Re: [cabfpub] [EXTERNAL]Re: Voting has started on Ballot 214 - CAA Discovery CNAME Errata

Well, it is useful to note we're neither a legislative body nor a regulatory body. Our Antitrust Statement is a fair reflection of that - the Forum is merely a discussion venue for CAs to provide input to various Root Stores on their technical requirements and proposed changes, and for Root Stores

Re: [cabfpub] [EXTERNAL]Re: Voting has started on Ballot 214 - CAA Discovery CNAME Errata

Well, I don’t agree with your analysis – it’s not supported by law or practice outside the Forum – but it’s not worth arguing about any further. We can agree to disagree. How should we interpret Devon’s (very welcome) recent Google message about Ballot 214 – can CAs rely on it? See attached.

Re: [cabfpub] [EXTERNAL]Re: Voting has started on Ballot 214 - CAA Discovery CNAME Errata

Kirk, I think it again highlights a misunderstanding about the role and relevance of the Forum to suggest that the Forum can excuse anything, lest we also suggest that the Forum also enforces compliance on its members. Similarly, it highlights a misunderstanding about whether or not compliance is

Re: [cabfpub] [EXTERNAL]Re: Voting has started on Ballot 214 - CAA Discovery CNAME Errata

Ryan, of course the browsers can make any rules they like – neither I nor anyone else has questioned that. But likewise, the CA/Browser Forum can make any rules it likes, and it (like any Legislature in the world) can adopt its rules in the manner I described below, including retroactively

[cabfpub] Google Chrome's stance on CAA algorithms

Hello CA/B Forum, In advance of the conclusion of Ballot 214’s voting period, we’re writing to share with the CA community Google Chrome’s stance regarding permissible CAA algorithm usage. We consider the CAA checking algorithm specified in Erratum 5065 to be superior to the one specified in RFC

Re: [cabfpub] Voting has started on Ballot 214 - CAA Discovery CNAME Errata

On Tue, Sep 26, 2017 at 5:39 AM, Kirk Hall via Public wrote: > So Ballot 214 would be in effect for about 12 days (Oct. 27 – Nov. 9). > It’s possible a new ballot could say “It is not a violation of the BRs if > CAs did not comply with Ballot 214 after its effective date

Re: [cabfpub] [EXTERNAL]Re: Fixing our voting process, again

I liked the original suggestions from you and Gerv. This was clearly a case where a little bit of extra time would have removed the need to completely restart the process and wait another seven days. We’ve had the same problem before and it has caused similar problems. It also solves the

Re: [cabfpub] [EXTERNAL]Re: Fixing our voting process, again

Given the other issues we are encountering, perhaps we should consider a separate provision with an “emergency clause” where a ballot goes into effect on the final date of voting (before the Review Period) – but this would need a higher yes vote, like 80% of voting CAs and 2/3 of voting

Re: [cabfpub] Voting has started on Ballot 214 - CAA Discovery CNAME Errata

So we have a dilemma. If Ballot 214 passes, it won’t take effect until approximately Oct. 27. If the new correction ballot starts tomorrow, there would be 7 days discussion and 7 days voting ending on Oct. 10, and if approved that ballot would take effect on Nov. 9. So Ballot 214 would be in

Re: [cabfpub] Voting has started on Ballot 214 - CAA Discovery CNAME Errata

While it is possible to implement an algorithm which is simultaneously compliant with RFC 6844 and RFC 6844 + erratum 5065, the algorithm specified in RFC 6844 is *not* that algorithm. Erratum 5065 is a breaking change. RFC 6844 shortcuts tree-climbing when it encounters CNAME records;

[cabfpub] Changing our vote to yes on Ballot 214 - CAA Discovery CNAME Errata

After checking with our engineering team, Entrust is changing its vote on Ballot 214 to “yes”. We would like to see the RFC Errata go into effect as soon as possible. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Friday, September 22, 2017 9:49 AM

Re: [cabfpub] Fix to CAA ballot

This also looks good to me. On Mon, Sep 25, 2017 at 6:32 AM, Tim Hollebeek via Public < public@cabforum.org> wrote: > This looks good to me and we would support it. > > > > *From:* Public [mailto:public-boun...@cabforum.org] * On Behalf Of > *philliph--- > via Public > *Sent:* Saturday,

Re: [cabfpub] Fixing our voting process, again

This seems like a good change. On Mon, Sep 25, 2017 at 7:48 AM, Gervase Markham via Public < public@cabforum.org> wrote: > On 21/09/17 01:54, Kirk Hall via Public wrote: > > Technically, the Discussion period ended at 22:00 UTC today (which was > > 3:00 pm Pacific Time). Josh, as the Proposer

Re: [cabfpub] [EXTERNAL]Fixing our voting process, again

Also, we make clear that the ballot can be amended during the discussion period (and must be reposted with amendments for clarity)? That's not explicit today. -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Monday, September

Re: [cabfpub] [EXTERNAL]Fixing our voting process, again

Yes, good idea. If no movement to voting after 21 days, the ballot dies? -Original Message- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Monday, September 25, 2017 7:49 AM To: Kirk Hall ; CA/Browser Forum Public Discussion List

[cabfpub] Fixing our voting process, again

On 21/09/17 01:54, Kirk Hall via Public wrote: > Technically, the Discussion period ended at 22:00 UTC today (which was > 3:00 pm Pacific Time).  Josh, as the Proposer of the Ballot, accepted > Gerv and Tim’s email suggestion as to a 3-month transition period, but > this acceptance occurred at

Re: [cabfpub] Voting has started on Ballot 214 - CAA Discovery CNAME Errata

This requires a third implementation that many CAs probably do not have ready or tested. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jacob Hoffman-Andrews via Public Sent: Friday, September 22, 2017 5:04 PM To: Doug Beattie ; CA/Browser Forum

Re: [cabfpub] Fix to CAA ballot

This looks good to me and we would support it. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of philliph--- via Public Sent: Saturday, September 23, 2017 3:05 PM To: Kirk Hall ; CA/Browser Forum Public Discussion List Subject: