Google Chrome votes YES on Ballot 214. On Wed, Sep 20, 2017 at 5:55 PM, Kirk Hall via Public <public@cabforum.org> wrote:
> Correcting subject line to Ballot 214 > > > > *From:* Kirk Hall > *Sent:* Wednesday, September 20, 2017 5:55 PM > *To:* CA/Browser Forum Public Discussion List <public@cabforum.org> > *Subject:* Voting has started on Ballot 21 - CAA Discovery CNAME Errata > > > > Voting has started on Ballot 214 – CAA Discovery CNAME Errata. > > > > Technically, the Discussion period ended at 22:00 UTC today (which was > 3:00 pm Pacific Time). Josh, as the Proposer of the Ballot, accepted Gerv > and Tim’s email suggestion as to a 3-month transition period, but this > acceptance occurred at 5:05 pm Pacific Time, two hours after the end of the > discussion period. Also, we don’t have specific amendment language to > consider, only a concept. > > > > Regrettably, I think it’s too late for this transition period amendment, *so > we are voting on Ballot 214 as originally proposed* (see below). If > there is a need for a transition period, I think it’s best if it’s proposed > by a separate ballot with specific language. > > > > > > *From:* Public [mailto:public-boun...@cabforum.org > <public-boun...@cabforum.org>] *On Behalf Of *Jacob Hoffman-Andrews via > Public > *Sent:* Wednesday, September 13, 2017 2:31 PM > *To:* CABFPub <public@cabforum.org> > *Subject:* [EXTERNAL][cabfpub] Ballot 214: CAA Discovery CNAME Errata > > > > Kicking off the official discussion period for ballot 214 today per > discussion with Phillip. > > > > The following motion has been proposed by Phillip Hallam-Baker of Comodo > Group Inc. and endorsed by Gervase Markham of Mozilla and Mads Egil > Henriksveen of Buypass. > > -- MOTION BEGINS -- > > In the Baseline Requirements v1.4.9 Section 3.2.2.8. CAA Records > > Strike: > > As part of the issuance process, the CA MUST check for a CAA record for > each dNSName in the subjectAltName extension of the certificate to be > issued, according to the procedure in RFC 6844, following the processing > instructions set down in RFC 6844 for any records found. If the CA issues, > they MUST do so within the TTL of the CAA record, or 8 hours, whichever is > greater. > > Replace with: > > As part of the issuance process, the CA MUST check for CAA records and > follow the processing instructions for any records found, for each dNSName > in the subjectAltName extension of the certificate to be issued, as > specified in RFC 6844 as amended by Errata 5065 (Appendix A). If the CA > issues, they MUST do so within the TTL of the CAA record, or 8 hours, > whichever is greater. > > > In the Baseline Requirements ADD an Appendix A that reads: > > Appendix A -- RFC6844 Errata 5065 > > The following errata report has been held for document update for RFC6844, > "DNS Certification Authority Authorization (CAA) Resource Record". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5065 > > -------------------------------------- > Status: Held for Document Update > Type: Technical > > Reported by: Phillip Hallam-Baker <phill...@comodo.com> Date Reported: > 2017-07-10 Held by: EKR (IESG) > > Section: 4 > > Original Text > ------------- > Let CAA(X) be the record set returned in response to performing a CAA > record query on the label X, P(X) be the DNS label immediately above > X in the DNS hierarchy, and A(X) be the target of a CNAME or DNAME > alias record specified at the label X. > > o If CAA(X) is not empty, R(X) = CAA (X), otherwise > > o If A(X) is not null, and R(A(X)) is not empty, then R(X) = > R(A(X)), otherwise > > o If X is not a top-level domain, then R(X) = R(P(X)), otherwise > > o R(X) is empty. > > Corrected Text > -------------- > Let CAA(X) be the record set returned in response to performing a CAA > record query on the label X, P(X) be the DNS label immediately above > X in the DNS hierarchy, and A(X) be the target of a CNAME or DNAME > alias record chain specified at the label X. > > o If CAA(X) is not empty, R(X) = CAA (X), otherwise > > o If A(X) is not null, and CAA(A(X)) is not empty, then R(X) = > CAA(A(X)), otherwise > > o If X is not a top-level domain, then R(X) = R(P(X)), otherwise > > o R(X) is empty. > > Thus, when a search at node X returns a CNAME record, the CA will > follow the CNAME record chain to its target. If the target label > contains a CAA record, it is returned. > > Otherwise, the CA continues the search at > the parent of node X. > > Note that the search does not include the parent of a target of a > CNAME record (except when the CNAME points back to its own path). > > To prevent resource exhaustion attacks, CAs SHOULD limit the length of > CNAME chains that are accepted. However CAs MUST process CNAME > chains that contain 8 or fewer CNAME records. > > --Motion Ends-- > > The procedure for approval of this Final Maintenance Guideline ballot is > as follows (exact start and end times may be adjusted to comply with > applicable Bylaws and IPR Agreement): > > BALLOT 214 Status: Final Maintenance Guideline Start time (22:00 > UTC) End time (22:00 UTC) > > Discussion begins now and ends September 20, 2017 22:00 UTC (7 days) > > Vote for approval begins September 20, 2017 22:00 UTC and ends September > 27, 2017 22:00 UTC (7 days) > > If vote approves ballot: Review Period (Chair to send Review Notice) (30 > days). If Exclusion Notice(s) filed, ballot approval is rescinded and PAG > to be created. If no Exclusion Notices filed, ballot becomes effective at > end of Review Period. Upon filing of Review Notice by Chair 30 days > after filing of Review Notice by Chair > > From Bylaw 2.3: If the Draft Guideline Ballot is proposing a Final > Maintenance Guideline, such ballot will include a redline or comparison > showing the set of changes from the Final Guideline section(s) intended to > become a Final Maintenance Guideline, and need not include a copy of the > full set of guidelines. Such redline or comparison shall be made against > the Final Guideline section(s) as they exist at the time a ballot is > proposed, and need not take into consideration other ballots that may be > proposed subsequently, except as provided in Bylaw Section 2.3(j). > > Votes must be cast by posting an on-list reply to this thread on the > Public list. A vote in favor of the motion must indicate a clear 'yes' in > the response. A vote against must indicate a clear 'no' in the response. A > vote to abstain must indicate a clear 'abstain' in the response. Unclear > responses will not be counted. The latest vote received from any > representative of a voting member before the close of the voting period > will be counted. Voting members are listed here: > https://cabforum.org/members/ > > In order for the motion to be adopted, two thirds or more of the votes > cast by members in the CA category and greater than 50% of the votes cast > by members in the browser category must be in favor. Quorum is shown on > CA/Browser Forum wiki. Under Bylaw 2.2(g), at least the required quorum > number must participate in the ballot for the ballot to be valid, either by > voting in favor, voting against, or abstaining. > > _______________________________________________ > Public mailing list > Public@cabforum.org > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public