[cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Tue May 22 15:38:09 UTC 2018

Good point.

We would support this clarification.

-Tim

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Monday, May 21, 2018 9:47 PM
To: Wayne Thayer <wthayer at mozilla.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Google votes YES.

Noting, however, that despite the stated purpose of the ballot, there is the risk that by being a selection of options, we will have the unfortunately common risk of misreading it **incorrectly** as:

"Retrieved (1) directly from the Domain Name Registrar or registry operator via the protocol defined in RFC 3912, (2) the Registry Data Access Protocol defined in RFC 7482, (3) or an HTTPS website"

rather than the correct reading, which is:

"Retrieved directly from the Domain Name Registrar or registry operator via (1) the protocol defined in RFC 3912, (2) the Registry Data Access Protocol defined in RFC 7482, (3) or an HTTPS website"

This would ideally be resolved in a subsequent ballot as quickly as possible, for the benefit of our non-native English speaking participants in particular, and to ensure that it is clear and unambiguous the expectation, despite being plainly stated in the Purpose as to what the desired interpretation is. Ideally, such a ballot would not express normative requirements in definitions, and might otherwise use an explicit section to explain what process a CA should use for the determination of this information, but for expediency sake, clarifying in situ seems desirable.

On Tue, May 15, 2018 at 3:21 PM, Wayne Thayer via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

Ballot 224: WHOIS and RDAP

Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the successor to WHOIS, and this ballot adds explicit support for RDAP to the BRs by adding a definition of "WHOIS". The new definition permits the use of the registry or registrar's web interface, and requires WHOIS information to be retrieved directly from the registrar or registry of the domain name.

The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Tim Hollebeek of DigiCert and Adriano Santoni of Actalis.

— MOTION BEGINS –
This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based upon Version 1.5.7:

In section 1.6.1, add the following definition:

WHOIS: information retrieved directly from the Domain Name Registrar or registry operator via the protocol defined in RFC 3912, the Registry Data Access Protocol defined in RFC 7482, or an HTTPS website. 

In section 1.6.3, add the following references:

RFC3912, Request for Comments: 3912, WHOIS Protocol Specification, Daigle, September 2004. 

RFC7482, Request for Comments: 7482, Registration Data Access Protocol (RDAP) Query Format, Newton, et al, March 2015. 

— MOTION ENDS –

A comparison of the changes can be found at https://github.com/cabforum/documents/compare/Ballot220...wthayer:Ballot224

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 2018-05-03  19:00 UTC

End Time: after 2018-05-15 19:00 UTC

Vote for approval (7 days)

Start Time: 2018-05-15  19:00 UTC

End Time: 2018-05-22  19:00 UTC

_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 
https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180522/ab7c61f2/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180522/ab7c61f2/attachment-0003.p7s>