Re: [Servercert-wg] Draft Ballot SC-0XX: Subscriber Agreement and Terms of Use Consolidation

2023-09-29 Thread Ben Wilson via Servercert-wg 
 All,

Dustin and I made the change suggested by Bruce -
https://github.com/BenWilson-Mozilla/servercert/commit/47423176206cca97eb8d4c3678f65f26f587c3c5

We modified item 4 in BR section 9.6.3, as discussed during the Validation
Subcommittee meeting a few weeks ago:
https://github.com/BenWilson-Mozilla/servercert/commit/87995c75537c5bfbc8694eab615a1ed807ec1415

Yesterday, I made additional edits to the draft ballot language.

Here they are:

In BR section 4.9.1.1, replaced Applicant with Subscriber

https://github.com/BenWilson-Mozilla/servercert/commit/b9e842395baf337b76cd55a3b5b3f89195838780

In BR section 9.6.3, replaced Applicant and Subscriber with
Applicant/Subscriber.

https://github.com/BenWilson-Mozilla/servercert/commit/da6cc2c6a7534f327be9ef03310ad270d375a961

Changed definition of Applicant and added definition of Applicant/Subscriber

https://github.com/BenWilson-Mozilla/servercert/commit/a017d5092583365e8b330e87f794639821aac056

Changed Applicant to Applicant/Subscriber in third paragraph of BR section 3.2.5

https://github.com/BenWilson-Mozilla/servercert/commit/105bba5145c9ad0b157b81f544a603206c02f31b

We are seeking one more endorser to work on this with us and to get a
ballot number assigned to this effort.

Also, we are preparing to review this ballot language during the Server
Certificate WG meeting at the F2F next Wednesday afternoon.

Thanks,

Ben


On Wed, Sep 6, 2023 at 12:05 PM Dustin Hollenback via Servercert-wg <
servercert-wg@cabforum.org> wrote:

> Thanks for the suggestion, Bruce. We’ll incorporate the definition change
> into the next revision of the draft ballot.
>
> “**Subscriber Agreement**: A set of terms and conditions accepted by the
> Applicant/Subscriber that specifies the rights and responsibilities of the
> Applicant/Subscriber and the CA.”
>
>
>
>
>
> *From:* Bruce Morton 
> *Sent:* Tuesday, September 5, 2023 12:04 PM
> *To:* Dustin Hollenback ; CA/B Forum
> Server Certificate WG Public Discussion List 
> *Subject:* [EXTERNAL] RE: Draft Ballot SC-0XX: Subscriber Agreement and
> Terms of Use Consolidation
>
>
>
> You don't often get email from bruce.mor...@entrust.com. Learn why this
> is important 
>
> Hi Dustin,
>
>
>
> Thanks for the update. Would still like to know why the Subscriber
> Agreement definition is so narrow, “Provisions that the
> Applicant/Subscriber accepts regarding the safekeeping and acceptable uses
> of the Key Pair and Certificate issued in accordance with these
> Requirements”, but the TLS BRs items to be included which are greater than
> this scope?
>
>
>
> Entrust would prefer the definition to be, “A set of terms and conditions
> accepted by the Applicant/Subscriber that specifies the rights and
> responsibilities of the Applicant/Subscriber and the CA.” Would be great to
> get your feedback on this proposal.
>
>
>
>
>
> Thanks again, Bruce.
>
>
>
> *From:* Servercert-wg  *On Behalf Of 
> *Dustin
> Hollenback via Servercert-wg
> *Sent:* Friday, September 1, 2023 9:41 PM
> *To:* servercert-wg@cabforum.org
> *Subject:* [EXTERNAL] [Servercert-wg] Draft Ballot SC-0XX: Subscriber
> Agreement and Terms of Use Consolidation
>
>
>
> Hello all, We are looking for feedback on the following draft ballot as
> well as endorsers. Thank you, Dustin
> --
>
>
>
>
> Hello all,
>
>
>
> We are looking for feedback on the following draft ballot as well as
> endorsers.
>
> Thank you,
>
>
>
>
>
> Dustin
>
>
>
>
> --
>
>
>
> *Purpose of Ballot SC-0XX: Subscriber Agreement and Terms of Use
> Consolidation*
>
> This ballot proposes updates to the Baseline Requirements for the Issuance
> and Management of Publicly-Trusted Certificates related to Subscriber
> Agreements and Terms of Use. It combines the requirements for both into
> only the Subscriber Agreement and clarifies the requirement language. It
> removes the requirement and reference to "Terms of Use".
>
>
>
> Notes:
>
> •  This removes any ambiguity to ensure that there is no
> requirement that the Subscriber Agreement be legally enforceable when the
> CA and Subscriber are affiliated.
>
> •  This updates definitions for “Subscriber” and “Subscriber
> Agreement” and removes the definition for “Terms of Use” as these separate
> concepts are creating unnecessary work for CAs and Subscribers without
> adding any value when separated.
>
> •  As observed with other ballots in the past, minor
> administrative updates must be made to the proposed ballot text before
> publication such that the appropriate Version # and Change History are
> accurately represented (e.g., to indicate these changes will be represented
> in Version 2.0.2).
>
>
>
>
>
> The following motion has been propos

[Servercert-wg] SCWG Meeting Final Minutes - Sept 14, 2023

2023-09-29 Thread Inigo Barreira via Servercert-wg 
These are the Final Minutes of the Teleconference described in the subject
of this message, prepared by Janet Hines - VikingCloud.

Attendance 

Aaron Gable - (Let's Encrypt), Aaron Poulsen - (Amazon), Abhishek Bhat -
(eMudhra), Adam Jones - (Microsoft), Adrian Mueller - (SwissSign), Andrea
Holland - (VikingCloud), Ben Wilson - (Mozilla), Bruce Morton - (Entrust),
Chad Ehlers - (IdenTrust), Chris Clements - (Google), Clint Wilson -
(Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Daryn Wright
- (GoDaddy), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign),
Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Fumi Yoneda -
(Japan Registry Services), Hannah Sokol - (Microsoft), Inaba Atsushi -
(GlobalSign), Jos Purvis - (Fastly), Keshava Nagaraju - (eMudhra), Lynn Jeun
- (Visa), Mads Henriksveen - (Buypass AS), Marcelo Silva - (Visa), Martijn
Katerbarg - (Sectigo), Michelle Coon - (OATI), Mrugesh Chandarana -
(IdenTrust), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Nicol So
- (CommScope), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE
Foundation), Peter Miskovic - (Disig), Rebecca Kelley - (Apple), Rollin Yu -
(TrustAsia Technologies, Inc.), Ryan Dickson - (Google), Scott Rea -
(eMudhra), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust
Systems), Thomas Zermeno - (SSL.com), Tobias Josefowitz - (Opera Software
AS), Wayne Thayer - (Fastly), Yoshihiko Matsuo - (Japan Registry Services).

 

Dustin Hollenback led the meeting since Inigo and Kiran were unavailable.

 

Roll Call, Recording, and Reading of Note-well was not needed since it was
done with the Forum call.

 

No changes to the agenda.

 

Approval of Minutes: 31 August minutes have not been distributed yet.

 

GitHub issues: Continue with the review of the open issues.

- Inigo has been driving this and has sent information out on this.

- 86 open: 6 more opened during August

- Clean-up: 17 open  

 - Pull requests: 12 open (3 labeled "clean-up", #322, #415, and #447)

 

Pre-ballot SC65 - EV Guidelines conversion

- Inigo has been driving this

 

Email threads open

- Request for endorsers for the fall clean up ballot.

- Talked about how to best handle the question on the mailing list regarding
the move to 90-day certificates. No proposal yet, just Google's intention to
move toward it.  Ryan Dickson will be addressing this question and will
provide a response to the management list for feedback.

 

F2F Topics

- Subscriber verses Applicant, should that be discussed at the SCWG level?
May be best to start with a proposal before the F2F.

- GitHub item progress to either move towards a proposal or closure.

- Topics outside of the normal agenda sent to the management mailing list to
put together a schedule of items to discuss.

 

Ballot Status

- Draft / Under Consideration

SCXX - SLO/Response for CRL & OCSP Responses: on hold

SCXX - Fall clean-up ballot

SCXX - Modify Subscriber and Terms of Use:  Working on a draft
for this one and there is already one update to it.  Should we include the
subscriber verses applicant discussion or keep it separate?

SCXX - Profiles clean-up ballot

SC65 - Convert EVGs into RFC3647 format

 

- If we look at the modify subscriber and terms of use changes along with
the subscriber verses applicant discussion during the F2F then it may make
sense to combine these changes into one ballot.

- At what point does the applicant become the subscriber?  Maybe a straw
poll at the F2F as to when this transition occurs.  Does this happen at the
time of accepting the subscriber agreement or when they get a certificate?

- Ben will work on a 20-minute presentation and discussion for the F2F.

 

Any Other Business

- No other business

 

Next call: 28 September

 

Meeting was adjourned.



smime.p7s
Description: S/MIME cryptographic signature
___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg