[Servercert-wg] CANCEL Notice of Review Period – Ballot SC35

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Wed Sep 16 11:17:20 MST 2020 


On 2020-09-16 8:52 μ.μ., Ryan Sleevi wrote:
> I realize you've provided further context, but my hope is that by 
> laying out the fundamentally wrong assumptions above, which your 
> further replies build on, we can make progress here in understanding 
> why "Everyone already reviewed the Ballot, what's the harm" is a 
> deeply flawed assumption that permeates the subsequent decision making.

Early in this thread, when you presented the example ballot A and B 
should not produce an IPR review of A + B because failure of either A or 
B would block the other, I agreed that the IPR reviews should be 
distinct. This solves the possible legal issue you described.

The second issue is the creation of an aggregated or separate final 
guidelines which exploded the thread.

The logical assumption I make is that CAs, especially the ones outside 
the Forum, assuming they don't check the ballots, IPR Review and such, 
they should at least directly check and monitor when a new Final 
Maintenance Guideline is published. These CAs will either see three 
distinct Final Guidelines becoming effective on the same day [versions 
1.2.1, 1.2.2 (including changes from 1.2.1) and 1.2.3 (including changes 
from 1.2.1 and 1.2.2)], or one aggregated version 1.2.1 that will 
include changes from all ballots that cleared IPR review.

In my understanding these CAs are better served by bringing the 
aggregated final Guideline to their compliance/engineering department, 
rather than versions 1.2.1, 1.2.2 and 1.2.3. It doesn't make sense for 
me to create 1.2.1 and 1.2.2 since all the introduced changes will be in 
1.2.3.

I realize that we are spending a disproportional amount of time debating 
on this, but I honestly can't see -yet- the "disastrous consequences" 
that this can create, and I am very curious to see why I can't see that. 
That's why I was hoping for Wayne or Dean to explain these risks in 
their own words, in case it makes more sense to them.

This is no longer an issue because as mentioned in my previous post, we 
will stop this practice as I don't have any strong feelings about either 
way, but I sincerely want to better understand and "see" these risks and 
problems with this practice.

More information about the Servercert-wg mailing list