[cabf_validation] New draft Ballot 190 dated June 1, 2017

Kirk Hall Kirk.Hall at entrustdatacard.com
Thu Jun 1 16:34:50 MST 2017


OK, I spent some time reviewing lots of prior drafts, including Jeremy's recent draft with its additional provisions as we discussed on the call today (which I had not taken the time to read before).  A few comments:

1. Jeremy, your draft has lots of interesting ideas, but it also proposes language that I don't think has been broadly accepted by the Forum members (and to which we would object).  Some of these ideas are big changes, and will take a lot of time to discuss and act on.  So I didn't use your draft in the attached documents, and suggest you revisit your proposals and bring them up for further discussion (if needed) AFTER some form of Ballot 190 passes.  Ballot 190 is chiefly intended to put back in the remaining seven methods of Ballot 169 and remove "any other method" forever.

Incidentally, please look at the new language I added to BR 4.2.1 to clarify the existing rule on data reuse - I think this will eliminate the need for some of your suggested changes.  In the future, if a new ballot changes a new validation method, and the Forum believes the change is so important that all domains vetted using the old method must be revetted, we can add that specific requirement in the same ballot (e.g., "all domains previously vetted using the old method #X must be revetted within [120] days", or whatever - but the general case would remain clear validation data can be reused under 4.2.1 for new certificates in all other cases, even after validation methods are changed.

Because we did not include your most recent changes, I have changed the Proposer in this draft from you (Jeremy) to Chris Bailey.  However, we would very much like DigiCert's endorsement.

2.  Remember that BR 3.2.2.4 now exists as passed under Ballot 181.  To make review and a final Ballot 190 easier to understand, I created the attached document "Ballot 190 (6-1-2017) showing changes from Ballot 181" in track changes mode.  That's how we should present a ballot of this complexity.  Most of the changes you see involve re-inserting Methods 1-4 and 7-9 as they existed in Ballot 169.  However, several people have suggested minor changes or corrections to Ballot 169, which I have noted in comments and with highlighting.

Ballot 190 has been slowed down by discussion and different interpretations of BR 4.2.1.  Gerv has indicated that in the future he wants the ability to require revetting of domains in some cases (i.e., forbid reuse of prior validation data) on a method-by-method basis if validation methods are amended.  However, that does not apply to any of the ten methods in Ballot 190, so the best practice is to restate the general rule in BR 4.2.1 that we have always followed in the past (no revalidation required when methods are amended).  You can see the change in this draft.

3.  Finally, to make it easier for people to review and analyze this Ballot 190 draft if it is passed in the form attached (the draft is dated June 1, 2017), I also attach a document "Ballot 190 (6-1-2017) if adopted", which accepts all changes in the track changes draft.

Let's review by email in the VWG for a few days.  At that point, we can put on the Public list as a pre-ballot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170601/53bba5a8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 190 (6-1-2017) showing changes from Ballot 181.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 33414 bytes
Desc: Ballot 190 (6-1-2017) showing changes from Ballot 181.docx
URL: <http://cabforum.org/pipermail/validation/attachments/20170601/53bba5a8/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 190 (6-1-2017) showing changes from Ballot 181.pdf
Type: application/pdf
Size: 474746 bytes
Desc: Ballot 190 (6-1-2017) showing changes from Ballot 181.pdf
URL: <http://cabforum.org/pipermail/validation/attachments/20170601/53bba5a8/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 190 (6-1-2017) if adopted.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 27034 bytes
Desc: Ballot 190 (6-1-2017) if adopted.docx
URL: <http://cabforum.org/pipermail/validation/attachments/20170601/53bba5a8/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 190 (6-1-2017) if adopted.pdf
Type: application/pdf
Size: 341738 bytes
Desc: Ballot 190 (6-1-2017) if adopted.pdf
URL: <http://cabforum.org/pipermail/validation/attachments/20170601/53bba5a8/attachment-0003.pdf>


More information about the Validation mailing list