[cabfpub] Spring Cleanup Ballot 2019

Tim Hollebeek tim.hollebeek at digicert.com
Fri May 4 08:45:52 MST 2018

Yes, I’m really planning a year out.


From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Friday, May 4, 2018 11:06 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Spring Cleanup Ballot 2019




On Fri, May 4, 2018 at 10:52 AM, Tim Hollebeek via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:


Any objections if the Spring Cleanup branch includes cleanup changes involving dates that will be true in Spring of 2019?


I'm not sure what you're proposing here - was that a typo from 2018 to 2019? Or are you really planning a year out? :)


If you really meant 2019, then I think it's unwise to start planning those sorts of changes so far ahead, given the unfortunate tendency to forget to continually update and ensure semantic consistency with any other changes the Forum may have made in the interim.


For example, removing the definition of Domain Authorization Document, and changing to read:


“ Domain Authorization Document


This method has been retired and MUST NOT be used.

Completed validations using this method SHALL NOT be used for the issuance of certificates.”


Did you mean to include if including Otherwise, these are both August 2018 - not Spring 2018 (which supports the Spring 2019 theory). If you're going 2019, then you'd also need to be touching 4.2.1 - for consistency.


There are similar changes that could be made in 2.2:


“The Certificate Policy and/or Certification Practice Statement MUST:


1.	be structured in accordance with RFC 3647,
2.	include all material required by RFC 3647,
3.	state the CA’s policy or practice on processing CAA Records for Fully Qualified Domain Names.


The CA’s CAA policy or practice MUST:


1.	be consistent with these Requirements,
2.	clearly specify the set of Issuer Domain Names that the CA recognizes in CAA "issue" or "issuewild" records as permitting it to issue


The CA SHALL log all actions taken, if any, consistent with its processing practice.”


Where we don’t have to worry about RFC 2527 any longer.


So, that's a Spring 2018 thing (specifically, May 2018). And if you're cleaning up for 2018, it's not clear if you were intending to touch the following paragraph (regarding September 2017) or not. 


If you're going a Spring 2018 route, then you'd want to be touching 6.3.2,, 7.1.3, 7.1,,, 4.9.10, 6.1.5, 8 (the implementors note), and the definition of "Effective Date"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180504/c92aac48/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180504/c92aac48/attachment-0001.p7s>

More information about the Public mailing list