[Servercert-wg] [EXTERNAL]-Re: SC-065: Convert EVGs into RFC 3647 format pre-ballot
Pedro FUENTES
pfuentes at WISEKEY.COM
Wed Sep 13 12:02:19 UTC 2023
Thanks, Martin.
Section “3.2.1.3 Disclosure of Verification Sources” in the RFC-formatted version is just the same as the old section 11.1.3. There’s no language change in this case.
My personal opinion is that generally agreed changes (the change I proposed didn’t seem to raise concerns) could be integrated, but if the idea is to have an specific ballot for my change, then I guess I must wait to have this version published and then make the same PR I proposed (PR #439 <https://github.com/cabforum/servercert/pull/439>)
Best,
Pedro
> On 12 Sep 2023, at 21:33, Martijn Katerbarg <martijn.katerbarg at sectigo.com> wrote:
>
> Hey Pedro,
>
> I would suggest that we keep this in a separate ballot. The RFC conversion is a large update. Adding actual changes to the requirements in there, may make it messy and makes it even harder to review.
>
> If you wish, I’m happy however to help you update the existing proposed change, to the new language format. (That is, if we want to do the RFC conversion before this ballot).
>
> Regards,
>
> Martijn
>
> From: Servercert-wg <servercert-wg-bounces at cabforum.org <mailto:servercert-wg-bounces at cabforum.org>> on behalf of Pedro FUENTES via Servercert-wg <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org>>
> Date: Tuesday, 12 September 2023 at 20:35
> To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com>>, CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org>>
> Subject: Re: [Servercert-wg] [EXTERNAL]-Re: SC-065: Convert EVGs into RFC 3647 format pre-ballot
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> Should we try to integrate here the proposed change to regulate de use and disclosure of QGIS?
>
> I made the PR some time ago, but on the old version.
>
> BR/P
>
>
> Le 12 sept. 2023 à 20:18, Tim Hollebeek via Servercert-wg <servercert-wg at cabforum.org> a écrit :
>
>
> This is perfect, thank you. I’ll run it through our internal ballot review process and get you feedback from our compliance team.
>
> -Tim
>
> From: Inigo Barreira <Inigo.Barreira at sectigo.com>
> Sent: Friday, September 8, 2023 12:54 PM
> To: Tim Hollebeek <tim.hollebeek at digicert.com>; Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> Subject: RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot
>
> Hi all,
>
> Attached you´ll find the EVG v1.8.0 with comments in all sections indicating where those sections, and the content, have been moved into the new EVG RFC3647 format. So, with this document, plus the redlined version, I hope you can have now a clearer view of the changes done.
> Let me know if you need anything else to clarify the new version.
>
> Regards
>
> De: Inigo Barreira <Inigo.Barreira at sectigo.com <mailto:Inigo.Barreira at sectigo.com>>
> Enviado el: martes, 29 de agosto de 2023 17:06
> Para: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com>>; Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr <mailto:dzacharo at harica.gr>>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org>>
> Asunto: RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot
>
> Thanks Dimitris and Tim.
> I did something of that internally but didn´t reflect on the document, so will try to reproduce to have it clearer.
>
> OTOH, and as indicated in the PR, the whole section 11 has been placed in section 3.2 keeping the rest of the numbering. So, for example:
>
> EVG EVG3647
> 11.1 3.2.1
> 11.1.1 3.2.1.1
> 11.1.2 3.2.1.2
> 11.1.3 3.2.1.3
> 11.2 3.2.2
> 11.2.1 3.2.2.1
> ….. ….
> 11.13 3.2.13
> 11.14 3.2.14
> 11.14.1 3.2.14.1
> 11.14.2 3.2.14.2
> 11.14.3 3.2.14.3
>
> Hope this can clarify the main difficult that I found in the document, where to place it and how.
>
> Regards
>
> De: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com>>
> Enviado el: martes, 29 de agosto de 2023 16:59
> Para: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr <mailto:dzacharo at harica.gr>>; Inigo Barreira <Inigo.Barreira at sectigo.com <mailto:Inigo.Barreira at sectigo.com>>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org>>
> Asunto: RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> Yes, exactly. I would like to see a list that shows that EVG-classic section 1.4 is now in EVG-3647 section 4.1. Then I can look at where the new text landed, see how the conversion was handled, we can all verify that nothing was lost or left out, etc.
>
> Without that, anyone attempting to review the document is forced to recreate the mapping just to figure out where everything went and that nothing was missed or put in the wrong place. Redlines are not sufficient when large amounts of text are moving around to different places.
>
> I’m saying this because from my spot-checking, the conversion appears to be pretty good, and I’d like to be able to do a final verification that it’s mostly correct so I can endorse.
>
> -Tim
>
> From: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr <mailto:dzacharo at harica.gr>>
> Sent: Tuesday, August 29, 2023 7:58 AM
> To: Inigo Barreira <Inigo.Barreira at sectigo.com <mailto:Inigo.Barreira at sectigo.com>>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org>>; Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com>>
> Subject: Re: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot
>
> Hi Inigo,
>
> You can take some guidance from previous successful efforts to convert existing documents into RFC 3647 format. The latest attempt was in the Code Signing BRs conversion in May 2022. Check out the mapping document and the comments in the ballot discussion period <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fpipermail%2Fcscwg-public%2F2022-May%2F000795.html&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cb42a9ce8f5a340889b0b08dbb3bf02f7%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638301405228226825%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=H%2FdOTHVsbO106EtopGR1%2B8btsnYUKF6DMGDody17Vlw%3D&reserved=0>.
>
> For each existing section/paragraph, it would be nice to have a comment describing where that existing language will land in the converted document (destination). This will allow all existing text to be accounted for.
>
> During this process, you might encounter duplicate or redundant text which needs to be flagged accordingly. You might also get into some uncertainty as to which RFC3647 section is a best fit for existing text that might require additional discussion.
>
> I hope this helps.
>
>
> Dimitris.
>
> On 29/8/2023 12:42 μ.μ., Inigo Barreira via Servercert-wg wrote:
> Hi Tim,
>
> See attached redlined and current versions. I just used what Martijn suggested yesterday but let me know if this is what you were looking for.
>
> Regards
>
> De: Tim Hollebeek <tim.hollebeek at digicert.com> <mailto:tim.hollebeek at digicert.com>
> Enviado el: lunes, 28 de agosto de 2023 19:49
> Para: Inigo Barreira <Inigo.Barreira at sectigo.com> <mailto:Inigo.Barreira at sectigo.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org> <mailto:servercert-wg at cabforum.org>
> Asunto: RE: SC-065: Convert EVGs into RFC 3647 format pre-ballot
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> Thanks for doing this Inigo … I know re-organizations like this are a lot of work and fall very much in the category of “important but not fun”. So thanks for taking an initial stab at this.
>
> Is there a mapping that shows where all the original text ended up? I think that’s going to be essential for people to be able to review this. I did some spot checking, and your conversion looks pretty good, but I wasn’t able to do a more detailed review without a mapping.
>
> -Tim
>
> From: Servercert-wg <servercert-wg-bounces at cabforum.org <mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Inigo Barreira via Servercert-wg
> Sent: Monday, August 28, 2023 5:20 AM
> To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org>>
> Subject: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot
>
> Hello,
> The current Extended Validation Guidelines (EVGs) are written in a non-standardized format. For many years it has been discussed to convert this document into the RFC 3647 format and follow the standardized model for this type of documents.
>
> Given that this has been known for several years, I have prepared the following ballot text, which converts the EVGs into the RFC 3647 format:
> EVGs based on RFC3647 by barrini · Pull Request #440 · cabforum/servercert (github.com) <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl.avanan.click%2Fv2%2F___https%3A%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F440___.YXAzOmRpZ2ljZXJ0OmE6bzoyOGIxNWVhZGVmZDlkZTM0NjQzZTA3YTlmYTA2MzM5YTo2OmExZWM6NGZmMGEzM2U0ZWZjOTU4MTM1NWRkNjU3ZDE5YjU3Y2YxNzg1NWU0ZTVjYzkzY2NjM2M0MWU5MzEyYzJmZTQ0NzpoOkY&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cb42a9ce8f5a340889b0b08dbb3bf02f7%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638301405228226825%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=92xUVM9tDE9bNYOAvO4HMhZDcBns9AQ5uzSZDgOu1PY%3D&reserved=0>
>
> I am currently seeking two endorsers as well as any feedback on the ballot content itself (wording, effective dates, etc.).
>
> Thanks,
>
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org <mailto:Servercert-wg at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/servercert-wg <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7Cb42a9ce8f5a340889b0b08dbb3bf02f7%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638301405228226825%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wG0XWNQKIAhUfDMkQ4oXnaRx4mVi%2BFTLPEHyzq2SyI8%3D&reserved=0>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=WmdTqJM_H2QE7y24jf_bhsDgho69LF2U1SUyhy0F485kRk3VyAqj1CkHFnGrMNyj&s=csiIAzK6IupOVFgFZ0n1R6yd7EHlCpWjeTgaq4hmXUc&e=
WISeKey SA
Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790
Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland
Stay connected with WISeKey <http://www.wisekey.com/>
THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks
CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender
DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230913/afc211f8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3407 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230913/afc211f8/attachment-0001.p7s>
More information about the Servercert-wg
mailing list