[cabf_validation] Minutes from the Validation Subcommittee meeting of 27 September 2018

Tim Hollebeek tim.hollebeek at digicert.com
Tue Oct 2 07:19:33 MST 2018

No, several more recent drafts have been circulated.


Attached is the version from late August.




From: Validation <validation-bounces at cabforum.org> On Behalf Of Adriano
Santoni via Validation
Sent: Tuesday, October 2, 2018 12:05 AM
To: validation at cabforum.org
Subject: Re: [cabf_validation] Minutes from the Validation Subcommittee
meeting of 27 September 2018


Will ballot SC7 be based on the proposal "jeremy-ip-Oct2017" ?


Il 01/10/2018 17:09, Bruce Morton via Validation ha scritto:

Here are minutes from the Validation Subcommittee meeting on 27 September


1.	SC4 - Email and CAA Contact

Tim plans to post and update to the ballot today (27 September 2018).


2.	SC7 - IP Address validation Methods

Wayne stated this ballot is almost ready to post. There was discussion about
the effective date which would be about 6 months or April/May 2019. On the
effective date all new certificate must be issued using the new IP address
validation methods.


3.	SC5 - Method 3 and Phone CAA Contact

Doug is waiting for any issues with SC4 to be resolved before completing
this ballot.

Ryan advised that both SC4 and SC5 could advance if CAA was the only method
to verify the email address or the phone number as there appears to be no
issues with using CAA.

Tim requested concreate issues on using DNS TXT to obtain the email address
or phone number. Ryan responded that these comments have been provided on
the DL and would like to keep this as a separate conversation.

Tim requested if the DNS TXT issues could be discussed at the next
Validation Subcommittee meeting in 2 weeks (11 October 2019). Ryan stated

It was suggested that SC5 might need to split up into 2 parts: 1) how to get
a phone number and 2) how to use the phone number.


4.	Ballot 225 - Improvements to EV Guidelines

Tim stated there is an issue with D&B being a QIIS. Planning to discuss
defining who is a QIIS or QTIS.


5.	Validation method OIDs in Certificates

Wayne is waiting for the Bylaws to be updated as they may need IPR review.
It was stated that no the Bylaws do not need IPR review and IPR review is
only required when guidelines are updated. As such, Wayne plans to proceed
with the ballot.


6.	Clean Up ballot

Suggested there should be a cleanup ballot this fall and not wait until the

There are some changes which are required to both the Bylaws and the BRs. It
was noted that as there are different voters for each of these documents,
then there must be 2 clean up ballots, one for the Forum (Bylaws) and one
for the Servercert WG (BRs).


7.	Discussion Priorities

a.	BGP/DNS robustness
b.	Method 9 removal
c.	Method 10 update. Ryan stated there are still issues as the RFC is
still in final call. Tim would not like the RFC to be normative. Ryan stated
that it would be best to start with the RFC and then make changes based on
how CAs are using Method 10. As such there could be 2 methods where one is
based on the RFC and the other is modified. It was recommended that the CAs
provide information on how they are using Method 10. Ryan plans to propose
d.	Method 6 work on HTTP method


8.	Underscore in DNS Names

Wayne would like to clean up the issue with underscore in domain names.
Google and Mozilla that underscore in domain names is not allowed per RFC
5280. However, some CAs consider this to be a grey area based on the
previous ballot. A ballot will determine the outcome and get this issued



Thanks, Bruce.



Validation mailing list
Validation at cabforum.org <mailto:Validation at cabforum.org> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20181002/1e821c1c/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ballot.txt
URL: <http://cabforum.org/pipermail/validation/attachments/20181002/1e821c1c/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20181002/1e821c1c/attachment-0001.p7s>

More information about the Validation mailing list