Kirk, As I have said previously, I think the changes in 4.2.1 regarding reuse are problematic for two reasons.
First, the proposed text says "the CA obtained the data or document from a source specified under Section 3.2 or completed the validation itself”. It is not clear if the CA can choose to do both, which would effectively extend the reuse period, or if these are mutually exclusive options. For example, assuming a reuse of 825 days, can a CA do the following? - 1 March 2018 - Fetch a copy of domain registration information and corporate registration, complete a new validation, and issue a certificate - 1 May 2020 - Reuse the previously obtained registration information, complete a new validation, and issue a new certificate with the same info as the previous certificate - 1 July 2022 - Reuse the last validation and issue a new certificate with the same info as the previous certificates Second, the proposed text says "After the change to any validation method specified […], a CA may continue to reuse […] the validation itself, for the period stated in this BR 4.2.1 unless otherwise specifically provided in a ballot.” Right now CAs can reuse data and documents collected during validation. It isn’t that hard to run the validation workflow for each certificate issuance, using the existing data, and make sure you have everything in place. I don’t think having the output reusable makes a lot of sense. Thanks, Peter > On Sep 5, 2017, at 10:52 AM, Kirk Hall via Public <[email protected]> wrote: > > As agreed on our CABF teleconference last week, we are starting the formal > discussion period for Ballot 190 (in this case, v8). I have attached the > ballot in two formats and in three modes. > > The title of the actual ballot to be voted on uses all capital letters > “BALLOT 190 v8 (9-5-2017)”. I also attach a version that includes some > explanatory comments, and a “clean” version showing how the BRs will read if > Ballot 190 v8 is adopted “Ballot 190 v8 (9-5-2017) (showing BRs if adopted)”. > > The discussion period ends Sept. 12 at 18:00 UTC, and the voting period runs > Sept. 12-19. > > This version 8 is based on the prior version 7, but includes a limited number > of changes as outlined in emails among me, Ryan, and Doug on Aug. 29-30. > > We are almost there! Thanks to everyone who has worked on this effort over > the past two years. Assuming Ballot 190 passes, the Validation Working Group > can then start work on further amendments as outlined in my prior emails. > <BALLOT 190 v8 (9-5-2017).docx><BALLOT 190 v8 (9-5-2017).pdf><Ballot 190 v8 > (9-5-2017) with comments.docx><Ballot 190 v8 (9-5-2017) with > comments.pdf><Ballot 190 v8 (9-5-2017) (showing BRs if adopted).docx><Ballot > 190 v8 (9-5-2017) (showing BRs if > adopted).pdf>_______________________________________________ > Public mailing list > [email protected] <mailto:[email protected]> > https://cabforum.org/mailman/listinfo/public > <https://cabforum.org/mailman/listinfo/public>
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
