[Servercert-wg] Proposal to address ballot effective date problem

Ryan Sleevi sleevi at google.com
Wed Oct 17 01:10:53 MST 2018


Could you specifically explain the benefits you see for such a fixed
schedule? It seems the only real element of the discussion today that this
is addresses is that it allows for as little as two weeks from the adoption
of a ballot to enforcement.

It seems like the alternative proposal offered - to set a common fixed
expectation - is more beneficial to the CAs and the auditors tasked with
actually performing those assessments (as opposed to developing the
criteria). That is, ballots that complete the IP review will be
consistently brought into force 30 days later, unless there is a specific
consideration mentioned in the ballot.

I can't help but feel your proposal is optimizing for a different problem,
one which wasn't discussed, and so I fear I may be missing what you believe
the additional value compared to the other proposal.

On Wed, Oct 17, 2018 at 3:01 AM Richard Smith via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> As discussed at the Shanghai F2F today, there is a lot of confusion around
> ballot effective date and the current procedure is difficult to follow.
>
>
>
> To fix the problem I propose that we move to a quarterly release schedule
> for both BR and EVG using the following method:
>
>    1. Dates of publication:
>       1. February 1: Will include ballots which complete IPR review
>       between October 16 and January 15
>       2. May 1: Ballots which complete IPR review between January 16 and
>       April 15
>       3. August 1: Ballots which complete IPR review between April 16 and
>       July 15
>       4. November 1: ballots which complete IPR review between July 16
>       and October 15
>
> Ballot effective date will be the date upon which the BR or EVG containing
> it is published unless otherwise specified in the ballot itself and voted
> upon accordingly.  We need to keep the ability to specify an alternate date
> in the ballot in order to address critical items more quickly if necessary
> and also to allow additional time for some items if that is deemed
> necessary.
>
>
>
> I also think this type of scheduled publication will help our associates
> at WebTrust and ETSI to track changes and get them incorporated into their
> audit criteria more smoothly.
>
>
>
> Regards,
>
> *Rich Smith*
>
> *Senior Compliance Manager*
>
> ComodoCA.com
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20181017/11fc797b/attachment-0001.html>


More information about the Servercert-wg mailing list