[cabf_validation] Minutes from Jan 12, 2017

Jeremy Rowley jeremy.rowley at digicert.com
Tue Jan 24 22:31:13 MST 2017

Attendees: JC, Jeremy, Robin, Ben, Li Chun, Doug, Steve, Bruce, Tim Shirly,
Rick, Peter, Wayne


1)      Section - Ballot to make state/province optional in two
cases: a) Country without a state or province, b) entity that is
country-level. The alternative proposal was to include an appendix at the
end for each country that has distinct rules. Ben asked if there is a
consensus on approach. Bruce clarifies that this is only principal place of
business. Peter said that the distinction between jurisdiction and location
is something we keep going around. Ben said we could make the locality/state
requirements option if the country is Taiwan.  Li Chun said the Taiwanese
government uses the distinguished name. Including this information includes
more information that is necessary.  Peter said it needed to be decided and
didn't feel it was a good change to the baseline requirements. The group
decided that if there was interest in the topic, it should be moved to the
main forum as we won't reach consensus in this working group.

2)      CNAME ballot - no endorsers

3)      Verification database - Bruce will circle back with Kirk

4)      Ballot to clarify reuse of validation information - Wayne said that
he would still like to clarify this as it creates audit confusion; however,
he doesn't feel strongly enough about it to push the issue. What is a
reasonable place for this to be? One answer is you can't reuse after the
ballot. Another is a set date in the future. We should include this in the
next update when we remove "any other method". Peter pointed out there isn't
an issue until we have a ballot. If someone tried to resubmit the same
ballot without language about reuse, we'd expect the ballot to fail.
Logistically, this could be an issue by March 1st. We discussed 13 months v.
immediate ending the use of information v. using the information until it
expires. To make a decision, we need to know what methods are available. We
need the PAG output before we can figure out what to do. Another idea is we
can define reissue/rekey and tie the reuse of information to that
definition. The consensus was that we should just permit reuse of
information until the information expires and add a clarifying statement
about reusing information. We will continue the discussion next week. Until
then, we should gather use cases on why we want the information to last
until it expires. We will discuss the use cases on the next call and figure
out how to move forward.

5)      Well-know registration - Ben will follow up with Mark 

6)      IP Validation - Jeremy sent a draft but it needs revisions. Please
take a look and provide comments.

7)      SRV/otherName/rfc822Name - Being discussed on the main mailing list.

8)      Province/State in EV - Bruce would like to discuss. We should also
discuss Peter's ANS.1 language. We need to clarify when you include
locality/state/province. Jeremy suggested we make the language in EV the
same as BRs. Bruce will look at it and get back to us next time. Jeremy will
endorse the ANS1 ballot.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170125/b2f83d7b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170125/b2f83d7b/attachment.bin>

More information about the Validation mailing list