[Servercert-wg] [Ext] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

Paul Hoffman paul.hoffman at icann.org
Thu Dec 20 09:48:30 MST 2018

<decloaking for a moment of IETF process discussion>

> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg <servercert-wg at cabforum.org> wrote:
> Sectigo votes NO.
> We don't object to the idea behind this ballot, and we don't have any 
> specific objections to the content of this ballot either.  However, the 
> IETF has a process for defining new CAA properties, and this process 
> needs to be followed.
> https://tools.ietf.org/html/rfc6844#section-7.2 says:
>   "Addition of tag identifiers requires a public specification and
>    Expert Review as set out in [RFC6195], Section 3.1.1."
> The BRs is a "public specification", certainly.  However, *before* the 
> new CAA property proposed by this ballot can become enshrined as a 
> requirement in the BRs:
>   1. An application for "Expert Review" must be submitted
>   and
>   2. An "approved" response from the designated Expert must be received
> Since IANA has not yet assigned any Expert(s) to the caa-properties 
> registry [1], it's clear that the required "Expert Review" has not yet 
> occurred.
> [1] 
> https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtml#caa-properties

It is worthwhile noting the paragraph of RFC 6844 immediately after the one quoted above:

   The tag space is designed to be sufficiently large that exhausting
   the possible tag space need not be a concern.  The scope of Expert
   Review SHOULD be limited to the question of whether the specification
   provided is sufficiently clear to permit implementation and to avoid
   unnecessary duplication of functionality.

Even though there is not yet an expert reviewer (which is odd, given that they've had almost six years to make that assignment), this text makes it sound like the registration in this ballot would very likely be accepted, and if it wasn't, an appeal would almost certainly win. 

If this ballot passes, someone from CABForum should send a message to the IESG saying "there was no reviewer, we added a property that we think meets the requirements, and as soon as you assign an expert reviewer (cough cough) we will submit this to the registry".

--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3915 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20181220/6c39b3ab/attachment.p7s>

More information about the Servercert-wg mailing list