Re: [cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

2018-12-21 Thread Tim Hollebeek via Public
Russ and I are working with IETF on getting an expert appointed.

-Tim

> -Original Message-
> From: Paul Hoffman 
> Sent: Thursday, December 20, 2018 11:49 AM
> To: Rob Stradling ; CA/B Forum Server Certificate WG
> Public Discussion List 
> Cc: Tim Hollebeek ; CA/Browser Forum Public
> Discussion List 
> Subject: Re: [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA
> Contact Property and Associated E-mail Validation Methods
> 
> 
> 
> > On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg
 w...@cabforum.org> wrote:
> >
> > Sectigo votes NO.
> >
> > We don't object to the idea behind this ballot, and we don't have any
> > specific objections to the content of this ballot either.  However, the
> > IETF has a process for defining new CAA properties, and this process
> > needs to be followed.
> >
> > https://tools.ietf.org/html/rfc6844#section-7.2 says:
> >   "Addition of tag identifiers requires a public specification and
> >Expert Review as set out in [RFC6195], Section 3.1.1."
> >
> > The BRs is a "public specification", certainly.  However, *before* the
> > new CAA property proposed by this ballot can become enshrined as a
> > requirement in the BRs:
> >   1. An application for "Expert Review" must be submitted
> >   and
> >   2. An "approved" response from the designated Expert must be received
> >
> > Since IANA has not yet assigned any Expert(s) to the caa-properties
> > registry [1], it's clear that the required "Expert Review" has not yet
> > occurred.
> >
> >
> > [1]
> > https://www.iana.org/assignments/pkix-parameters/pkix-
> parameters.xhtml#caa-properties
> 
> It is worthwhile noting the paragraph of RFC 6844 immediately after the
one
> quoted above:
> 
>The tag space is designed to be sufficiently large that exhausting
>the possible tag space need not be a concern.  The scope of Expert
>Review SHOULD be limited to the question of whether the specification
>provided is sufficiently clear to permit implementation and to avoid
>unnecessary duplication of functionality.
> 
> Even though there is not yet an expert reviewer (which is odd, given that
> they've had almost six years to make that assignment), this text makes it
> sound like the registration in this ballot would very likely be accepted,
and if
> it wasn't, an appeal would almost certainly win.
> 
> If this ballot passes, someone from CABForum should send a message to the
> IESG saying "there was no reviewer, we added a property that we think
> meets the requirements, and as soon as you assign an expert reviewer
> (cough cough) we will submit this to the registry".
> 
> --Paul Hoffman


smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public


Re: [cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

2018-12-21 Thread Doug Beattie via Public
Rob,

Is there any reason we can't submit this to the IESG now saying "we're
planning to add a property that we think meets the requirements, and as soon
as you assign an expert reviewer we will submit this to the registry"?  It's
unfortunate this question wasn't raised earlier, but I still recommend
proceeding with the ballot and then working the details with IESG in
parallel with the review period. 

Can you submit this, or who can we submit it to?

Doug

-Original Message-
From: Public  On Behalf Of Rob Stradling via
Public
Sent: Thursday, December 20, 2018 6:47 PM
To: Paul Hoffman ; CA/B Forum Server Certificate WG
Public Discussion List 
Cc: CA/Browser Forum Public Discussion List 
Subject: Re: [cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5:
CAA Contact Property and Associated E-mail Validation Methods

On 20/12/2018 16:48, Paul Hoffman wrote:
> 
> 
>> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg
 wrote:
>>
>> Sectigo votes NO.
>>
>> We don't object to the idea behind this ballot, and we don't have any 
>> specific objections to the content of this ballot either.  However, 
>> the IETF has a process for defining new CAA properties, and this 
>> process needs to be followed.
>>
>> https://tools.ietf.org/html/rfc6844#section-7.2 says:
>>"Addition of tag identifiers requires a public specification and
>> Expert Review as set out in [RFC6195], Section 3.1.1."
>>
>> The BRs is a "public specification", certainly.  However, *before* 
>> the new CAA property proposed by this ballot can become enshrined as 
>> a requirement in the BRs:
>>1. An application for "Expert Review" must be submitted
>>and
>>2. An "approved" response from the designated Expert must be 
>> received
>>
>> Since IANA has not yet assigned any Expert(s) to the caa-properties 
>> registry [1], it's clear that the required "Expert Review" has not 
>> yet occurred.
>>
>>
>> [1]
>> https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtm
>> l#caa-properties
> 
> It is worthwhile noting the paragraph of RFC 6844 immediately after the
one quoted above:
> 
> The tag space is designed to be sufficiently large that exhausting
> the possible tag space need not be a concern.  The scope of Expert
> Review SHOULD be limited to the question of whether the specification
> provided is sufficiently clear to permit implementation and to avoid
> unnecessary duplication of functionality.
> 
> Even though there is not yet an expert reviewer (which is odd, given that
they've had almost six years to make that assignment), this text makes it
sound like the registration in this ballot would very likely be accepted,
and if it wasn't, an appeal would almost certainly win.

Nonetheless, rules are rules.  I'd like to avoid setting a precedent of
CABForum disregarding applicable IETF rules for no good reason.

> If this ballot passes, someone from CABForum should send a message to the
IESG saying "there was no reviewer, we added a property that we think meets
the requirements, and as soon as you assign an expert reviewer (cough cough)
we will submit this to the registry".

--
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public


smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public


Re: [cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

2018-12-20 Thread Rob Stradling via Public
On 20/12/2018 16:48, Paul Hoffman wrote:
> 
> 
>> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg 
>>  wrote:
>>
>> Sectigo votes NO.
>>
>> We don't object to the idea behind this ballot, and we don't have any
>> specific objections to the content of this ballot either.  However, the
>> IETF has a process for defining new CAA properties, and this process
>> needs to be followed.
>>
>> https://tools.ietf.org/html/rfc6844#section-7.2 says:
>>"Addition of tag identifiers requires a public specification and
>> Expert Review as set out in [RFC6195], Section 3.1.1."
>>
>> The BRs is a "public specification", certainly.  However, *before* the
>> new CAA property proposed by this ballot can become enshrined as a
>> requirement in the BRs:
>>1. An application for "Expert Review" must be submitted
>>and
>>2. An "approved" response from the designated Expert must be received
>>
>> Since IANA has not yet assigned any Expert(s) to the caa-properties
>> registry [1], it's clear that the required "Expert Review" has not yet
>> occurred.
>>
>>
>> [1]
>> https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtml#caa-properties
> 
> It is worthwhile noting the paragraph of RFC 6844 immediately after the one 
> quoted above:
> 
> The tag space is designed to be sufficiently large that exhausting
> the possible tag space need not be a concern.  The scope of Expert
> Review SHOULD be limited to the question of whether the specification
> provided is sufficiently clear to permit implementation and to avoid
> unnecessary duplication of functionality.
> 
> Even though there is not yet an expert reviewer (which is odd, given that 
> they've had almost six years to make that assignment), this text makes it 
> sound like the registration in this ballot would very likely be accepted, and 
> if it wasn't, an appeal would almost certainly win.

Nonetheless, rules are rules.  I'd like to avoid setting a precedent of 
CABForum disregarding applicable IETF rules for no good reason.

> If this ballot passes, someone from CABForum should send a message to the 
> IESG saying "there was no reviewer, we added a property that we think meets 
> the requirements, and as soon as you assign an expert reviewer (cough cough) 
> we will submit this to the registry".

-- 
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public


Re: [cabfpub] [Ext] [Servercert-wg] Voting Begins: SC13 version 5: CAA Contact Property and Associated E-mail Validation Methods

2018-12-20 Thread Paul Hoffman via Public


> On Dec 20, 2018, at 8:32 AM, Rob Stradling via Servercert-wg 
>  wrote:
> 
> Sectigo votes NO.
> 
> We don't object to the idea behind this ballot, and we don't have any 
> specific objections to the content of this ballot either.  However, the 
> IETF has a process for defining new CAA properties, and this process 
> needs to be followed.
> 
> https://tools.ietf.org/html/rfc6844#section-7.2 says:
>   "Addition of tag identifiers requires a public specification and
>Expert Review as set out in [RFC6195], Section 3.1.1."
> 
> The BRs is a "public specification", certainly.  However, *before* the 
> new CAA property proposed by this ballot can become enshrined as a 
> requirement in the BRs:
>   1. An application for "Expert Review" must be submitted
>   and
>   2. An "approved" response from the designated Expert must be received
> 
> Since IANA has not yet assigned any Expert(s) to the caa-properties 
> registry [1], it's clear that the required "Expert Review" has not yet 
> occurred.
> 
> 
> [1] 
> https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtml#caa-properties

It is worthwhile noting the paragraph of RFC 6844 immediately after the one 
quoted above:

   The tag space is designed to be sufficiently large that exhausting
   the possible tag space need not be a concern.  The scope of Expert
   Review SHOULD be limited to the question of whether the specification
   provided is sufficiently clear to permit implementation and to avoid
   unnecessary duplication of functionality.

Even though there is not yet an expert reviewer (which is odd, given that 
they've had almost six years to make that assignment), this text makes it sound 
like the registration in this ballot would very likely be accepted, and if it 
wasn't, an appeal would almost certainly win. 

If this ballot passes, someone from CABForum should send a message to the IESG 
saying "there was no reviewer, we added a property that we think meets the 
requirements, and as soon as you assign an expert reviewer (cough cough) we 
will submit this to the registry".

--Paul Hoffman

smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public