[Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot

Tim Hollebeek tim.hollebeek at digicert.com
Tue Sep 12 18:18:00 UTC 2023


This is perfect, thank you.  I’ll run it through our internal ballot review
process and get you feedback from our compliance team.



-Tim



From: Inigo Barreira <Inigo.Barreira at sectigo.com>
Sent: Friday, September 8, 2023 12:54 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; Dimitris Zacharopoulos
(HARICA) <dzacharo at harica.gr>; CA/B Forum Server Certificate WG Public
Discussion List <servercert-wg at cabforum.org>
Subject: RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format
pre-ballot



Hi all,



Attached you´ll find the EVG v1.8.0 with comments in all sections
indicating where those sections, and the content, have been moved into the
new EVG RFC3647 format. So, with this document, plus the redlined version, I
hope you can have now a clearer view of the changes done.

Let me know if you need anything else to clarify the new version.



Regards



De: Inigo Barreira <Inigo.Barreira at sectigo.com
<mailto:Inigo.Barreira at sectigo.com> >
Enviado el: martes, 29 de agosto de 2023 17:06
Para: Tim Hollebeek <tim.hollebeek at digicert.com
<mailto:tim.hollebeek at digicert.com> >; Dimitris Zacharopoulos (HARICA)
<dzacharo at harica.gr <mailto:dzacharo at harica.gr> >; CA/B Forum Server
Certificate WG Public Discussion List <servercert-wg at cabforum.org
<mailto:servercert-wg at cabforum.org> >
Asunto: RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format
pre-ballot



Thanks Dimitris and Tim.

I did something of that internally but didn´t reflect on the document, so
will try to reproduce to have it clearer.



OTOH, and as indicated in the PR, the whole section 11 has been placed in
section 3.2 keeping the rest of the numbering. So, for example:



EVG                                     EVG3647

11.1                                    3.2.1

11.1.1                                 3.2.1.1

11.1.2                                 3.2.1.2

11.1.3                                 3.2.1.3

11.2                                    3.2.2

11.2.1                                 3.2.2.1

…..                                       ….

11.13                                  3.2.13

11.14                                  3.2.14

11.14.1                               3.2.14.1

11.14.2                               3.2.14.2

11.14.3                               3.2.14.3



Hope this can clarify the main difficult that I found in the document, where
to place it and how.



Regards



De: Tim Hollebeek <tim.hollebeek at digicert.com
<mailto:tim.hollebeek at digicert.com> >
Enviado el: martes, 29 de agosto de 2023 16:59
Para: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr
<mailto:dzacharo at harica.gr> >; Inigo Barreira <Inigo.Barreira at sectigo.com
<mailto:Inigo.Barreira at sectigo.com> >; CA/B Forum Server Certificate WG
Public Discussion List <servercert-wg at cabforum.org
<mailto:servercert-wg at cabforum.org> >
Asunto: RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format
pre-ballot



CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.



Yes, exactly.  I would like to see a list that shows that EVG-classic
section 1.4 is now in EVG-3647 section 4.1.  Then I can look at where the
new text landed, see how the conversion was handled, we can all verify that
nothing was lost or left out, etc.



Without that, anyone attempting to review the document is forced to recreate
the mapping just to figure out where everything went and that nothing was
missed or put in the wrong place.  Redlines are not sufficient when large
amounts of text are moving around to different places.



I’m saying this because from my spot-checking, the conversion appears to be
pretty good, and I’d like to be able to do a final verification that it’s
mostly correct so I can endorse.



-Tim



From: Dimitris Zacharopoulos (HARICA) < <mailto:dzacharo at harica.gr>
dzacharo at harica.gr>
Sent: Tuesday, August 29, 2023 7:58 AM
To: Inigo Barreira < <mailto:Inigo.Barreira at sectigo.com>
Inigo.Barreira at sectigo.com>; CA/B Forum Server Certificate WG Public
Discussion List < <mailto:servercert-wg at cabforum.org>
servercert-wg at cabforum.org>; Tim Hollebeek < <mailto:tim.hollebeek at digicert.
com> tim.hollebeek at digicert.com>
Subject: Re: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format
pre-ballot



Hi Inigo,

You can take some guidance from previous successful efforts to convert
existing documents into RFC 3647 format. The latest attempt was in the Code
Signing BRs conversion in May 2022. Check out the mapping document and the
comments in the  <https://nam04.safelinks.protection.outlook.com/?url=https%
3A%2F%2Flists.cabforum.org%2Fpipermail%2Fcscwg-public%2F2022-May%2F000795.ht
ml&data=05%7C01%7CInigo.Barreira%40sectigo.com%7C745e9a7716ad496fd2c708dba8a
083f5%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638289179605518540%7CUnkn
own%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC
I6Mn0%3D%7C3000%7C%7C%7C&sdata=I%2FvFPk7GebgbEFSqcHvazeciYyB7YrMV8iU%2FaWjzs
8Y%3D&reserved=0> ballot discussion period.

For each existing section/paragraph, it would be nice to have a comment
describing where that existing language will land in the converted document
(destination). This will allow all existing text to be accounted for.

During this process, you might encounter duplicate or redundant text which
needs to be flagged accordingly. You might also get into some uncertainty as
to which RFC3647 section is a best fit for existing text that might require
additional discussion.

I hope this helps.


Dimitris.

On 29/8/2023 12:42 μ.μ., Inigo Barreira via Servercert-wg wrote:

Hi Tim,



See attached redlined and current versions. I just used what Martijn
suggested yesterday but let me know if this is what you were looking for.



Regards



De: Tim Hollebeek  <mailto:tim.hollebeek at digicert.com>
<tim.hollebeek at digicert.com>
Enviado el: lunes, 28 de agosto de 2023 19:49
Para: Inigo Barreira  <mailto:Inigo.Barreira at sectigo.com>
<Inigo.Barreira at sectigo.com>; CA/B Forum Server Certificate WG Public
Discussion List  <mailto:servercert-wg at cabforum.org>
<servercert-wg at cabforum.org>
Asunto: RE: SC-065: Convert EVGs into RFC 3647 format pre-ballot



CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.



Thanks for doing this Inigo … I know re-organizations like this are a lot
of work and fall very much in the category of “important but not fun”.  So
thanks for taking an initial stab at this.



Is there a mapping that shows where all the original text ended up?  I think
that’s going to be essential for people to be able to review this.  I did
some spot checking, and your conversion looks pretty good, but I wasn’t
able to do a more detailed review without a mapping.



-Tim



From: Servercert-wg < <mailto:servercert-wg-bounces at cabforum.org>
servercert-wg-bounces at cabforum.org> On Behalf Of Inigo Barreira via
Servercert-wg
Sent: Monday, August 28, 2023 5:20 AM
To: CA/B Forum Server Certificate WG Public Discussion List <
<mailto:servercert-wg at cabforum.org> servercert-wg at cabforum.org>
Subject: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format
pre-ballot



Hello,

The current Extended Validation Guidelines (EVGs) are written in a
non-standardized format. For many years it has been discussed to convert
this document into the RFC 3647 format and follow the standardized model for
this type of documents.



Given that this has been known for several years, I have prepared the
following ballot text, which converts the EVGs into the RFC 3647 format:

EVGs based on RFC3647 by barrini ・ Pull Request #440 ・ cabforum/servercert
(github.com)



I am currently seeking two endorsers as well as any feedback on the ballot
content itself (wording, effective dates, etc.).



Thanks,





_______________________________________________
Servercert-wg mailing list
 <mailto:Servercert-wg at cabforum.org> Servercert-wg at cabforum.org

<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cab
forum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7CInigo.Barreira
%40sectigo.com%7C745e9a7716ad496fd2c708dba8a083f5%7C0e9c48946caa465d96604b69
68b49fb7%7C0%7C0%7C638289179605675225%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=P
EKvI1ROnN3jYvucjp92GYalUTrtp0nEGKL7fj0WiJ4%3D&reserved=0>
https://lists.cabforum.org/mailman/listinfo/servercert-wg



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230912/f93f600b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5231 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230912/f93f600b/attachment-0001.p7s>


More information about the Servercert-wg mailing list