[Servercert-wg] 'contactemail' registered with IANA
Ryan Sleevi
sleevi at google.com
Fri Mar 1 08:35:40 MST 2019
Just to echo the London minutes:
The proposal for how to resolve the chicken/egg problem is this:
1) Write spec describing "how" its used (extend BRs or as new doc)
2) IANA registration to formally reserve (and/or provide any comments or
feedback, as per expert review, if there are concerns with the "how" from
an operational perspective)
3) Update BRs to *allow* it to be used (e.g. adding a new 3.2.2.4 method
referring to the how)
This is similar to how we might otherwise extend with new technical
validation methods using, say, an IETF approach, such as ACME
1) Write spec describing how (e.g. ACME)
2) IANA registrations
3) Update BRs to allow (e.g. "ACME as specified by RFC xxxx")
The issue with the contact email that was raised it that it combined #1 &
#3, thus making any feedback in #2 pointless, since CAs would already be
doing it. That is, it removes the functional review or feedback from #2. By
deferring the allowing of the method until after we've solicited feedback,
we can change (e.g. alter #1 based on feedback from #2) without any
compatibility issues :)
On Tue, Feb 26, 2019 at 3:22 PM Tim Hollebeek via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> I went ahead and submitted a request for IANA to register it.
>
>
>
> If they want us to add it to the BRs first, we can do that, but I just
> read the appropriate section of RFC 5226 and a draft ballot should be
> sufficient.
>
>
>
> The registry can be updated to point to the official BR specification once
> it is approved.
>
>
>
> -Tim
>
>
>
> *From:* Doug Beattie <doug.beattie at globalsign.com>
> *Sent:* Tuesday, February 26, 2019 2:04 PM
> *To:* Tim Hollebeek <tim.hollebeek at digicert.com>; CA/B Forum Server
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* RE: 'contactemail' registered with IANA
>
>
>
> Should I proceed with a ballot to add this to the BRs first then?
>
>
>
> *From:* Tim Hollebeek <tim.hollebeek at digicert.com>
> *Sent:* Tuesday, February 26, 2019 1:21 PM
> *To:* Doug Beattie <doug.beattie at globalsign.com>; CA/B Forum Server
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* RE: 'contactemail' registered with IANA
>
>
>
> I have specifically proposed this approach, but there has been some
> pushback.
>
>
>
> -Tim
>
>
>
> *From:* Doug Beattie <doug.beattie at globalsign.com>
> *Sent:* Monday, February 25, 2019 6:59 AM
> *To:* Tim Hollebeek <tim.hollebeek at digicert.com>; CA/B Forum Server
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* RE: 'contactemail' registered with IANA
>
>
>
> Tim,
>
>
>
> Would a draft ballot satisfy the need?
>
>
>
> https://cabforum.org/pipermail/public/2019-January/014498.html
>
>
>
> Doug
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf Of *Tim
> Hollebeek via Servercert-wg
> *Sent:* Friday, February 22, 2019 5:29 PM
> *To:* CA/B Forum Server Certificate WG Public Discussion List <
> servercert-wg at cabforum.org>
> *Subject:* [Servercert-wg] 'contactemail' registered with IANA
>
>
>
>
>
> https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtml
>
>
>
> I’m working to get ‘contactphone’ registered as well, but they want a
> specification to point to. Someone is going to have to budge on this
> chicken/egg problem.
>
>
>
> -Tim
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190301/9c5d5c46/attachment.html>
More information about the Servercert-wg
mailing list