On Mon, Apr 17, 2017 at 10:40 AM, Gervase Markham via Public < [email protected]> wrote:
> On 17/04/17 15:28, Jeremy Rowley wrote: > > Doesn't this ballot suffer from the same limitation that Ryan raised in > > connection with the domain validation ballot? Namely, that this language > > "For the avoidance of doubt, these updated requirements apply only to > root > > and intermediate certificates issued after the Effective Date of this > > ballot, which is upon approval (i.e. at the end of the IPR Review Period > if > > no Exclusion Notices are filed)" needs to be part of the document text? > > <sigh> > > I think that the plain and only sensible way to understand the BRs is > that particular rules apply only to actions taken when those rules are > in force. So if a motion e.g. alters the rules surrounding the issuance > of intermediate certificates, by default the new rules apply only to > issuances of intermediate certificates that happen after the motion > fully passes (i.e. after IPR review is complete). Such a motion does not > by default require the revocation and replacement of all previous > intermediate certificates which do not now meet the updated rules. > > This default can, of course, be changed by explicit wording in the > motion which adds an instruction to the BRs to e.g. revoke all previous > certs or make any other provision retroactive, but that's not the default. > > [How does this apply to the current debate about information reuse? > Information reuse is an action. So BR rules about information reuse > apply when you reuse information. BR rules about gathering information > apply when you gather information. But let's not get sidetracked by that > in this thread.] > > Kirk was keen that the motion state this explicitly, so I added > something to the motion to state this explicitly, "for the avoidance of > doubt". However, I personally don't believe that there's any doubt. And > I don't think we want to clutter up the BRs with things which basically > say "this rule applies only to things which happen under the auspices of > this document." I think that's obvious. I agree with both your summary and your conclusion. The BRs represent a state of the CA's compliance at a point in time with respect to what they issue. It does not govern past actions, nor can it indemnify them. It can, however, require that on a particular date, some action is taken - such as revoking past certificates.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
