[cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

Rob Stradling rob at sectigo.com
Thu Dec 20 23:47:11 UTC 2018

On 20/12/2018 16:48, Paul Hoffman wrote:
> <decloaking for a moment of IETF process discussion>
>> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg <servercert-wg at cabforum.org> wrote:
>> Sectigo votes NO.
>> We don't object to the idea behind this ballot, and we don't have any
>> specific objections to the content of this ballot either.  However, the
>> IETF has a process for defining new CAA properties, and this process
>> needs to be followed.
>> https://tools.ietf.org/html/rfc6844#section-7.2 says:
>>    "Addition of tag identifiers requires a public specification and
>>     Expert Review as set out in [RFC6195], Section 3.1.1."
>> The BRs is a "public specification", certainly.  However, *before* the
>> new CAA property proposed by this ballot can become enshrined as a
>> requirement in the BRs:
>>    1. An application for "Expert Review" must be submitted
>>    and
>>    2. An "approved" response from the designated Expert must be received
>> Since IANA has not yet assigned any Expert(s) to the caa-properties
>> registry [1], it's clear that the required "Expert Review" has not yet
>> occurred.
>> [1]
>> https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtml#caa-properties
> It is worthwhile noting the paragraph of RFC 6844 immediately after the one quoted above:
>     The tag space is designed to be sufficiently large that exhausting
>     the possible tag space need not be a concern.  The scope of Expert
>     Review SHOULD be limited to the question of whether the specification
>     provided is sufficiently clear to permit implementation and to avoid
>     unnecessary duplication of functionality.
> Even though there is not yet an expert reviewer (which is odd, given that they've had almost six years to make that assignment), this text makes it sound like the registration in this ballot would very likely be accepted, and if it wasn't, an appeal would almost certainly win.

Nonetheless, rules are rules.  I'd like to avoid setting a precedent of 
CABForum disregarding applicable IETF rules for no good reason.

> If this ballot passes, someone from CABForum should send a message to the IESG saying "there was no reviewer, we added a property that we think meets the requirements, and as soon as you assign an expert reviewer (cough cough) we will submit this to the registry".

Rob Stradling
Senior Research & Development Scientist
Sectigo Limited

More information about the Public mailing list