[Servercert-wg] [Voting Period Begins]: SC65: Convert EVGs into RFC 3647 format v2

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Sat Mar 9 16:09:37 UTC 2024


Thank you for providing the correct comparison, this is helpful.

I'm not sure what kind of precedent we set by voting on a normative 
redline that points to something else than what we actually intend to 
vote on. However, it seems that more focus is on the EVG which is clearer.

HARICA changes its vote to "yes" for ballot SC65.


Dimitris.


On 8/3/2024 4:36 μ.μ., Inigo Barreira wrote:
>
> All,
>
> The correct comparison URL is 
> https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35..dedeebfe036fa5a6f0d7ae985ea08317ba60b8cb 
> <https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35..dedeebfe036fa5a6f0d7ae985ea08317ba60b8cb>. 
>
>
> I´d like to thank Corey for assisting in this and explaining the 
> difference between a two dot and a three dot comparison in GitHub.
>
> Regards
>
> *De:*Ponds-White, Trev <trevolip at amazon.com>
> *Enviado el:* jueves, 7 de marzo de 2024 20:51
> *Para:* Inigo Barreira <Inigo.Barreira at sectigo.com>; CA/B Forum Server 
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>; 
> Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Asunto:* RE: [Servercert-wg] [Voting Period Begins]: SC65: Convert 
> EVGs into RFC 3647 format v2
>
> CAUTION: This email originated from outside of the organization. Do 
> not click links or open attachments unless you recognize the sender 
> and know the content is safe.
>
> Inigo are you going to fix the redline? I agree with Dimitris that 
> it’s not actually clear what the change is. For recording purposes I 
> think we want the ballot content to be correct.
>
> *From:*Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf 
> Of *Inigo Barreira via Servercert-wg
> *Sent:* Thursday, March 7, 2024 2:23 AM
> *To:* Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>; CA/B Forum 
> Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* RE: [EXTERNAL] [Servercert-wg] [Voting Period Begins]: 
> SC65: Convert EVGs into RFC 3647 format v2
>
> *CAUTION*: This email originated from outside of the organization. Do 
> not click links or open attachments unless you can confirm the sender 
> and know the content is safe.
>
> All,
>
> Yes, you´re right Dimitris and I was also a bit confused but I think I 
> know what has happened.
>
> These changes are over version 2.0.2 as you can check in the PR but 
> when created the comparing link I was copying the latest ones I was 
> using since we started the ballot discussion, over last summer, which 
> at that time the version was 2.0.0, so used this “old” version, then 
> the 3 dots, and the new version over v2.0.2 every time (you can see 
> that the changes applied in the last 2 ballots are applied again) but 
> without changing the initial one, so always took version 2.0.0 for 
> comparing.
>
> I think this happened because, first I didn´t pay enough attention to 
> the links, also because it´s been a long time discussing ballot and 
> finally because there are so many ongoing that I lost track. I´m 
> really sorry and I apologize.
>
> That said, the problem is just in the comparing link for the BRs (the 
> EVGs are not affected which is the main objective of this ballot) but 
> not on the version used for the changes. The changes are over the 
> latest version published, v2.0.2, as you can check in the PR.
>
> So, with this in mind I don´t know what to do next. According to the 
> bylaws I can withdraw the ballot during the voting period and prepare 
> a new version.
>
> OTOH, (considering that the PR is correct) the ballot can continue and 
> see the result.
>
> Regards
>
> *De:*Servercert-wg <servercert-wg-bounces at cabforum.org> *En nombre de 
> *Dimitris Zacharopoulos (HARICA) via Servercert-wg
> *Enviado el:* jueves, 7 de marzo de 2024 9:07
> *Para:* servercert-wg at cabforum.org
> *Asunto:* Re: [Servercert-wg] [Voting Period Begins]: SC65: Convert 
> EVGs into RFC 3647 format v2
>
> CAUTION: This email originated from outside of the organization. Do 
> not click links or open attachments unless you recognize the sender 
> and know the content is safe.
>
> Apologies for not reviewing this ballot sooner.
>
> I am a bit confused with the redline changes, especially in the BRG. 
> Based on the GitHub link, the comparison of the BRs is against version 
> 2.0.0, not 2.0.2 as described in the summary of this ballot.
>
> HARICA is uncertain about the changes introduced and therefore votes 
> "no" to ballot SC65.
>
> On 4/3/2024 5:33 μ.μ., Inigo Barreira via Servercert-wg wrote:
>
>     *Summary: *
>
>     The Extended Validation Certificates guidelines (EVGs) were
>     developed and written in a specific format. Since then, the RFC
>     3647 has been the basis (and the de-facto standard) for the
>     CA/Browser Forum to develop other documents.
>
>     This ballot aims to update the EVGs to follow the RFC 3647 format
>     without changing any content, just moving current sections to
>     those defined in the RFC 3647. There are no normative requirements
>     changes.
>
>     This change also affects the Baseline Requirements for TSL
>     certificates (BRs) which needs to point to the new sections of the
>     EVGs. Both documents will be updated according to the latest
>     version published.
>
>     This ballot is proposed by Iñigo Barreira (Sectigo) and endorsed
>     by Pedro Fuentes (OISTE) and Ben Wilson (Mozilla).
>
>     --- Motion Begins ---
>
>     This ballot modifies the “Baseline Requirements for the Issuance
>     and Management of Publicly-Trusted TLS Certificates" ("TLS
>     Baseline Requirements"), based on Version 2.0.2 and the
>     “Guidelines for the Issuance and Management of Extended Validation
>     Certificates” (EVGs) based on Version 1.8.0.
>
>     MODIFY the TLS EVGs and BRs as specified in the following Redline:
>
>     Comparing
>     90a98dc7c1131eaab01af411968aa7330d315b9b...dedeebfe036fa5a6f0d7ae985ea08317ba60b8cb
>     · cabforum/servercert (github.com)
>     <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F90a98dc7c1131eaab01af411968aa7330d315b9b...dedeebfe036fa5a6f0d7ae985ea08317ba60b8cb&data=05%7C02%7CInigo.Barreira%40sectigo.com%7C22c90a8b04a4446ebed508dc3edffbd6%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638454378939340788%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=lpQVYFIa2t66ijqB6uEW97TqkoqvWwokeEeAUgGDQb4%3D&reserved=0>
>
>     --- Motion Ends ---
>
>     This ballot proposes a Final Maintenance Guideline for the BRs and
>     EVGs. The procedure for approval of this ballot is as follows:
>
>     Discussion (at least 7 days)
>
>      1. Start time: 2024-02-20 17:00:00 UTC
>      2. End time: not before 2024-03-04 15:00:00 UTC
>
>     Vote for approval (7 days)
>
>      1. Start time: 2024-03-04 15:30:00 UTC
>      2. End time: 2024-03-11 15:30:00 UTC
>
>     _______________________________________________
>
>     Servercert-wg mailing list
>
>     Servercert-wg at cabforum.org
>
>     https://lists.cabforum.org/mailman/listinfo/servercert-wg  <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C02%7CInigo.Barreira%40sectigo.com%7C22c90a8b04a4446ebed508dc3edffbd6%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638454378939353083%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=fcgXtd45lHbyGeaaN%2F3oKKeZf16XSO119jNEpOeA%2Fig%3D&reserved=0>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240309/d6e986a9/attachment-0001.html>


More information about the Servercert-wg mailing list