[cabfpub] [Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension

[Ryan Sleevi]

Thanks Wayne.

I know you're intentionally avoiding the controversial cleanups with this
specific Ballot, so it will be good to have a follow-on discussion for
those matters, as CAs will no doubt having to make only one update to their
CP/CPS versus two. Or, differently stated, I'd hope that the argument for
making two updates doesn't preclude discussion of those additional cleanups
and ambiguities.

In reviewing this language in full, a much needed cleanup, one area that
stuck out to me, and which may not need to be resolved, but worth
considering, are the requirements for revocation if the CA is "made aware
of a material change in the information contained in the certificate" (#6
in the 5 day range) and if the CA "determines that any of the information
appearing in the Certificate is inaccurate"

One thing that stuck out was "made aware" versus "determines" - and whether
that distinction is significant (all of the other relevant language in this
section uses "made aware"). This is, admittedly, a carry over, but I'm
curious if there is any significance/impact to changing this to "made aware"

The next thing that stuck out is determining whether "material change in
the information" and "is inaccurate" are, in fact, different. Are there
cases where the information is inaccurate due to an (immaterial) change?
Are there material changes that don't result in inaccuracy? This couples
with the above to leave it a bit messy and gray as to how the CA may
classify things.

In looking at Section 9.6.1, regarding the CA's warranties, it seems our
goal is to provide relying parties both assertions on the correctness of
the information at the time it was issued, as well as that the information
is correct on an ongoing basis (c.f. 9.6.1 (8)). In terms of predictability
and clear expectations for CAs, the determination of material/immaterial,
and the flexibility for determination in general, seems to set up potential
conflict with the needs of Relying Parties and Subscribers, and leave CAs
in a bit of the messy place that some of this ballot tries to get them
sorted out from.


I hope this will prove to be uncontroversial, but the concrete suggestions
I would have are:
1) Strike "material" from 4.9.1.1, p2, Item 6, to read "The CA is made
aware of a change in the information contained in the certificate"
2) Change "determines" to "is made aware" in 4.9.1.1, p2, Item 8, to read
"The CA is made aware that any of the information appearing in the
Certificate is inaccurate."

This leaves both 6 and 8, with the intent that Item 8 is meant to capture
if the CA made a mistake "at time of issuance" (c.f. Section 9.6.1's
warranties the CA makes "at the time of issuance"), and Item 6 is meant to
convey the ongoing requirement for the accuracy of information (c.f.
9.6.1's Item 8 and the objective of 9.6.3's requirements on the Subscriber
to request changes). That is, this Item 6 captures if the Subscriber fails
to meet their ongoing obligations, and the Item 8 captures if the CA failed
to meet their initial obligations.

Does that sound like a reasonable (and hopefully uncontroversial) tweak? If
not, then I think it may merit discussing in a separate follow-up ballot,
to address the other areas of ambiguity, confusion, or arbitrariness :)


On Wed, Aug 29, 2018 at 1:19 PM Wayne Thayer <wthayer at mozilla.com> wrote:

>
> On Wed, Aug 29, 2018 at 9:05 AM Ryan Sleevi <sleevi at google.com> wrote:
>
>>
>>
>> On Wed, Aug 29, 2018 at 11:53 AM Wayne Thayer <wthayer at mozilla.com>
>> wrote:
>>
>>> On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton <
>>> Bruce.Morton at entrustdatacard.com> wrote:
>>>
>>>> Works for me.
>>>>
>>>> Bruce.
>>>>
>>>> On Aug 29, 2018, at 10:29 AM, Ryan Sleevi <sleevi at google.com> wrote:
>>>>
>>>> Just to confirm: Your concern is about the CA feeling that the evidence
>>>> does not meet any of the requirements to revoke, and wanting it to be clear
>>>> that that is a valid outcome of a problem report, correct?
>>>>
>>>> The problem with the suggested wording (and perhaps implicit in the
>>>> existing wording) is that it suggests that the period to "work with the
>>>> Subscriber and any entity" is unbounded, and once a determination is made,
>>>> then it must be within the bounds of 4.9.1.1's time period. That is, say,
>>>> 24 hours + as much "work with" time as you want. This is because the
>>>> modified wording seemingly attaches the "which MUST not" to the date in
>>>> which the CA will revoke, rather than the overall process.
>>>>
>>>> The CA SHALL work with the Subscriber and any entity reporting the
>>>> Certificate Problem Report or other revocation-related notice to establish
>>>> whether or not the certificate will be revoked, and if so, a date which the
>>>> CA will revoke the certificate. The period from report to published
>>>> revocation MUST NOT exceed the time frame set forth in Section 4.9.1.1.
>>>>
>>>> >
>>> Does "report" here mean the preliminary report on its findings, or the
>>> Certificate Problem Report? I am happy to accept this change once that is
>>> clarified.
>>>
>>
>> I was thinking about that on the drive in today :)
>>
>> "The period from receipt of report or notice to published revocation" ?
>>
>
> I made it a bit more specific:
> https://github.com/wthayer/documents/commit/570a80cc59cf8beb1b93ff817188f317ac2824c5
>
> The full set of proposed changes is still at
> https://github.com/cabforum/documents/compare/master...wthayer:patch-1
>
> Looking to the current v1.9 of the bylaws for guidance, it appears that
> the change to the discussion period approved in ballot 216 [1] was never
> incorporated. The current bylaws state "The discussion period then shall
> take place for at least seven but no more than 14 calendar days before
> votes are cast. The proposer of the ballot will designate the length of the
> discussion period, and each ballot shall clearly state the start and end
> dates and times (including time zone) for both the discussion period and
> the voting period." Based on this, I plan to redo this ballot.
>
> I'm assuming that the omission of the ballot 216 language in the new
> bylaws was a mistake. I'll plan to submit a ballot to fix that.
>
> [1]
> https://cabforum.org/2017/12/21/ballot-216-update-discussion-period-process/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180830/af93ab1b/attachment-0003.html>