[Servercert-wg] Ballot SC15 version 2: Remove Validation Method Number 9

Peter Miškovič Peter.Miskovic at disig.sk
Mon Feb 4 10:33:20 MST 2019


Disig votes "YES" on ballot Ballot SC15 version 2.

Regards
Peter

-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of servercert-wg-request at cabforum.org
Sent: Tuesday, January 29, 2019 11:02 PM
To: servercert-wg at cabforum.org
Subject: Servercert-wg Digest, Vol 7, Issue 44

Send Servercert-wg mailing list submissions to
	servercert-wg at cabforum.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://cabforum.org/mailman/listinfo/servercert-wg
or, via email, send a message with subject or body 'help' to
	servercert-wg-request at cabforum.org

You can reach the person managing the list at
	servercert-wg-owner at cabforum.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of Servercert-wg digest..."


Today's Topics:

   1. Voting begins: Ballot SC15 version 2: Remove Validation
      Method	Number 9 (Doug Beattie)
   2. Re: [EXTERNAL] Voting begins: Ballot SC15 version 2: Remove
      Validation Method Number 9 (Wayne Thayer)


----------------------------------------------------------------------

Message: 1
Date: Tue, 29 Jan 2019 21:26:08 +0000
From: Doug Beattie <doug.beattie at globalsign.com>
To: CA/B Forum Server Certificate WG Public Discussion List
	<servercert-wg at cabforum.org>
Subject: [Servercert-wg] Voting begins: Ballot SC15 version 2: Remove
	Validation Method	Number 9
Message-ID:
	<SL2PR03MB42368FC249B452BBECE20EE3F0970 at SL2PR03MB4236.apcprd03.prod.outlook.com>
	
Content-Type: text/plain; charset="us-ascii"

 

Corrected discussion and Voting period dates

 

Ballot SC15 version 2: Remove Validation Method Number 9

 

Purpose of Ballot:  Method 9, Test Certificate, is insecure when web hosting platforms use a single IP address for more than one Domain Name, so this method must not be used.

 

The following motion has been proposed by Doug Beattie of GlobalSign and endorsed by Bruce Morton of Entrust Datacard and Ryan Sleevi of Google.

 

--- MOTION BEGINS ---

This ballot modifies the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" as follows, based on Version
1.6.2:

 

Replace the content of section 3.2.2.4.9 with:

 

This method has been retired and MUST NOT be used. Prior validations using this method and validation data gathered according to this method SHALL NOT be used to issue certificates.

 

 

--- MOTION ENDS ---

 

*** WARNING ***: USE AT YOUR OWN RISK.  THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):

 

A comparison of the changes can be found at:
https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC15--
-Remove-Method-9 

 

 

The procedure for approval of this ballot is as follows:

 

Discussion (7+ days)

 

Start Time: 2019-01-22 08:15 Eastern

 

End Time: 2019-01-29 08:15 Eastern

 

Vote for approval (7 days)

 

Start Time: 2019-01-29 15:00 Eastern

 

End Time: 2019-02-05 15:00 Eastern

 

End Time: TBD

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190129/2faadd91/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5701 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190129/2faadd91/attachment-0001.p7s>

------------------------------

Message: 2
Date: Tue, 29 Jan 2019 15:01:05 -0700
From: Wayne Thayer <wthayer at mozilla.com>
To: Doug Beattie <doug.beattie at globalsign.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List
	<servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] [EXTERNAL] Voting begins: Ballot SC15
	version 2: Remove Validation Method Number 9
Message-ID:
	<CAJE6Z6fFBd2RCtrGf9-MX=T=k24odr0Xh_e53pjGpCxTKWjx9Q at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Thanks Doug. Unless someone objects, I will count the votes received from Google and Entrust.

- Wayne

On Tue, Jan 29, 2019 at 2:22 PM Doug Beattie <doug.beattie at globalsign.com>
wrote:

> Sorry, I will put the voting period in voting period line this time.  
> I?ll send a new email.
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf 
> Of *Wayne Thayer via Servercert-wg
> *Sent:* Tuesday, January 29, 2019 4:02 PM
> *To:* Bruce Morton <Bruce.Morton at entrustdatacard.com>
> *Cc:* CA/B Forum Server Certificate WG Public Discussion List < 
> servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] [EXTERNAL] Voting begins: Ballot SC15 
> version 2: Remove Validation Method Number 9
>
>
>
> Ah, the confusion is that Doug's most recent email confuses the voting 
> period with the discussion period:
>
>
>
> Discussion (7+ days)
>
>
>
> Start Time: 2019-01-29 15:00 Eastern
>
>
>
> End Time: 2019-02-05 15:00 Eastern
>
>
>
> Vote for approval (7 days)
>
>
>
> Start Time: TBD
>
>
>
> End Time: TBD
>
>
>
> Doug, do you want to send out a correction?
>
>
>
> On Tue, Jan 29, 2019 at 1:57 PM Bruce Morton < 
> Bruce.Morton at entrustdatacard.com> wrote:
>
> I thought the discussion period started on 22 January and ended today.
>
>
>
> Bruce.
>
>
>
> *From:* Servercert-wg [mailto:servercert-wg-bounces at cabforum.org] *On 
> Behalf Of *Wayne Thayer via Servercert-wg
> *Sent:* January 29, 2019 3:53 PM
> *To:* CA/B Forum Server Certificate WG Public Discussion List < 
> servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] [EXTERNAL] Voting begins: Ballot SC15 
> version 2: Remove Validation Method Number 9
>
>
>
> The enthusiasm is great, but voting on SC15 won't start until next 
> week, so these won't be counted.
>
>
>
> On Tue, Jan 29, 2019 at 1:23 PM Bruce Morton via Servercert-wg < 
> servercert-wg at cabforum.org> wrote:
>
> Entrust Datacard votes YES to Ballot SC15 version 2.
>
>
>
> Bruce.
>
>
>
> *From:* Servercert-wg [mailto:servercert-wg-bounces at cabforum.org] *On 
> Behalf Of *Doug Beattie via Servercert-wg
> *Sent:* January 29, 2019 2:57 PM
> *To:* CA/B Forum Server Certificate WG Public Discussion List < 
> servercert-wg at cabforum.org>
> *Subject:* [EXTERNAL][Servercert-wg] Voting begins: Ballot SC15 
> version
> 2: Remove Validation Method Number 9
>
>
>
>
>
> Ballot SC15 version 2: Remove Validation Method Number 9
>
>
>
> Purpose of Ballot:  Method 9, Test Certificate, is insecure when web 
> hosting platforms use a single IP address for more than one Domain 
> Name, so this method must not be used.
>
>
>
> The following motion has been proposed by Doug Beattie of GlobalSign 
> and endorsed by Bruce Morton of Entrust Datacard and Ryan Sleevi of Google.
>
>
>
> --- MOTION BEGINS ---
>
> This ballot modifies the ?Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates? as follows, based on 
> Version
> 1.6.2:
>
>
>
> Replace the content of section 3.2.2.4.9 with:
>
>
>
> This method has been retired and MUST NOT be used. Prior validations 
> using this method and validation data gathered according to this 
> method SHALL NOT be used to issue certificates.
>
>
>
>
>
> --- MOTION ENDS ---
>
>
>
> *** WARNING ***: USE AT YOUR OWN RISK.  THE REDLINE BELOW IS NOT THE 
> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
>
>
> A comparison of the changes can be found at:
> https://github.com/dougbeattie/documents/compare/master...dougbeattie:
> SC15---Remove-Method-9
>
>
>
>
>
> The procedure for approval of this ballot is as follows:
>
>
>
> Discussion (7+ days)
>
>
>
> Start Time: 2019-01-29 15:00 Eastern
>
>
>
> End Time: 2019-02-05 15:00 Eastern
>
>
>
> Vote for approval (7 days)
>
>
>
> Start Time: TBD
>
>
>
> End Time: TBD
>
>
>
>
>
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190129/24c81caa/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
http://cabforum.org/mailman/listinfo/servercert-wg


------------------------------

End of Servercert-wg Digest, Vol 7, Issue 44
********************************************


More information about the Servercert-wg mailing list