[Servercert-wg] [Voting Period Begins]: SC65: Convert EVGs into RFC 3647 format v2

Inigo Barreira Inigo.Barreira at sectigo.com
Fri Mar 8 14:36:49 UTC 2024 

All,

 

The correct comparison URL is  <https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35..dedeebfe036fa5a6f0d7ae985ea08317ba60b8cb> https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35..dedeebfe036fa5a6f0d7ae985ea08317ba60b8cb. 

 

I´d like to thank Corey for assisting in this and explaining the difference between a two dot and a three dot comparison in GitHub.

 

Regards

 

De: Ponds-White, Trev <trevolip at amazon.com> 
Enviado el: jueves, 7 de marzo de 2024 20:51
Para: Inigo Barreira <Inigo.Barreira at sectigo.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>; Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
Asunto: RE: [Servercert-wg] [Voting Period Begins]: SC65: Convert EVGs into RFC 3647 format v2

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

Inigo are you going to fix the redline? I agree with Dimitris that it’s not actually clear what the change is. For recording purposes I think we want the ballot content to be correct. 

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org <mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Inigo Barreira via Servercert-wg
Sent: Thursday, March 7, 2024 2:23 AM
To: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr <mailto:dzacharo at harica.gr> >; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: RE: [EXTERNAL] [Servercert-wg] [Voting Period Begins]: SC65: Convert EVGs into RFC 3647 format v2

 


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

 

All,

 

Yes, you´re right Dimitris and I was also a bit confused but I think I know what has happened. 

These changes are over version 2.0.2 as you can check in the PR but when created the comparing link I was copying the latest ones I was using since we started the ballot discussion, over last summer, which at that time the version was 2.0.0, so used this “old” version, then the 3 dots, and the new version over v2.0.2 every time (you can see that the changes applied in the last 2 ballots are applied again) but without changing the initial one, so always took version 2.0.0 for comparing.

I think this happened because, first I didn´t pay enough attention to the links, also because it´s been a long time discussing ballot and finally because there are so many ongoing that I lost track. I´m really sorry and I apologize.

 

That said, the problem is just in the comparing link for the BRs (the EVGs are not affected which is the main objective of this ballot) but not on the version used for the changes. The changes are over the latest version published, v2.0.2, as you can check in the PR.

 

So, with this in mind I don´t know what to do next. According to the bylaws I can withdraw the ballot during the voting period and prepare a new version. 

OTOH, (considering that the PR is correct) the ballot can continue and see the result. 

 

Regards

 

 

De: Servercert-wg <servercert-wg-bounces at cabforum.org <mailto:servercert-wg-bounces at cabforum.org> > En nombre de Dimitris Zacharopoulos (HARICA) via Servercert-wg
Enviado el: jueves, 7 de marzo de 2024 9:07
Para: servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> 
Asunto: Re: [Servercert-wg] [Voting Period Begins]: SC65: Convert EVGs into RFC 3647 format v2

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

Apologies for not reviewing this ballot sooner.

I am a bit confused with the redline changes, especially in the BRG. Based on the GitHub link, the comparison of the BRs is against version 2.0.0, not 2.0.2 as described in the summary of this ballot. 

HARICA is uncertain about the changes introduced and therefore votes "no" to ballot SC65.

On 4/3/2024 5:33 μ.μ., Inigo Barreira via Servercert-wg wrote:

Summary: 

The Extended Validation Certificates guidelines (EVGs) were developed and written in a specific format. Since then, the RFC 3647 has been the basis (and the de-facto standard) for the CA/Browser Forum to develop other documents.

This ballot aims to update the EVGs to follow the RFC 3647 format without changing any content, just moving current sections to those defined in the RFC 3647. There are no normative requirements changes.

This change also affects the Baseline Requirements for TSL certificates (BRs) which needs to point to the new sections of the EVGs. Both documents will be updated according to the latest version published.

This ballot is proposed by Iñigo Barreira (Sectigo) and endorsed by Pedro Fuentes (OISTE) and Ben Wilson (Mozilla).

--- Motion Begins ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Certificates" ("TLS Baseline Requirements"), based on Version 2.0.2 and the “Guidelines for the Issuance and Management of Extended Validation Certificates” (EVGs) based on Version 1.8.0. 

MODIFY the TLS EVGs and BRs as specified in the following Redline:

Comparing 90a98dc7c1131eaab01af411968aa7330d315b9b...dedeebfe036fa5a6f0d7ae985ea08317ba60b8cb · cabforum/servercert (github.com)

--- Motion Ends ---

This ballot proposes a Final Maintenance Guideline for the BRs and EVGs. The procedure for approval of this ballot is as follows:

Discussion (at least 7 days)

1.	Start time: 2024-02-20 17:00:00 UTC
2.	End time: not before 2024-03-04 15:00:00 UTC

Vote for approval (7 days)

1.	Start time: 2024-03-04 15:30:00 UTC
2.	End time: 2024-03-11 15:30:00 UTC

 

 

_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org <mailto:Servercert-wg at cabforum.org> 
https://lists.cabforum.org/mailman/listinfo/servercert-wg <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C02%7CInigo.Barreira%40sectigo.com%7C22c90a8b04a4446ebed508dc3edffbd6%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638454378939353083%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=fcgXtd45lHbyGeaaN%2F3oKKeZf16XSO119jNEpOeA%2Fig%3D&reserved=0> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240308/70e2d5d1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6630 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240308/70e2d5d1/attachment-0001.p7s>

More information about the Servercert-wg mailing list