[Servercert-wg] Ballot SC41: Reformat the BRs, EVGs, and NCSSRs

Aaron Gable aaron at letsencrypt.org
Sat Jan 30 01:13:16 UTC 2021


This was probably already clear from activity on the github PR, but for the
record: I, and Let's Encrypt, am/are in favor of this ballot and have no
substantive critiques or changes to request in this discussion period.

Aaron

On Thu, Jan 28, 2021 at 2:33 PM Ryan Sleevi via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> This begins the discussion period for SC41: Reformat the BRs, EVGs, and
> NCSSRs
>
> Purpose of Ballot:
>
> This ballot attempts to align the Baseline Requirements (BRs), EV
> Guidelines (EVGs), and the Network and Certificate System Security
> Requirements (NCSSRs) to a common format, to allow for the automatic
> generation of final documents without requiring third-party tooling being
> installed locally.
>
> It is a continuation of the work started in SC26 [1], and is within the
> work started originally by Ballots 154 and 155 [2]. If this ballot
> succeeds, the Server Certificate Working Group will use the
> version-controlled documents in GitHub as the authoritative source of
> requirements, avoiding issues that resulted from exchanging various
> versions of Microsoft Office files via e-mail or the Wiki.
>
> The following changes are made, and are explicitly called out, beyond
> changes to font/styling
>
>    - Baseline Requirements
>       - Formatting issues in Sections 3.2.2.4.18, 3.2.2.4.19, 4.10.1,
>       6.1.6, Appendix B are resolved (see [3] [4] [5])
>       - Section 9.6.1 referenced a non-existent Section 11.2, which was a
>       bug introduced in BRs v1.3.0. This is fixed to the correct section, which
>       is 7.1.4.2.2. [6]
>       - Section 3.2.2.4.7 referenced Section 3.3.1, rather than the
>       intended Section 4.2.1 [7]
>       - The BRs consistently incorrectly refer to Section 8.1 for audit
>       schemes, when the correct reference in Section 8.4 [8]
>    - Extended Validation Guidelines
>       - The EVGs are aligned to common language when referencing other
>       sections, removing variations like “this Section X”, “the Section X of
>       these Guidelines”, “Section X herein”, etc. Ambiguity is avoided by
>       ensuring these references will also be internal document links that are
>       structurally enforced.
>    - Network and Certificate System Security
>       - The structure is aligned to the BRs and EVGs, by listing Scope
>       and Applicability followed by Document History and Definitions.
>       - Section 2, Items (g), (k), and (o) and Section 4, Item (c) and
>       (f), have the sub-items renumbered to Arabic numerals (1, 2, 3, 4) instead
>       of Roman numerals (i, ii, iii, iv), for consistency and to avoid ambiguity
>       with I/(i)/i.
>
> This ballot attaches derived versions of these documents in PDF and
> Microsoft Office, as produced by these changes. However, these documents
> are INFORMATIVE only, as per the Ballot text, and are provided to assist
> Members in review. For the avoidance of doubt, the attached documents do
> not constitute Ballot Versions, as defined within the CA/Browser Forum
> Bylaws, Section 2.4(1).
>
> If there are any inconsistencies, the balloted text redline shall decide
> the definitive version. However, Members are encouraged to raise any such
> presentation issues, to ensure they can be reasonably addressed as part of
> this Ballot.
>
> The following motion has been proposed by Ryan Sleevi of Google and
> endorsed by Ben Wilson of Mozilla and Dimitris Zacharopoulos of HARICA.
>
> [1]
> https://cabforum.org/2020/03/30/ballot-sc26v2-pandoc-friendly-markdown-formatting-changes/
> [2]
> https://cabforum.org/2015/11/18/ballots-154-and-155-convert-to-rfc-3647-framework-and-github/
> [3] https://github.com/cabforum/servercert/issues/230
> [4] https://github.com/cabforum/servercert/issues/231
> [5] https://github.com/cabforum/servercert/issues/233
> [6] https://github.com/cabforum/servercert/issues/237
> [7] https://github.com/cabforum/servercert/issues/236
> [8] https://github.com/cabforum/servercert/issues/216
>
> – MOTION BEGINS –
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
> based on Version 1.7.3:
>
> MODIFY the Baseline Requirements as defined in the following redline:
>
>
> https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..e35cbe8cec1d2f2b51181e6882b600b09cf7a61a
>
> This ballot modifies the “Guidelines for the Issuance and Management of
> Extended Validation Certificates” (“EV Guidelines”) as follows, based on
> Version 1.7.4:
>
> MODIFY the EV Guidelines as defined in the following redline:
>
>
> https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..e35cbe8cec1d2f2b51181e6882b600b09cf7a61a
>
> This ballot modifies the “Network and Certificate System Security
> Requirements” (“Network Security Controls”) as follows, based on Version 1.5
>
> MODIFY the Network Security Controls as defined in the following redline:
>
>
> https://github.com/cabforum/documents/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..e35cbe8cec1d2f2b51181e6882b600b09cf7a61a
>
> On the successful adoption of this Ballot, the Forum shall recognize the
> CA/Browser Forum Server Certificate Chartered Working Group Git repository,
> as the authoritative and canonical source for the Baseline Requirements, EV
> Guidelines, and Network Security Controls. Alternative presentation formats
> may be used and provided, such as PDF/A, Office Open XML, or HTML, but in
> the event of any inconsistency in presentation, the documents as committed
> to the official Git repository shall be authoritative.
>
> At the time of this ballot, the Git repository may be browsed at
> https://github.com/cabforum/servercert and cloned via
> https://github.com/cabforum/servercert.git
>
> – MOTION ENDS –
>
> This ballot proposes three Final Maintenance Guidelines.
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: 2021-01-29 00:00:00 UTC
> End Time: TBD
>
> Vote for approval (7 days)
>
> Start Time: TBD
> End Time: TBD
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210129/abb94014/attachment.html>


More information about the Servercert-wg mailing list