[Servercert-wg] [Voting Period Begins] SC-070: Clarify the use of DTPs for Domain Control Validation

Inigo Barreira Inigo.Barreira at sectigo.com
Tue Feb 13 16:31:47 UTC 2024

Hi Aaron,


I think so. The SCWG charter does not say anything about it but the CABF bylaws indicate the following under section 2.3 General provisions applicable to all ballots:

1.	Any Voting Representative can call for a proposed ballot to be published for discussion and comment by the membership. Any proposed ballot needs endorsements by at least one (1) Voting Representative from two (2) other Voting Members in order to proceed. The discussion period then shall take place for at least seven (7) calendar days before votes are cast. At any time, a new version of the ballot (marked with a distinguishing version number) may be posted by the proposer in the same manner as the original. Once no new version of the ballot has been posted for seven (7) calendar days, the proposer may end the discussion period and start the voting period by reposting the final version of the ballot and clearly indicating that voting is to begin, along with the start and end dates and times (including time zone) for the voting period. The ballot automatically fails if ninety (90) calendar days elapse since the proposer last posted a version of the ballot and the voting period has not been started.
2.	Upon commencement of the voting period, Voting Members shall have exactly seven (7) calendar days for voting on the proposed ballot, with the deadline clearly communicated in the ballot and sent via a Public Mail List. A proposer may withdraw a ballot containing defective language at any point during the voting period. For ballots related to the Forum level, votes must be sent to the Public Mail List of the Forum. For ballots related to a CWG, votes must be sent to the Public Mail List of the CWG. All voting will take place via a Public Mail List. Votes must be submitted by a Voting Representative to the correct Public Mail List by the end of the voting period (as specified in the ballot) to be considered valid and counted. Each Voting Member, and not the Forum or CWG, will be responsible for taking precautions to make sure such Member’s vote is submitted properly and counted. In the event that a Voting Member’s vote on a ballot is not submitted properly, such vote shall not be valid and shall not be counted for any purpose, and there shall be no appeal, re-vote (except in the case of a new ballot submitted to all Voting Members) or other recourse.


I think it´s not “clearly indicating” even though it´s an obvious typo. So I´d suggest to start the voting period again.




De: Servercert-wg <servercert-wg-bounces at cabforum.org> En nombre de Aaron Gable via Servercert-wg
Enviado el: martes, 13 de febrero de 2024 17:23
Para: Mads Egil Henriksveen <Mads.Henriksveen at buypass.no>
CC: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Asunto: Re: [Servercert-wg] [Voting Period Begins] SC-070: Clarify the use of DTPs for Domain Control Validation


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


My apologies, that was an obvious typo. Chairs, is that the kind of typo that requires the voting period to restart? 





On Mon, Feb 12, 2024 at 10:29 PM Mads Egil Henriksveen <Mads.Henriksveen at buypass.no <mailto:Mads.Henriksveen at buypass.no> > wrote:

Buypass votes YES on ballot SC-070.


The vote period end should be changed to 2024-02-19. 




From: Servercert-wg <servercert-wg-bounces at cabforum.org <mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Aaron Gable via Servercert-wg
Sent: Monday, February 12, 2024 11:56 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: [Servercert-wg] [Voting Period Begins] SC-070: Clarify the use of DTPs for Domain Control Validation


This ballot aims to clarify the existing language around the use of delegated third-parties during domain and IP address control validation. It leaves the existing language in place, and adds specifics for the cases of DNS queries, WHOIS lookups, and contact with the Domain Name Registrat or IP Address Registration Authority.


Additionally, it places these same restrictions on CAA checking, with an effective date of 2024-05-15.


This ballot is proposed by Aaron Gable (ISRG / Let's Encrypt) and endorsed by Mads Henriksveen (Buypass) and Dimitris Zacharopoulos (HARICA). You can view and comment on the github pull request representing this ballot here: https://github.com/cabforum/servercert/puhttps://lists.cabforum.org/pipermail/servercert-wg/2024-February/004174.htmlll/475 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F475&data=05%7C02%7Cinigo.barreira%40sectigo.com%7Cb3a6232e2f914867ad8b08dc2cb00c12%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638434381832453330%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=DYgOhQ9EFzyPJYav3IyRhR3GJl%2F5RFxU9P7BaPx0A8I%3D&reserved=0> 


The preceding discussion can be seen here: https://lists.cabforum.org/pipermail/servercert-wg/2024-February/004174.html <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fpipermail%2Fservercert-wg%2F2024-February%2F004174.html&data=05%7C02%7Cinigo.barreira%40sectigo.com%7Cb3a6232e2f914867ad8b08dc2cb00c12%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638434381832463512%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=st9S2hwqrR62w8XyfNUDH2Ym8gNum1A2zdTLNB84T2k%3D&reserved=0> 


--- Motion Begins ---


This ballot modifies the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" ("Baseline Requirements") based on Version 2.0.2


MODIFY the Baseline Requirements as specified in the following redline: https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35...00ea6e24c474fd0ab6eecc25cb8eb733fffc60c3


--- Motion Ends ---


Discussion (at least 7 days):

- Start: 2024-02-02 22:30 UTC

- End: 2024-02-12 22:30 UTC


Vote for approval (7 days):

- Start: 2024-02-12 22:30 UTC

- End: 2024-02-09 22:30 UTC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240213/89f0f24d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6630 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240213/89f0f24d/attachment-0001.p7s>

More information about the Servercert-wg mailing list