Apologies Ben, I somehow missed this message. Thanks for your hard work on doing this. Happy to endorse, with one request.
----- MOTION BEGINS ----- Part 1: The CA/Browser Forum, recognizing that Ballot 198 did not include a redline version against the current Final Maintenance Guidelines, thereby constitutes an invalid Ballot. As a consequence, the Forum agrees that the changes shall not be made to the appropriate Final Maintenance Guideline, and as such, no IP Review Notice is in force for Ballot 198: Part 2: (As written) ----- MOTION ENDS ----- That seems to be the most consistent interpretation based on the thread, and the best way to move forward. On Wed, May 17, 2017 at 5:31 PM, Ben Wilson via Public <[email protected]> wrote: > *If Jeremy, Ryan, and Erwann are agreeable, here is a draft re-ballot of > Ballot 198.* > > *Ballot 201 - .Onion Revisions* > > This ballot is meant to cure any potential problems with Ballot 198, which > may have been invalid due to ambiguities in what was presented to the Forum > for vote. This Ballot 201 attempts to clarify Appendix F of the EV > Guidelines concerning the Tor Service Descriptor Hash extension and that > inclusion of the extension in the TBSCertificate is required. > > The following motion has been proposed by Jeremy Rowley of DigiCert and > endorsed by Ryan Sleevi of Google and Erwann Abalea of DocuSign France to > introduce new Final Maintenance Guidelines for the "Guidelines for the > Issuance and Management of Extended Validation Certificates" (EV > Guidelines). > > -- MOTION BEGINS -- > > Revise Appendix F, Section 1 to read as follows: > > Appendix F – Issuance of Certificates for .onion Domain Names > > A CA may issue an EV Certificate with .onion in the right-most label of > the Domain Name provided that issuance complies with the requirements set > forth in this Appendix: > > 1. CAB Forum Tor Service Descriptor Hash extension (2.23.140.1.31) > > The CA MUST include the CAB Forum Tor Service Descriptor Hash extension in > the TBSCertificate to convey hashes of keys related to .onion addresses. > The CA MUST include the Tor Service Descriptor Hash extension using the > following format: > > cabf-TorServiceDescriptorHash OBJECT IDENTIFIER ::= { 2.23.140.1.31 } > > SEQUENCE ( 1..MAX ) of TorServiceDescriptorHash > > TorServiceDescriptorHash:: = SEQUENCE { > > onionURI UTF8String > > algorithm AlgorithmIdentifier > > subjectPublicKeyHash BIT STRING > > } > > Where the AlgorithmIdentifier is a hashing algorithm (defined in RFC 6234) > performed over the DER-encoding of an ASN.1 SubjectPublicKey of the .onion > service and SubjectPublicKeyHash is the hash output. > > --Motion Ends-- > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
