Re: [cabfpub] Voting Period Begins | Ballot FORUM-021: Form Definitions and Glossary WG

Fastly votes Yes to ballot FORUM-021. - Wayne On Thu, Apr 4, 2024 at 8:03 AM Clint Wilson via Public wrote: > *Ballot FORUM-021* > > Proposed by Clint Wilson of Apple and endorsed by Tim Hollebeek of > DigiCert and Tim Callan of Sectigo. > > *Purpose of Ballot* > > The CA/Browser Forum

Re: [cabfpub] Voting Period begins: Ballot FORUM-020 v2 - Amend Code Signing Certificate Working Group Charter

Fastly votes Yes to ballot FORUM-020 v2. - Wayne On Wed, Jan 10, 2024 at 12:34 PM Martijn Katerbarg via Public < public@cabforum.org> wrote: > A reminder to all members that voting for this ballot ends in little over > 24 hours. Please remember this is a Forum level ballot, not a Code Signing >

Re: [cabfpub] Ballot FORUM-019 v.2 - Amend Server Certificate Working Group Charter - Discussion Period

Fastly abstains on ballot FORUM-019. - Wayne On Thu, Nov 16, 2023 at 3:44 PM Ben Wilson via Public wrote: > *Ballot FORUM-019 v.2 - Amend Server Certificate Working Group Charter* > > *Purpose of Ballot* > > This ballot proposes to amend the Server Certificate Working Group (SCWG) > Charter,

Re: [cabfpub] Voting begins for Ballot Forum-18 v3 - Update CA/B Forum Bylaws to version 2.5

Fastly votes YES on ballot Forum-18 v3. - Wayne On Thu, Jul 13, 2023 at 1:43 AM Dimitris Zacharopoulos (HARICA) via Public < public@cabforum.org> wrote: > This message begins the voting period for ballot Forum-18 v3. > > Dimitris. > > Purpose of the Ballot > The Forum has identified and

Re: [cabfpub] Draft Ballot FORUM-18: Allow re-election of CWG chairs and vice chairs

I believe the immutable redline is https://github.com/cabforum/forum/compare/fa1a5cb37a452e53d769ed759c06f05d21b1cb4b..f197d28fac92c807896d55b6ef43b776b6264aca I would suggest updating the overview section of the ballot to better explain what is meant by "re-election". Having said that, I would

[cabfpub] Separate GitHub Repositories for Each Working Group

The Infrastructure Subcommittee plans to change the structure of the Forum's GitHub organization to better reflect the evolving structure of the Forum itself by moving to separate repositories for each working group. We've discussed a number of ways to accomplish this, and have concluded that the

Re: [cabfpub] Changing the default branch on https://github.com/documents/

I'll be making this change at 11:00 PDT / 18:00 UTC today. If you have a local clone of the documents repository, you may want to update it to recognize "main" as the new default branch once I've completed this change. - Wayne On Fri, Jul 17, 2020 at 10:00 AM Wayne Thayer wrote: > As you may

[cabfpub] Changing the default branch on https://github.com/documents/

As you may be aware, there is an effort underway in many organizations to move away from naming the default branch of GitHub repositories "master" [1]. This was discussed by the Infrastructure subcommittee and it was agreed to change the name to "main" in the CAB Forum documents repository on

Re: [cabfpub] VOTING BEGINS: BALLOT Forum 13: Correct Code Signing Certificate Working Group Charter error

Mozilla votes Yes on ballot Forum 13. - Wayne On Tue, Mar 31, 2020 at 5:01 PM Dean Coclin via Public wrote: > Voting begins on Ballot Forum 13 > > > > Start Time: March 31, 2020 8:00pm Eastern > > > > End Time: April 7, 2020 8:00pm Eastern > > > > > > *From:* Public *On Behalf Of *Dean Coclin

Re: [cabfpub] Creation of S/MIME Certificates Working Group

Thank you Clint! I have reviewed this draft and I'm happy with it. Assuming that Tim and Ryan feel their concerns have been addressed, I am willing to endorse a new ballot on behalf of Mozilla. - Wayne On Thu, Mar 12, 2020 at 8:07 AM Clint Wilson via Public wrote: > Sure thing, here’s a Word

Re: [cabfpub] Voting Begins: Forum-11: Creation of S/MIME Certificates Working Group

Mozilla Abstains on ballot Forum-11. It is important to ensure that all feedback is considered, and with this vote I support taking more time to do that. However, there is a fundamental disagreement on scope for this WG that remains unresolved, and this vote has unfortunately conflated the scope

Re: [cabfpub] Ballot Forum-11: Creation of S/MIME Certificates Working Group

Ryan - Thank you for pointing out the past discussions. it's unfortunate that this ballot has lingered for so long and as a result it's possible that some of your feedback from a year ago was (unintentionally, I believe) "ignored". In reviewing [12], I observe the following: * As noted, most, but

Re: [cabfpub] Ballot Forum-11: Creation of S/MIME Certificates Working Group

quot; Tim or Ben: this was part of the draft Ben proposed over a year ago. Do you have any information on why this was included? > Best regards, > Dimitris. > > > > On 2020-02-06 12:45 π.μ., Wayne Thayer via Public wrote: > > Based on my recollection of the Guangzhou d

Re: [cabfpub] Ballot Forum-11: Creation of S/MIME Certificates Working Group

Based on my recollection of the Guangzhou discussion, and supported by the minutes, the "path forward agreed to in Guangzhou" was that we would take this charter to a ballot without further attempts to resolve the issue of including identity in the charter's scope. There does not appear to be a

Re: [cabfpub] Forum-XXX: S/MIME Working Group - looking for comments and endorsements

Thanks Tim and Stephen for incorporating my earlier suggestions and for moving this forward - it's is a nice holiday gift. Something that was present in earlier drafts but that I failed to call out is that the introduction, in a few different spots, implies that S/MIME certificates must contain

[cabfpub] Mozilla Root Store Policy Update

For those CA members who were not in attendance during my Mozilla Update presentation in Guangzhou, I'd like to once again call attention to the upcoming Mozilla policy changes that may affect you. Those changes include: * Requiring EKUs in end-entity certificates by 1-July 2020 * Requiring

Re: [cabfpub] FW: Ballot FORUM-10: Re-charter Forum Infrastructure Working Group

Mozilla votes Yes to ballot FORUM-10. - Wayne On Mon, Sep 30, 2019 at 8:27 AM Jos Purvis (jopurvis) via Public < public@cabforum.org> wrote: > The following ballot is proposed by Jos Purvis of Cisco, endorsed by Wayne > Thayer of Mozilla and Ben Wilson of DigiCert. Voting begins at *2100 UTC >

Re: [cabfpub] Ballot FORUM-10: Re-charter Forum Infrastructure Working Group

Jos, Thanks for posting this. Two comments: - You need to indicate who your two endorsers are. Ben and I had previously offered to endorse. - Per bylaw section 2.3(3) it's at least preferable to leave the voting start and end dates empty until you begin the voting. That allows for new versions

[cabfpub] Voting Ends Monday on Ballot Forum-9 - Bylaws and Server Certificate Working Group Charter Updates

Reminder: voting on this ballot ends on Monday 20-May at 19:00 UTC. On Mon, May 13, 2019 at 11:59 AM Wayne Thayer wrote: > Purpose of Ballot: The Forum has identified and discussed a number of > improvements to be made to the current version of the Bylaws to improve > clarity and allow the

Re: [cabfpub] Voting Begins: Ballot Forum-9 - Bylaws and Server Certificate Working Group Charter Updates

Mozilla votes Yes to ballot Forum-9. - Wayne On Mon, May 13, 2019 at 11:59 AM Wayne Thayer wrote: > Purpose of Ballot: The Forum has identified and discussed a number of > improvements to be made to the current version of the Bylaws to improve > clarity and allow the Forum to function more

[cabfpub] Voting Begins: Ballot Forum-9 - Bylaws and Server Certificate Working Group Charter Updates

Purpose of Ballot: The Forum has identified and discussed a number of improvements to be made to the current version of the Bylaws to improve clarity and allow the Forum to function more effectively. Major changes include: * Formalize Subcommittees at the Forum level * Automatically grant Forum

[cabfpub] Review Period Begins: Ballot Forum-9 - Bylaws and Server Certificate Working Group Charter Updates

Ballot Forum-9 Purpose of Ballot: The Forum has identified and discussed a number of improvements to be made to the current version of the Bylaws to improve clarity and allow the Forum to function more effectively. Major changes include: * Formalize Subcommittees at the Forum level *

Re: [cabfpub] Bylaws 2.2 Pre-Ballot

Here is the proposed change: https://github.com/cabforum/documents/commit/4866f8f85665cb308f6d5429ad64797e1e9e8d37 On Thu, Apr 25, 2019 at 2:41 PM Kirk Hall wrote: > Yes, sorry > > > > *From:* Tim Hollebeek > *Sent:* Thursday, April 25, 2019 2:36 PM > *To:* Wayne Thayer ; Kirk Hall < >

Re: [cabfpub] Bylaws 2.2 Pre-Ballot

I prefer Kirk's suggestion. On Thu, Apr 25, 2019 at 1:39 PM Kirk Hall wrote: > Another option is to keep with the regular Bylaws numbering, and include a > reference to IPRA in parenthesis: > > > > 5.3.1(a) [Referred to as 5.3.1(1) in IPR Agreement ]: Blah blah > > > > *From:* Public *On

Re: [cabfpub] Bylaws 2.2 Pre-Ballot

ces 5.3.1 (a) and > 5.3.1 (e) of the Bylaws. > > I'm not sure how we can overcome this. Is it clear to everyone that (a) > corresponds to 1, (b) corresponds to 2 and so on? > > > Dimitris. > > On 25/4/2019 1:53 π.μ., Wayne Thayer via Public wrote: > > Som

Re: [cabfpub] Bylaws 2.2 Pre-Ballot

Some additional fixes have been made to the Bylaws document. Here is the latest: https://github.com/cabforum/documents/blob/26b2432038dd5445a4ae8b5783a95bbacd4a4b95/docs/Bylaws.md The changes are: 1. Fixed formatting of "Member" in the definitions section. 2. Changed the list formatting

[cabfpub] Bylaws 2.2 Pre-Ballot

Below is a proposed ballot for the Bylaws updates that we have been discussing for some time. As I mentioned on today's call, I have referenced the documents on GitHub in the body of the ballot rather than attaching PDFs as was done in the last major Bylaws ballot. I have used permalinks that

[cabfpub] Bylaws 2.2 - Final Draft

I'm attaching a redline of the changes made to the draft of the Bylaws based on feedback from the pre-ballot review period and discussion at the F2F meeting. There are still a few open questions that we can discuss on tomorrow's call: - Should we include a conversion of the Infrastructure WG to a

Re: [cabfpub] [cabfquest] BR 7.1.4.2.2.j Other Subject Attributes

On Wed, Feb 20, 2019 at 3:26 PM Geoff Keating via Public < public@cabforum.org> wrote: > My response would be that the OU could be a single hyphen minus, but this > does not mean ‘absent’ or ’none provided’, it means the organization unit’s > name is ‘-’. (Perhaps other units are called ‘•’,

Re: [cabfpub] Bylaws: Update Membership Criteria (section 2.1)

On today's call we discussed an alternative approach to updating Bylaws section 2.1: change the Forum level membership requirement to: CWG Members are automatically granted Forum membership. Then ensure that all CWG charters specify appropriate membership criteria. This approach has some

Re: [cabfpub] cabfpub] Bylaws: Add Forum Subcommittees

uidelines, and is not a WG. > > > > We need to keep focused on the language of the IPRA and what it covers – > which is only development of Guidelines at the WG level. So long as the > Forum (and its subcommittees) stays away from that, we should be good. > > > > *From:

Re: [cabfpub] [EXTERNAL]Re: Draft SMIME Working Group Charter

It would seem > that it should be included in the scope to cover current practice. > > > > Thanks, Bruce. > > > > *From:* Public [mailto:public-boun...@cabforum.org > ] *On Behalf Of *Wayne Thayer via Public > *Sent:* January 25, 2019 1:37 PM > *To:* Ryan

Re: [cabfpub] Draft SMIME Working Group Charter

On Fri, Jan 25, 2019 at 11:45 AM Ryan Sleevi wrote: > > On Fri, Jan 25, 2019 at 1:37 PM Wayne Thayer wrote: > >> I agree that we should exclude identity validation from the initial scope >> of this working group. >> >> On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public < >>

Re: [cabfpub] Draft SMIME Working Group Charter

I agree that we should exclude identity validation from the initial scope of this working group. On Fri, Jan 25, 2019 at 10:04 AM Ryan Sleevi via Public wrote: > > Finally, regarding membership criteria, I'm curious whether it's necessary > to consider WebTrust for CAs / ETSI at all. For work

[cabfpub] Creating Ballot Redlines in GitHub

I've published a step-by-step guide to creating redlines for ballots on GitHub. You can find it on the wiki under 'Ballots'. If you try this and get stuck, I'm happy to help. Thanks to everyone who helped by reviewing the doc. Wayne ___ Public mailing

[cabfpub] Bylaws: Update Membership Criteria (section 2.1)

On today's call we discussed a number of changes to the bylaws aimed at clarifying the rules for membership. The proposal for section 2.1(a)(1) resulting from today's discussion is: Certificate Issuer: The member organization operates a certification > authority that has a publicly-available

[cabfpub] Bylaws: Add Forum Subcommittees

On today's call, we discussed the addition of the following section to the Bylaws: 5.6Subcommittees > The Forum may establish subcommittees of the Forum by ballot to address > any of the Forum’s business as specified in the ballot. Subcommittees are > open to all Forum Members. A Forum

Re: [cabfpub] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

Mozilla votes Yes on ballot SC13. - Wayne On Mon, Dec 17, 2018 at 4:55 PM Tim Hollebeek via Servercert-wg < servercert...@cabforum.org> wrote: > > > Ballot SC13: CAA Contact Property and Associated E-mail Validation Methods > > Purpose of Ballot: Increasingly, contact information is not

Re: [cabfpub] Interest in Ed25519 and/or Ed448?

Mozilla is interested in adding EdDSA support to Firefox, but we don't currently have the work scheduled. If someone wants to submit a patch, we'd be happy to consider it. The tracking bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1325335 - Wayne On Wed, Dec 19, 2018 at 4:36 AM Rob

Re: [cabfpub] Ad-hoc Bylaw Review group

Tim, >From your message, I'm not sure if you're offering to coordinate such a group and are looking for volunteers, or just pointing out the way forward? If you're looking for volunteers, count me in. - Wayne On Wed, Oct 17, 2018 at 11:26 AM Tim Hollebeek via Public < public@cabforum.org>

Re: [cabfpub] Voting ENDS on Oct. 5 for Forum-7 - Update ETSI requirements in the SCWG Charter

Mozilla votes Yes on ballot Forum-7. - Wayne On Mon, Oct 1, 2018 at 3:09 PM Kirk Hall via Public wrote: > Voting ENDS on Friday, Oct. 5 for Forum-7 - Update ETSI requirements in > the SCWG Charter. (This ballot is the companion to Ballot Fprim-6, which > just passed today.) > > > > *From:*

Re: [cabfpub] VOTING HAS STARTED Forum-6 - Update ETSI requirements in the Bylaws

Mozilla votes Yes to ballot FORUM-6. - Wayne On 17/9/2018 7:37 μμ, Dimitris Zacharopoulos via Public wrote: > The following motion has been proposed by Dimitris Zacharopoulos of HARICA > and endorsed by Moudrick M. Dadashov of SSC and Mads Egil Henriksveen from > Bypass. > > *Background*: > >

Re: [cabfpub] Voting has started on Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Mozilla votes Yes on ballot SC10. - Wayne On Thu, Sep 27, 2018 at 5:26 PM Kirk Hall via Public wrote: > Voting ends on 4 October 2018 at 22:00 UTC. > > > > *From:* Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] *On > Behalf Of *Dimitris Zacharopoulos via Servercert-wg > *Sent:*

Re: [cabfpub] Voting has started on Ballot SC9 – Establish the Validation Subcommittee of the SCWG

Mozilla votes Yes on Ballot SC9 v4. - Wayne On Wed, Sep 26, 2018 at 11:04 AM Kirk Hall via Public wrote: > Voting has started on this ballot, and will end on October 3 at 16:00 UTC > > > > *From:* Servercert-wg [mailto:servercert-wg-boun...@cabforum.org] *On > Behalf Of *Wayne Thayer via

Re: [cabfpub] [Servercert-wg] Ballot FORUM-4 v3

Mozilla votes Yes to ballot FORUM-4 v3 On Fri, Sep 14, 2018 at 11:50 AM Tim Hollebeek via Servercert-wg < servercert...@cabforum.org> wrote: > > > As no additional typos or mistakes appear to have been found in the > proposed redline, Ballot FORUM-4 v2 is hereby withdrawn, and this new > Ballot

Re: [cabfpub] FW: Notice of Review Period - Ballot SC6 (Part 2)

If you represent a CA, please be aware that this ballot goes into effect on 14-October and likely requires some updates to your CP/CPS. Revocation requirements (section 4.9.1.1) have changed, and your problem reporting instructions must now be described in section 1.5.2. Thanks, Wayne On Fri,

Re: [cabfpub] Ballot Forum-2 - Chair and Vice-Chair Term Extensions

Mozilla votes Yes on ballot Forum-2. - Wayne On Wed, Sep 5, 2018 at 9:35 PM Ben Wilson via Public wrote: > *Ballot Forum-2 - Chair and Vice-Chair Term Extensions* > > > > Ben Wilson of DigiCert calls the following proposed ballot to be published > for discussion and comment by the CABF

Re: [cabfpub] [EXTERNAL]Re: Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

On Fri, Sep 14, 2018 at 1:50 PM Tim Hollebeek wrote: > Wayne, > > > > My position is that LWGs are handled via the process in 5.3.4, and not > 5.3.1(e), and as such, the Validation WG is somewhat special. > 5.3.4 says "...converting to a Subcommittee under a CWG pursuant to Section 5.3.1(e).",

Re: [cabfpub] [EXTERNAL]Re: Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

On Fri, Sep 14, 2018 at 11:40 AM Tim Hollebeek via Public < public@cabforum.org> wrote: > Ryan, > > > I am not Ryan, but... Unfortunately, as a native Californian, I am a very non-violent person, and > the Code of Conduct explicitly forbids violence, so can we be in utterly > non-violent

Re: [cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

On Thu, Sep 13, 2018 at 5:05 PM Ryan Sleevi wrote: > Why does a subcommittee need this? > > How can we answer that when we don't know what the heck a Subcommittee is? I would characterize the problem as more than confusion, which implies that there is a correct answer to these Subcommittee

Re: [cabfpub] Ballot SC10 – Establishing the Network Security Subcommittee of the SCWG

Would it be helpful to take a step back and propose an amendment to the Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I would be willing to work on that. Meanwhile, if the Network Security WG left some urgent work unfinished, nothing prevents SCWG members from

Re: [cabfpub] Ballot SC9 – Conversion of Validation and NetSec Working Groups to SCWG Subcommittees

In my opinion it makes some sense to move forward with a conversion of the Validation WG to a Subcommittee with the existing broad scope and no expiration date. On Thu, Sep 13, 2018 at 3:21 PM Kirk Hall wrote: > I’m taking your comment as saying you will vote in favor of the ballot if > I make

Re: [cabfpub] Ballot SC9 – Conversion of Validation and NetSec Working Groups to SCWG Subcommittees

Kirk, My concern is that the ballot doesn't explicitly state what you (and I agree) believe is intended here. Someone in the future can look back at the ballot language we passed with SC9 and interpret it differently. Simply copying the VWG scope (and deliverables) into the body of the motion

Re: [cabfpub] Ballot SC9 – Conversion of Validation and NetSec Working Groups to SCWG Subcommittees

This ballot doesn't appear to account for any of the scoping proposed or concerns raised in this thread: https://cabforum.org/pipermail/public/2018-July/013736.html If the intent here is that conversion of an existing WG binds the new subcommittee to the original scope of the WG, then that should

Re: [cabfpub] Ballot SC6 v3 - Revocation Timeline Extension

Mozilla votes Yes to ballot SC6 v3. - Wayne On Mon, Sep 10, 2018 at 11:54 AM Wayne Thayer wrote: > This ballot entered the voting period late on Friday. Voting ends this > Friday 2018-09-14 at 20:00 UTC. > > On Fri, Aug 31, 2018 at 12:51 PM Wayne Thayer wrote: > >> Here is version 3 of this

Re: [cabfpub] Ballot SC6 v3 - Revocation Timeline Extension

This ballot entered the voting period late on Friday. Voting ends this Friday 2018-09-14 at 20:00 UTC. On Fri, Aug 31, 2018 at 12:51 PM Wayne Thayer wrote: > Here is version 3 of this ballot, incorporating changes to v2 suggested by > Bruce and Ryan (thanks!). > > I noticed that our current

Re: [cabfpub] Ballot SC5: Election of Server Certificate Working Group Vice Chair

On Fri, Sep 7, 2018 at 7:26 AM Tim Hollebeek wrote: > This is correct. The ballot requirements for endorsers and discussion > periods applies to _*all*_ ballots. The bylaws are pretty clear on that; > it’s even in the title of section 2.3. > > > > The fact that 4.1(c) of the bylaws requires a

Re: [cabfpub] Ballot SC5: Election of Server Certificate Working Group Vice Chair

Bylaws section 2.3 ("General Provisions Applicable to all Ballots") says "Any proposed ballot needs two endorsements by other Members in order to proceed." The language in section 4 describing "confirmation ballots" and "election ballots" appears to fall under this requirement. On Thu, Sep 6,

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

On Tue, Sep 4, 2018 at 11:10 AM Ryan Sleevi via Servercert-wg < servercert...@cabforum.org> wrote: > > On Tue, Sep 4, 2018 at 1:53 PM Dimitris Zacharopoulos > wrote: > >> The CA will still get an "unclean" report anyway because of the RFC5280 >>> violation or the mis-issuance per se, we are not

[cabfpub] Ballot SC6 v3 - Revocation Timeline Extension

Here is version 3 of this ballot, incorporating changes to v2 suggested by Bruce and Ryan (thanks!). I noticed that our current bylaws have reverted back to a fixed-length discussion period, so I have changed this version to comply. == Ballot SC6 version

Re: [cabfpub] [Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension

On Fri, Aug 31, 2018 at 9:21 AM Ryan Sleevi wrote: > > > On Fri, Aug 31, 2018 at 12:10 PM Wayne Thayer wrote: > >> But aren't these distinct organizations? >>> >> > >> In what sense? Certainly in the physical world they are the same. >> > > In the information being reported in the certificate.

Re: [cabfpub] Ballot SC8: Election of Server Certificate Working Group Chair

Mozilla votes Yes to ballot SC8 - Wayne On Thu, Aug 30, 2018 at 8:01 AM Kirk Hall via Public wrote: > *Ballot SC8: Election of Server Certificate Working Group Chair – Term > Nov. 1, 2018 – Oct. 31, 2020* > > > > > > *-Motion begins-* > > > > In accordance with Bylaw 4.1(c), *Dimitris

Re: [cabfpub] [Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension

On Thu, Aug 30, 2018 at 6:24 PM Ryan Sleevi wrote: > > > On Thu, Aug 30, 2018 at 6:41 PM Wayne Thayer via Servercert-wg < > servercert...@cabforum.org> wrote: > >> On Thu, Aug 30, 2018 at 10:42 AM Ryan Sleevi wrote: >> >>> Thanks Wayne. >>> >>> I know you're intentionally avoiding the

Re: [cabfpub] [Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension

On Thu, Aug 30, 2018 at 10:42 AM Ryan Sleevi wrote: > Thanks Wayne. > > I know you're intentionally avoiding the controversial cleanups with this > specific Ballot, so it will be good to have a follow-on discussion for > those matters, as CAs will no doubt having to make only one update to their

Re: [cabfpub] [Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension

On Wed, Aug 29, 2018 at 9:05 AM Ryan Sleevi wrote: > > > On Wed, Aug 29, 2018 at 11:53 AM Wayne Thayer wrote: > >> On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton < >> bruce.mor...@entrustdatacard.com> wrote: >> >>> Works for me. >>> >>> Bruce. >>> >>> On Aug 29, 2018, at 10:29 AM, Ryan Sleevi

Re: [cabfpub] [Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension

On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton < bruce.mor...@entrustdatacard.com> wrote: > Works for me. > > Bruce. > > On Aug 29, 2018, at 10:29 AM, Ryan Sleevi wrote: > > Just to confirm: Your concern is about the CA feeling that the evidence > does not meet any of the requirements to revoke,

[cabfpub] Ballot SC6 v2 - Revocation Timeline Extension

Here is version 2 of this ballot, incorporating many of the improvements that have been proposed. The original discussion period began more than 14 days ago, so per the bylaws this is the start of a new discussion period, and voting can begin no sooner than 7 days from now.

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

Doug, On Thu, Aug 23, 2018 at 12:26 PM Doug Beattie wrote: > Wayne and Ryan, > > > > I received some good out-of-band suggestions so I’m passing those along. > > > > Generally - though not always (e.g. zero days) - attacks are seen as > 'possible', then 'feasible' before they become

Re: [cabfpub] [EXTERNAL]Re: Issuance of certificates for keys reported as compromised

On Tue, Aug 21, 2018 at 2:15 PM Bruce Morton via Public wrote: > BR 6.1.1.3 states “The CA SHALL reject a certificate request if the > requested Public Key does not meet the requirements set forth in Sections > 6.1.5 and 6.1.6 or if it has a known weak Private Key (such as a Debian > weak key,

Re: [cabfpub] [Servercert-wg] Ballot SC6 - Revocation Timeline Extension

On Mon, Aug 20, 2018 at 1:43 PM Doug Beattie wrote: > Tim, > > > > I agree that Vulnerability is different from key compromise and the > actions we take should reflect that and I think we should try to keep 12 > and 13 type events in the 5-day list. > > > > Is our strategy to have

Re: [cabfpub] VOTING BEGINS: Ballot FORUM-1: Establish Forum Infrastructure Working Group

Mozilla votes Yes on ballot FORUM-1. - Wayne > *From: *Public on behalf of CA/B Forum > Public List > *Reply-To: *"Jos Purvis (jopurvis)" , CA/B Forum > Public List > *Date: *Sunday, 12 August, 2018 at 22:47 > *To: *CA/B Forum Public List > *Subject: *[cabfpub] (Final? Update) Ballot

Re: [cabfpub] [Servercert-wg] [EXTERNAL]Re: Ballot SC6 - Revocation Timeline Extension

nt with #3? >> >> >> >> While this is the same argument that I've made in the past, I think the >> goal here is to reduce ambiguity for those that might take a tortured >> reading of the text. >> >> >> >> For example, at least one vendor 'obfuscated' the

Re: [cabfpub] [Servercert-wg] Ballot SCx: "Remove Any Other Method" for IPs

Thanks for pulling this together Tim. I would also be happy to endorse once we get it cleaned up. I noticed a few wording issues - can we put this on GitHub and collaborate there? I'm happy to do that if you'd like. Wayne On Fri, Aug 17, 2018 at 9:56 AM Tim Hollebeek via Servercert-wg <

Re: [cabfpub] Ballot SC6 - Revocation Timeline Extension

On Thu, Aug 16, 2018 at 3:10 PM Geoff Keating wrote: > I see we’re changing "The CA determines that any of the information > appearing in the Certificate is inaccurate or misleading” to remove “or > misleading”. > > With that change, is there still an equivalent for non-wildcard > certificates

Re: [cabfpub] [EXTERNAL] Ballot SC6 - Revocation Timeline Extension

On Thu, Aug 16, 2018 at 2:13 PM Curt Spann wrote: > Hi Wayne, > > Have you considered adding language to address what happens if the domain > registration is sold or transferred to other person/org? I am thinking of > the scenario where a person buys a domain name and would like the > previously

[cabfpub] Off Topic: mozilla.dev.security.policy Mailing List is Down

Apologies for the off-topic post. For those who participate in the mozilla.dev.security.policy forum, please read on: I discovered earlier this afternoon that delivery of messages to the Mozilla list are being delayed by more than 24 hours, apparently due to some recent infrastructure changes. I

Re: [cabfpub] [EXTERNAL] Ballot SC6 - Revocation Timeline Extension

any change that could derail this ballot. Thanks, Bruce. > > > > *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Wayne > Thayer via Public > *Sent:* August 13, 2018 4:58 PM > *To:* CA/B Forum Server Certificate WG Public Discussion List < > servercert

[cabfpub] Ballot SC6 - Revocation Timeline Extension

This begins the formal discussion period for ballot SC6. == Ballot SC6: Revocation Timeline Extension Purpose of Ballot: Section 4.9.1.1 of the Baseline Requirements currently requires CAs to revoke a Subscriber certificate within 24 hours of

Re: [cabfpub] [EXTERNAL] Reviving Ballot 213 - Revocation Timeline Extension

> List > Sent: Fri, 22 Jun 2018 9:13 > Subject: Re: [cabfpub] [EXTERNAL] Reviving Ballot 213 - Revocation > Timeline Extension > > I’ll endorse this. > > > > -Tim > > > > *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Wayne > Thayer via Publi

Re: [cabfpub] [Servercert-wg] Ballot SC4 - email and CAA CONTACT

On Fri, Aug 3, 2018 at 2:01 PM Tim Hollebeek wrote: > Does changing that noun phrase to Authorization Domain Name address your > concern? > > > Yes, that fixes the issue. ___ Public mailing list Public@cabforum.org

Re: [cabfpub] [Servercert-wg] Ballot SC4 - email and CAA CONTACT

I understood that my comment on the phrase "domain being validated" in the appendix would be addressed in this ballot? On Fri, Aug 3, 2018 at 9:19 AM Tim Hollebeek via Servercert-wg < servercert...@cabforum.org> wrote: > I expect the email address would be the entirety of the RDATA for the RR, >

Re: [cabfpub] Draft Ballot FORUM-1: Establish Forum Infrastructure Working Group

Looks good Jos, just a few suggested tweaks: The proposer of the ballot, Jos Purvis, will act as chair of the Working Group until the first Working Group Teleconference, at which time the group will select a chair and vice-chair either through election or acclamation of those present. The chair

Re: [cabfpub] Draft Ballot FORUM-1: Establish Forum Infrastructure Working Group

Jos - I have a few minor comments: * I would like the ballot to either define the initial chair, or define a method for electing that person. I see no reason to wait until the WG is formed to figure that out. * I would like the minimum quorum for a vote to always be 'the larger of 5 or the

Re: [cabfpub] [Servercert-wg] Voting Begins: Ballot SC2 - version 2: Validating certificates via CAA CONTACT

Mozilla abstains on ballot SC2. While I do believe this method is beneficial, I have a few concerns that can be addressed with more time: - the concerns that Google raised were never clearly resolved on the list. - the reference to “domain being validated” in the appending is unclear. Is that

Re: [cabfpub] [Servercert-wg] Ballot SC3: Improvements to Network Security Guidelines

On Fri, Jul 13, 2018 at 4:50 AM Tim Hollebeek wrote: > Do you have proposed modifications that would address these questions? I > would be happy to incorporate them. > > > How about this: iv. Frequent password changes have been shown to cause users to select less

Re: [cabfpub] [Servercert-wg] Ballot SC3: Improvements to Network Security Guidelines

How are the concerns that were raised by Microsoft (copied below for reference) addressed in this version? If the intent is for the language in section 2.g(iv) to only apply to periodic, policy-driven password changes and not to prevent event-driven changes, I think that should be clarified. *

Re: [cabfpub] List of which CAs use which methods from Section 3.2.2.4?

I've proposed a ballot that would require validation methods to be documented in publicly trusted certificates: https://cabforum.org/pipermail/validation/2018-June/000917.html And have since received some feedback and revised it: https://cabforum.org/pipermail/validation/2018-June/000953.html

Re: [cabfpub] Membership Application of Sony

The part that I find unclear is how one becomes a member of the Server Certificate WG. The charter defines membership criteria but there doesn't appear to be a process for adding members at the WG level. On Wed, Jun 27, 2018 at 10:21 AM Kirk Hall via Public wrote: > Summary based on quotes from

Re: [cabfpub] [EXTERNAL] Reviving Ballot 213 - Revocation Timeline Extension

hu, May 17, 2018 at 1:17 AM Kirk Hall wrote: > I will add this to the Agenda for the F2F plenary session in London > > > > *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Wayne > Thayer via Public > *Sent:* Wednesday, May 16, 2018 1:00 PM > *To:* CA/Br

Re: [cabfpub] [EXTERNAL]Re: Voting Begins: Ballot 221: Two-Factor Authentication and Password Improvements

On Wed, May 23, 2018 at 5:21 AM Tim Hollebeek wrote: > People fought pretty hard for the ability to post ballots without > redlines; this isn’t the first by far. I actually opposed that and lost. > > > > I looked at the last handful of ballots. All of them (224, 223,

Re: [cabfpub] Voting Begins: Ballot 221: Two-Factor Authentication and Password Improvements

I'm unable to locate a redline of the changes in this final version of the ballot, making it difficult to vote. Is this not a "Draft Guideline Ballot" that should be clearly labeled as proposing a Final Maintenance Guideline, and that requires a redline be provided? - Wayne On Tue, May 22, 2018

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

On Fri, May 18, 2018 at 9:02 AM Ryan Sleevi via Public wrote: > Do we really need "one or more"? Isn't that the same problem of "We may or > may not boil the ocean along the way"? > > < +1 > > Concrete deliverables, along with lightweight rechartering, is a model > that

Re: [cabfpub] Reviving Ballot 213 - Revocation Timeline Extension

On Wed, May 16, 2018 at 1:19 PM Ryan Sleevi <sle...@google.com> wrote: > > On Wed, May 16, 2018 at 4:00 PM, Wayne Thayer via Public < > public@cabforum.org> wrote: > >> Lat year, Jeremy proposed changes to section 4.9 of the BRs. I'd like to >> revive that

[cabfpub] Reviving Ballot 213 - Revocation Timeline Extension

Lat year, Jeremy proposed changes to section 4.9 of the BRs. I'd like to revive that discussion with the following ballot proposal: https://github.com/cabforum/documents/compare/master...wthayer:patch-1 Summary of Changes: * The first change creates a tiered timeline for revocations. The most

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Mozilla votes Yes on Ballot 224. - Wayne On Tue, May 15, 2018 at 12:21 PM Wayne Thayer wrote: > Ballot 224: WHOIS and RDAP > > Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the > successor to WHOIS, and this ballot adds explicit support for RDAP to the >

[cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Ballot 224: WHOIS and RDAP Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the successor to WHOIS, and this ballot adds explicit support for RDAP to the BRs by adding a definition of "WHOIS". The new definition permits the use of the registry or registrar's web interface, and

Re: [cabfpub] Discussion Period: Ballot 224: WHOIS and RDAP

Since there has been no discussion, I plan to begin the voting period on this ballot tomorrow. On Thu, May 3, 2018 at 12:02 PM Wayne Thayer wrote: > Ballot 224: WHOIS and RDAP > > Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the > successor to WHOIS, and

Re: [cabfpub] Voting begins for Ballot 223 v2 - Update BR Section 8.4 for CA audit criteria

Mozilla votes yes on ballot 223 v2. On Mon, May 7, 2018 at 9:49 PM Dimitris Zacharopoulos via Public < public@cabforum.org> wrote: > The following motion has been proposed by Dimitris Zacharopoulos of HARICA > and endorsed by Moudrick M. Dadashov of SSC and Tim Hollebeek from > Digicert. > >

[cabfpub] Discussion Period: Ballot 224: WHOIS and RDAP

Ballot 224: WHOIS and RDAP Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the successor to WHOIS, and this ballot adds explicit support for RDAP to the BRs by adding a definition of "WHOIS". The new definition permits the use of the registry or registrar's web interface, and

Re: [cabfpub] CABLint

At this point there are enough inconsistencies between cablint and zlint that I find both valuable. For example: https://crt.sh/?caid=1661=cablint,zlint=2017-01-01 - Wayne On Mon, Apr 16, 2018 at 5:00 AM, Doug Beattie via Public < public@cabforum.org> wrote: > Hi Dave, > > > > I was looking

  1   2   >