[cabf_validation] Minutes of the Validation Subcommittee - January 14, 2021

Wayne Thayer wthayer at gmail.com
Thu Jan 14 18:17:53 UTC 2021


Minutes of the Validation Subcommittee - January 14, 2021

Tim said that the list of minute takers is now on the wiki, so that
volunteers can determine where they are in line.

Clint agreed to take minutes at the next meeting.

Tim read the antitrust statement.

Attendance: Tim Hollebeek, Wayne Thayer, Clint Wilson, Enrico Entschew,
Corey Bonnell, Shelley Brewer, Bruce Morton, Aneta Wojtczak, Ben Wilson,
Dimitris Zacharopoulos, Daniela Hood, Paul VanBrouwershaven, Johnny
Reading, Rebecca Kelley, Stephen Davidson, Trevoli Ponds-White, Janet
Hines, Ryan Sleevi, Wendy Brown, Amanda Mendieta, Dean Coclin

Tim began a discussion of the agenda by stating that Cory is working on
tooling to display certificate profiles. Corey said he has it working
locally - TLS profile output to PDF. Ryan has also been working on the
tooling.

Ryan said that his latest fixes haven’t landed but he’s looking at ways to
make table management easier, with good results in PDF, HTML, and DOCX
formats.

Corey presented section 7 of the BR PDF file he’s been creating from the
markdown he’s been working with. Some of the HTML formatting won’t work.

Ryan said that HTML formatting doesn’t render in PDFs. He’s working on the
ability to use markdown formatting within tables and will have that ready
for the next call.

Ryan said that different tables have different column widths. The PDF is
currently formatted to A4 page size. We could change to A3 to get
significantly more space for these tables. How important is printing?

Dean said people in the US don’t have A3 paper.

Dimitris said that people do print the BRs.

Ryan said that people have large screens so the A3 format makes tables more
readable. We can also reduce the font size.

Corey asked if we can also produce HTML output?

Ryan said yes, and of course the HTML will scale and the goal is to have
HTML output.

Tim suggested that a sans-serif font may be more readable in smaller sizes.

Ryan said that he thinks we’re using a mix of serif and sans-serif fonts -
we can mix and match. We are using sans-serif for section heads. He will
add that change to the list of things to try.

Tim: where are we at on the content of the profiles sections?

Corey said that we were deciding how much indirection there would be -
duplicating content versus referencing other tables.

Ryan sent a mail on November 17th (
https://lists.cabforum.org/pipermail/validation/2020-November/001592.html).
Ryan shared his screen. For 7.2.3, what are the relevant columns and how do
we structure? Current columns are ‘extensions ID’, ‘required’, ‘critical,
‘permitted value(s)’, and ‘references’. Ryan suggested we move references
to a footnote, or make the ID a link to the reference.

There is a lot of text in ‘permitted value(s)’. Suggested that requirements
be separated into rows and reference the relevant section for validation
requirements.

Corey said linking ‘references’ from the ‘extension ID’ is a good idea.
Others agreed. Stephen said that there’s an issue when there is more than
one reference. Trev said that footnotes are difficult because tables span
multiple pages.

Dimitris suggested changing these pages to landscape. Trev agreed. Ryan
said that’s not possible for individual pages. He said that Jacob
Hoffman-Andrews suggested splitting the doc into multiple markdown files.
We could create section 7 in a separate file in landscape mode and then
concatenate with the other sections.

Ryan will provide examples of a few different options that we’ve discussed.

Trev suggested also moving references to the name column under the name.

Tim said that we could use references when a cell is complicated. The
number of places we’d need to do this is small. Corey said that the
references for the keyUsage field are the most complicated. Ryan said that
we might break that out to a separate section, split out by RSA and EC
keys. The idea is to give people fewer branches to follow within the
document.

Ryan said that next steps are to create some iterations and to make some
structural suggestions (referencing Nov 17th email)

Tim suggested that more people could get the tooling set up and play with
this.

Ryan said that the goal is that you can just go to the CAB Forum repo and
it’s all set up for you to generate a PDF. Meanwhile, reach out to Ryan and
he can help to get you set up to create PDFs from any markdown file.

Corey said he is open to moving his work from DigiCert’s repo to CAB Forum.
Tim said that we should migrate it if others want to offer suggestions. No
one spoke up, so Ryan suggested that they wire up the GitHub actions to the
DigiCert repo.

Ryan raised another topic: 3.2.2.4.6 and wildcard certificates. Ryan is
looking for data to determine how impactful banning this method for
wildcard certs would be. This will inform phase-in timing. No one
volunteered any data, so Ryan said that he would ask on the list again, and
would put together a draft ballot.

Tim added one more topic: there has been discussion of OUs on the list, and
a ballot to ban them.

Ryan said that he would support a ban and be happy to propose a ballot.

Wayne said that he recalled a lot of discussion on the list and would like
to review and revive that before moving forward.

Ryan recapped the discussion on the list. OATI objected based on specific
industry requirements for the use of that field. Entrust circulated a
ballot (https://github.com/cabforum/servercert/pull/225) that didn’t
address Ryan’s concerns.

Paul said that there are some revisions in the GitHub comments, and another
that was circulated via email. Paul has the sense that the ballot was
headed in the right direction, but arguments for the topic are shut down.
Paul said that he will circulate the latest ballot. He’s also willing to go
down the path of forbidding the OU and see if that ballot passes.

Ryan noted that this was discussed and suggested that members review the
minutes of meeting 44 in London. It was on the working group day so the
discussion may not be captured in the minutes. Corey said that it was also
discussed in Bratislava.

Tim said that we’d continue discussion of these last two items on the next
call and asked if there are any other topics for today or next time.

The call ended without further discussion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20210114/2314cd78/attachment-0001.html>


More information about the Validation mailing list