[Servercert-wg] [Ext] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

Tim Hollebeek tim.hollebeek at digicert.com
Fri Dec 21 10:07:26 MST 2018


Russ and I are working with IETF on getting an expert appointed.

-Tim

> -----Original Message-----
> From: Paul Hoffman <paul.hoffman at icann.org>
> Sent: Thursday, December 20, 2018 11:49 AM
> To: Rob Stradling <rob at sectigo.com>; CA/B Forum Server Certificate WG
> Public Discussion List <servercert-wg at cabforum.org>
> Cc: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> Subject: Re: [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA
> Contact Property and Associated E-mail Validation Methods
> 
> <decloaking for a moment of IETF process discussion>
> 
> > On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg
<servercert-
> wg at cabforum.org> wrote:
> >
> > Sectigo votes NO.
> >
> > We don't object to the idea behind this ballot, and we don't have any
> > specific objections to the content of this ballot either.  However, the
> > IETF has a process for defining new CAA properties, and this process
> > needs to be followed.
> >
> > https://tools.ietf.org/html/rfc6844#section-7.2 says:
> >   "Addition of tag identifiers requires a public specification and
> >    Expert Review as set out in [RFC6195], Section 3.1.1."
> >
> > The BRs is a "public specification", certainly.  However, *before* the
> > new CAA property proposed by this ballot can become enshrined as a
> > requirement in the BRs:
> >   1. An application for "Expert Review" must be submitted
> >   and
> >   2. An "approved" response from the designated Expert must be received
> >
> > Since IANA has not yet assigned any Expert(s) to the caa-properties
> > registry [1], it's clear that the required "Expert Review" has not yet
> > occurred.
> >
> >
> > [1]
> > https://www.iana.org/assignments/pkix-parameters/pkix-
> parameters.xhtml#caa-properties
> 
> It is worthwhile noting the paragraph of RFC 6844 immediately after the
one
> quoted above:
> 
>    The tag space is designed to be sufficiently large that exhausting
>    the possible tag space need not be a concern.  The scope of Expert
>    Review SHOULD be limited to the question of whether the specification
>    provided is sufficiently clear to permit implementation and to avoid
>    unnecessary duplication of functionality.
> 
> Even though there is not yet an expert reviewer (which is odd, given that
> they've had almost six years to make that assignment), this text makes it
> sound like the registration in this ballot would very likely be accepted,
and if
> it wasn't, an appeal would almost certainly win.
> 
> If this ballot passes, someone from CABForum should send a message to the
> IESG saying "there was no reviewer, we added a property that we think
> meets the requirements, and as soon as you assign an expert reviewer
> (cough cough) we will submit this to the registry".
> 
> --Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20181221/0da962f2/attachment-0001.p7s>


More information about the Servercert-wg mailing list