GDCA votes YES to Ballot 190
From: Public [mailto:[email protected]] On Behalf Of Kirk Hall via
Public
Sent: Monday, September 11, 2017 6:01 AM
To: CA/Browser Forum Public Discussion List [email protected]
Subject: [EXTERNAL][cabfpub] Two amendments to Ballot 190
The proposer and endorsers are making two minor amendments to Ballot 190 as
follows.
1) In BR 3.2.2.4.6 "Agreed-Upon Change to Website", the current draft Version 8
still has the typo "Request Value" that crept in sometime around BR 1.4. It
should be "Random Value". Accordingly, BR 3.2.2.4.6 in Ballot 190 is changed to
read as follows:
3.2.2.4.6 Agreed-Upon Change to Website
Confirming the Applicant's control over the FQDN by confirming one of the
following under the "/.well-known/pki-validation" directory, or another path
registered with IANA for the purpose of Domain Validation, on the Authorization
Domain Name that is accessible by the CA via HTTP/HTTPS over an Authorized Port:
1. The presence of Required Website Content contained in the content of a file.
The entire Required Website Content MUST NOT appear in the request used to
retrieve the file or web page, or
2. The presence of the Request Token or Request Random Value contained in the
content of a file where the Request Token or Random Value MUST NOT appear in
the request. ***
2) In Version 8 of BR 3.2.2.4.7, "DNS Change", the current language says:
"Confirming the Applicant's control over the FQDN by confirming the presence of
a Random Value or Request Token for either in a DNS CNAME, TXT or CAA record
for either 1) an Authorization Domain Name; or 2) an Authorization Domain Name
that is prefixed with a label that begins with an underscore character."
Note that "for either" appears twice in the sentence, and we think the first
occurrence should be deleted. Accordingly, BR 3.2.2.4.7 in Ballot 190 is
changed to read as follows:
3.2.2.4.7 DNS Change
Confirming the Applicant's control over the FQDN by confirming the presence of
a Random Value or Request Token for either in a DNS CNAME, TXT or CAA record
for either 1) an Authorization Domain Name; or 2) an Authorization Domain Name
that is prefixed with a label that begins with an underscore character.
Voting on Ballot 190 will begin tomorrow, and the text has been changed as
shown above.
***
From: Public [mailto:[email protected]] On Behalf Of Kirk Hall via
Public
Sent: Tuesday, September 5, 2017 10:52 AM
To: CA/Browser Forum Public Discussion List [email protected]
Subject: [EXTERNAL][cabfpub] Ballot 190 - Discussion Period is starting
As agreed on our CABF teleconference last week, we are starting the formal
discussion period for Ballot 190 (in this case, v8). I have attached the ballot
in two formats and in three modes.
The title of the actual ballot to be voted on uses all capital letters “BALLOT
190 v8 (9-5-2017)”. I also attach a version that includes some explanatory
comments, and a “clean” version showing how the BRs will read if Ballot 190 v8
is adopted “Ballot 190 v8 (9-5-2017) (showing BRs if adopted)”.
The discussion period ends Sept. 12 at 18:00 UTC, and the voting period runs
Sept. 12-19.
This version 8 is based on the prior version 7, but includes a limited number
of changes as outlined in emails among me, Ryan, and Doug on Aug. 29-30.
We are almost there! Thanks to everyone who has worked on this effort over the
past two years. Assuming Ballot 190 passes, the Validation Working Group can
then start work on further amendments as outlined in my prior emails.
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
