[cabf_validation] Minutes of the July 18, 2019 Validation Subcommittee Call

Thu Jul 18 13:48:15 MST 2019

Attendees: Bruce Morton, Doug Beattie, Robin Alden, Daniela Hood, Janet
Hines, Rich Smith, Joanna Fox, Tim Shirley, Ryan Sleevi, Frank Corday,
Shelley Brewer

Wayne noted that Tim is traveling and won't be able to attend, but had
asked the group to focus on finishing work from the Validation Summit, and
other improvements discussed in Greece.

Robin read the antitrust statement.

A. Validation Summit

* Method 6
Wayne: waiting for Tim or someone else to draft up a ballot
Doug: do we want to draft up ideas in the Validation Summit Findings Google
doc? Ryan: we need concrete text for a new method 6 that we can then all
work on
Wayne: Google doc is a great approach for collaborating, but we need the
text
Ryan: just don’t use the existing shared doc. A new doc will allow others
to subscribe to notifications.

* Method 10
Wayne: are we still in a holding pattern on this waiting on the TLS ALPN
draft?
Ryan: it’s still in AD review, waiting for authors to respond to feedback.
IETF meeting next week
Doug: is there a compelling reason not to use current draft version?
Ryan: do you mean incorporating the draft version into the BRs?
Doug: yes
Ryan: let’s see what happens next week
Wayne: I believe we discussed this before and decided to wait
Doug: part of the reason was that we wouldn’t need to wait very long, but
that no longer seems to be the case

* Method 12
Wayne: Is there interest in expanding whois-based validation beyond CAs who
are also registrars?
Ryan: there are CC TLDs that provide little or no whois service. .gov and
.mil are examples. Idea is that applicant would receive challenge code from
CA and place it in the whois record. In the Finland case discussed in
Herndon, whois is required to include corporate registration info, so
organizationIdentifier info would be available via whois in that case. So
are people interested in an automated method?
Wayne: maybe we should ask if there is interest on the list?
Ryan: I’ll poke Peter Bowen today to see if they are interested in writing
this up. For large orgs who use (for example) Mark Monitor and who used to
rely on methods 1 and 5, this method would allow Mark Monitor to place a
challenge in the whois.

B. Other Greece Topics
* Certificate lifetime
Ryan: working on a BR pull request outlining the proposed change. 397-400
day duration, beginning in March 2020. Any questions?
Doug: will need to see the details. Does it apply to EV/OV, reuse of data?
Ryan: applies to all cert types, and reuse of data. Aligns all reuse of
data, previous domain authorizations. Updates all instances of ‘825 days’
with a new max
Ryan: trying to get the ballot out in the next few days

* EV Improvements
No discussion

C. Any other business
Bruce - will there be a cleanup ballot soon? Seems like it is overdue
Ryan: yes, it’s late for Spring cleaning ballot. Trying to find where Tim
keeps those changes. We have nearly a dozen changes pending
Bruce: we can bring up with Tim on the next call
Ryan: I’ll send an email to the list

Call ended.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20190718/c1771366/attachment.html>