sentence:
> CAs MAY treat a non-empty CAA Resource Record Set that does not
> contain any issue property tags (and also does not contain any
> issuewild property tags when performing CAA processing for a Wildcard
> Domain Name) as permission to issue, provided that no records in the
> CAA Resource Record Set otherwise prohibit issuance.
> to the end of this paragraph:
> When processing CAA records, CAs MUST process the issue, issuewild,
> and iodef property tags as specified in RFC 6844, although they are
> not required to act on the contents of the iodef property tag.
> Additional property tags MAY be supported, but MUST NOT conflict with
> or supersede the mandatory property tags set out in this document. CAs
> MUST respect the critical flag and not issue a certificate if they
> encounter an unrecognized property with this flag set.
> -- MOTION ENDS –
> The procedure for approval of this ballot is as follows:
> Discussion (7+ days)
> Start Time: 2018-03-07 19:00:00 UTC
> End Time: 2018-04-03 19:00:00 UTC
> Vote for approval (7 days)
> Start Time: 2018-04-03 19:00:00 UTC
> End Time: 2018-04-10 19:00:00 UTC
> *Corey Bonnell*
> Senior Software Engineer
> t: +1 412.395.2233
> *Trustwave***| SMART SECURITY ON DEMAND
> www.trustwave.com <http://www.trustwave.com/>
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public