[Servercert-wg] Ballot SC41: Reformat the BRs, EVGs, and NCSSRs

Ryan Sleevi sleevi at google.com
Thu Jan 28 22:32:38 UTC 2021


This begins the discussion period for SC41: Reformat the BRs, EVGs, and
NCSSRs

Purpose of Ballot:

This ballot attempts to align the Baseline Requirements (BRs), EV
Guidelines (EVGs), and the Network and Certificate System Security
Requirements (NCSSRs) to a common format, to allow for the automatic
generation of final documents without requiring third-party tooling being
installed locally.

It is a continuation of the work started in SC26 [1], and is within the
work started originally by Ballots 154 and 155 [2]. If this ballot
succeeds, the Server Certificate Working Group will use the
version-controlled documents in GitHub as the authoritative source of
requirements, avoiding issues that resulted from exchanging various
versions of Microsoft Office files via e-mail or the Wiki.

The following changes are made, and are explicitly called out, beyond
changes to font/styling

   - Baseline Requirements
      - Formatting issues in Sections 3.2.2.4.18, 3.2.2.4.19, 4.10.1,
      6.1.6, Appendix B are resolved (see [3] [4] [5])
      - Section 9.6.1 referenced a non-existent Section 11.2, which was a
      bug introduced in BRs v1.3.0. This is fixed to the correct section, which
      is 7.1.4.2.2. [6]
      - Section 3.2.2.4.7 referenced Section 3.3.1, rather than the
      intended Section 4.2.1 [7]
      - The BRs consistently incorrectly refer to Section 8.1 for audit
      schemes, when the correct reference in Section 8.4 [8]
   - Extended Validation Guidelines
      - The EVGs are aligned to common language when referencing other
      sections, removing variations like “this Section X”, “the Section X of
      these Guidelines”, “Section X herein”, etc. Ambiguity is avoided by
      ensuring these references will also be internal document links that are
      structurally enforced.
   - Network and Certificate System Security
      - The structure is aligned to the BRs and EVGs, by listing Scope and
      Applicability followed by Document History and Definitions.
      - Section 2, Items (g), (k), and (o) and Section 4, Item (c) and (f),
      have the sub-items renumbered to Arabic numerals (1, 2, 3, 4) instead of
      Roman numerals (i, ii, iii, iv), for consistency and to avoid ambiguity
      with I/(i)/i.

This ballot attaches derived versions of these documents in PDF and
Microsoft Office, as produced by these changes. However, these documents
are INFORMATIVE only, as per the Ballot text, and are provided to assist
Members in review. For the avoidance of doubt, the attached documents do
not constitute Ballot Versions, as defined within the CA/Browser Forum
Bylaws, Section 2.4(1).

If there are any inconsistencies, the balloted text redline shall decide
the definitive version. However, Members are encouraged to raise any such
presentation issues, to ensure they can be reasonably addressed as part of
this Ballot.

The following motion has been proposed by Ryan Sleevi of Google and
endorsed by Ben Wilson of Mozilla and Dimitris Zacharopoulos of HARICA.

[1]
https://cabforum.org/2020/03/30/ballot-sc26v2-pandoc-friendly-markdown-formatting-changes/
[2]
https://cabforum.org/2015/11/18/ballots-154-and-155-convert-to-rfc-3647-framework-and-github/
[3] https://github.com/cabforum/servercert/issues/230
[4] https://github.com/cabforum/servercert/issues/231
[5] https://github.com/cabforum/servercert/issues/233
[6] https://github.com/cabforum/servercert/issues/237
[7] https://github.com/cabforum/servercert/issues/236
[8] https://github.com/cabforum/servercert/issues/216

– MOTION BEGINS –

This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
based on Version 1.7.3:

MODIFY the Baseline Requirements as defined in the following redline:

https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..e35cbe8cec1d2f2b51181e6882b600b09cf7a61a

This ballot modifies the “Guidelines for the Issuance and Management of
Extended Validation Certificates” (“EV Guidelines”) as follows, based on
Version 1.7.4:

MODIFY the EV Guidelines as defined in the following redline:

https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..e35cbe8cec1d2f2b51181e6882b600b09cf7a61a

This ballot modifies the “Network and Certificate System Security
Requirements” (“Network Security Controls”) as follows, based on Version 1.5

MODIFY the Network Security Controls as defined in the following redline:

https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..e35cbe8cec1d2f2b51181e6882b600b09cf7a61a

On the successful adoption of this Ballot, the Forum shall recognize the
CA/Browser Forum Server Certificate Chartered Working Group Git repository,
as the authoritative and canonical source for the Baseline Requirements, EV
Guidelines, and Network Security Controls. Alternative presentation formats
may be used and provided, such as PDF/A, Office Open XML, or HTML, but in
the event of any inconsistency in presentation, the documents as committed
to the official Git repository shall be authoritative.

At the time of this ballot, the Git repository may be browsed at
https://github.com/cabforum/servercert and cloned via
https://github.com/cabforum/servercert.git

– MOTION ENDS –

This ballot proposes three Final Maintenance Guidelines.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 2021-01-29 00:00:00 UTC
End Time: TBD

Vote for approval (7 days)

Start Time: TBD
End Time: TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210128/a453e4d7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BR.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 97852 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210128/a453e4d7/attachment-0003.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BR.pdf
Type: application/pdf
Size: 293855 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210128/a453e4d7/attachment-0003.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EVG.pdf
Type: application/pdf
Size: 249234 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210128/a453e4d7/attachment-0004.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EVG.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 77535 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210128/a453e4d7/attachment-0004.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NSR.pdf
Type: application/pdf
Size: 48545 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210128/a453e4d7/attachment-0005.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NSR.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 25436 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210128/a453e4d7/attachment-0005.docx>


More information about the Servercert-wg mailing list