[cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

Doug Beattie doug.beattie at globalsign.com
Fri Dec 21 07:11:39 MST 2018 

Rob,

Is there any reason we can't submit this to the IESG now saying "we're
planning to add a property that we think meets the requirements, and as soon
as you assign an expert reviewer we will submit this to the registry"?  It's
unfortunate this question wasn't raised earlier, but I still recommend
proceeding with the ballot and then working the details with IESG in
parallel with the review period. 

Can you submit this, or who can we submit it to?

Doug

-----Original Message-----
From: Public <public-bounces at cabforum.org> On Behalf Of Rob Stradling via
Public
Sent: Thursday, December 20, 2018 6:47 PM
To: Paul Hoffman <paul.hoffman at icann.org>; CA/B Forum Server Certificate WG
Public Discussion List <servercert-wg at cabforum.org>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5:
CAA Contact Property and Associated E-mail Validation Methods

On 20/12/2018 16:48, Paul Hoffman wrote:
> <decloaking for a moment of IETF process discussion>
> 
>> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg
<servercert-wg at cabforum.org> wrote:
>>
>> Sectigo votes NO.
>>
>> We don't object to the idea behind this ballot, and we don't have any 
>> specific objections to the content of this ballot either.  However, 
>> the IETF has a process for defining new CAA properties, and this 
>> process needs to be followed.
>>
>> https://tools.ietf.org/html/rfc6844#section-7.2 says:
>>    "Addition of tag identifiers requires a public specification and
>>     Expert Review as set out in [RFC6195], Section 3.1.1."
>>
>> The BRs is a "public specification", certainly.  However, *before* 
>> the new CAA property proposed by this ballot can become enshrined as 
>> a requirement in the BRs:
>>    1. An application for "Expert Review" must be submitted
>>    and
>>    2. An "approved" response from the designated Expert must be 
>> received
>>
>> Since IANA has not yet assigned any Expert(s) to the caa-properties 
>> registry [1], it's clear that the required "Expert Review" has not 
>> yet occurred.
>>
>>
>> [1]
>> https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtm
>> l#caa-properties
> 
> It is worthwhile noting the paragraph of RFC 6844 immediately after the
one quoted above:
> 
>     The tag space is designed to be sufficiently large that exhausting
>     the possible tag space need not be a concern.  The scope of Expert
>     Review SHOULD be limited to the question of whether the specification
>     provided is sufficiently clear to permit implementation and to avoid
>     unnecessary duplication of functionality.
> 
> Even though there is not yet an expert reviewer (which is odd, given that
they've had almost six years to make that assignment), this text makes it
sound like the registration in this ballot would very likely be accepted,
and if it wasn't, an appeal would almost certainly win.

Nonetheless, rules are rules.  I'd like to avoid setting a precedent of
CABForum disregarding applicable IETF rules for no good reason.

> If this ballot passes, someone from CABForum should send a message to the
IESG saying "there was no reviewer, we added a property that we think meets
the requirements, and as soon as you assign an expert reviewer (cough cough)
we will submit this to the registry".

--
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5716 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20181221/802d830f/attachment.p7s>

More information about the Public mailing list