Re: [cabfpub] [EXTERNAL]Re: Revised Notice of Review Period - Ballot 198 - .Onion Revisions

On 18/05/17 19:27, Kirk Hall wrote: > So is your opinion that we should record the result of Ballot 198 as > "Invalid" or "Failed"? Yes, Invalid. Gerv ___ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Chunghwa Telecom Co., Ltd. vote “Yes” for Ballot 191 – about clarification of EVGL 9.2.7. Subject Physical Address of Place of Business Field. Thanks for Bruce’s and Ben’s clarification about the text of ballot after my request in last Validation WG call. Sincerely Yours,

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

To be clear: We did vote for it ;) What constitutes a 'comparison showing the set of changes'? We don't really have a defined technical format, and we've continued to grow in the number and ways in which they're shared (PDFs, word documents, rich-text markup for e-mails, wiki forms)? Rich text

Re: [cabfpub] Preballot - Revised Ballot 190

“The certificate request MAY include all factual information about the Applicant to be included in the Certificate, and such additional information as is necessary for the CA to obtain from the Applicant in order to comply with these Requirements and the CA’s Certificate Policy and/or

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Why wouldn’t the wiki version constitute a redlined version? From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: Friday, May 19, 2017 6:53 AM To: CA/Browser Forum Public Discussion List Cc: Ryan Sleevi Subject:

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 8:45 PM, Jeremy Rowley wrote: > A slightly different third interpretation: > > - Obtaining a partial request (under 4.2.1, the certificate request does > not contain all necessary information…) > How is the notion of "partial request"

Re: [cabfpub] Preballot - Revised Ballot 190

> On May 19, 2017, at 5:13 PM, Ryan Sleevi wrote: > > > > On Fri, May 19, 2017 at 7:52 PM, Peter Bowen > wrote: > There is no reason a CA couldn’t pull public records based on info in CT to > help expedite things (for example

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 7:48 PM, Geoff Keating wrote: > > On 19 May 2017, at 3:43 pm, Ryan Sleevi wrote: > > How does that fit with the quoted Section 4.1.2? > > "The certificate request MUST contain a request from, or on behalf of, > the Applicant for the

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Relevant text: a. A Draft Guideline Ballot will clearly indicate whether it is proposing a Final Guideline or a Final Maintenance Guideline. If the Draft Guideline Ballot is proposing a Final Guideline, such ballot will include the full text of the Draft Guideline intended to become a

Re: [cabfpub] Preballot - Revised Ballot 190

A slightly different third interpretation: - Obtaining a partial request (under 4.2.1, the certificate request does not contain all necessary information…) - Obtaining validation documentation (under 3.2.2.4) - Completing the certificate request (4.2.1) - Looking back 825 days at

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

I agree that we don’t have a format. I was surprised that there was doubt on whether the wiki format was sufficient. I used the wiki format specifically to avoid a rich text format. From: Ryan Sleevi [mailto:sle...@google.com] Sent: Friday, May 19, 2017 6:31 PM To: Jeremy Rowley

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 7:52 PM, Peter Bowen wrote: > There is no reason a CA couldn’t pull public records based on info in CT > to help expedite things (for example identifying the company registration > number), but the validation still has to happen. You can’t finalize the >

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 9:04 AM, Gervase Markham wrote: > Hi Ryan, > > On 19/05/17 13:12, Ryan Sleevi via Public wrote: > > Luckily, this is an incorrect interpretation of what's required. It > > would only affect those domains affected by those changed validation > > methods,

Re: [cabfpub] Preballot - Revised Ballot 190

Hi Ryan, On 19/05/17 13:12, Ryan Sleevi via Public wrote: > Luckily, this is an incorrect interpretation of what's required. It > would only affect those domains affected by those changed validation > methods, Indeed, but the point is, many CAs currently do not have records of which method was

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 10:27 AM, Peter Bowen wrote: > > The contention, from my view, is the definition of “data or document”. I > think that all agree that a "utility bill, bank statement, credit card > statement” provided by the customer in order for address verification is >

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Buypass votes YES. Regards Mads From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Bruce Morton via Public Sent: 18. mai 2017 17:59 To: CA/Browser Forum Public Discussion List Cc: Bruce Morton Subject: Re: [cabfpub] Ballot 191 - Clarify Place of Business Information Here is a

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Thanks Bruce for providing this. It's unclear to me, in light of the discussions around 198 - .onion domains - whether this constitutes a proper ballot, since a redline version was not provided. That is, whether the --( )-- (deletion) __ __ (addition) constitute redlines or not. Assuming we

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

DigiCert votes "yes" From: Bruce Morton [mailto:bruce.mor...@entrustdatacard.com] Sent: Thursday, May 18, 2017 9:59 AM To: CA/Browser Forum Public Discussion List Cc: Ben Wilson Subject: RE: Ballot 191 - Clarify Place of Business Information

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Trustwave votes Yes on Ballot 191. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley via Public Sent: Thursday, May 11, 2017 10:51 AM To: CA/Browser Forum Public Discussion List > Cc: Jeremy Rowley

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

GlobalSign votes Yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley via Public Sent: Monday, May 8, 2017 5:41 PM To: CA/Browser Forum Public Discussion List Cc: Jeremy Rowley Subject: [cabfpub] Ballot 191 - Clarify

Re: [cabfpub] Preballot - Revised Ballot 190

> On May 19, 2017, at 7:45 AM, Ryan Sleevi wrote: > > > > On Fri, May 19, 2017 at 10:27 AM, Peter Bowen > wrote: > The contention, from my view, is the definition of “data or document”. I > think that all agree that a "utility bill,

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 2:00 AM, Kirk Hall via Public wrote: > > As Gerv said a few weeks ago, requiring revalidation of all outstanding > domains every time there is an incremental improvement in domain validation > methods will turn out to be a tremendous disincentive to

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 5:16 PM, Peter Bowen wrote: > > It was my intent and understanding that the 30 days had nothing to do with > 4.2.1 or 3.2.2.4’s reuse requirements or allowances. We wanted to limit > how long a validation could be in a “pending” state. Therefore we added a

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

HARICA votes "yes" to ballot 191. Dimitris. On 18/5/2017 6:59 μμ, Bruce Morton via Public wrote: Here is a markup of BR section 9.2.7 for ballot 191. Thanks, Bruce. *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Ben Wilson via Public *Sent:* Thursday, May 18, 2017

Re: [cabfpub] Preballot - Revised Ballot 190

Good summary, Peter. I can only say as someone who worked on Ballot 169 for over a year in the Validation Working Group (and who actually spearheaded it for many months, creating many updated drafts that showed changes from the prior seven domain validation methods, including elimination of

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 6:00 PM, Peter Bowen wrote: > > Yes, it does. We know that CAs can generate keys on behalf of the > subscriber, so it is clear that a public key is not required. This means > that a CA could take the request for “issue a certificate to example.com”, > do

Re: [cabfpub] Preballot - Revised Ballot 190

Pre-validation is a common practice. Here is scenario: 1 – a. Customer signs a contract with domains listed therein, or b. signs up for an account, obtains a username/password and submits domain names. 2 – CA starts the domain validation process 3 – Customer submits CSR 4 – CA

Re: [cabfpub] Preballot - Revised Ballot 190

I think the question is not whether it's "common", it's whether and where it's even permitted :) I mentioned the sections that define what constitutes what an Applicant must suggest as part of a certificate request, and a certificate request is what makes them an applicant. It sounds like the

Re: [cabfpub] Preballot - Revised Ballot 190

> On May 19, 2017, at 2:31 PM, Ryan Sleevi wrote: > > > > On Fri, May 19, 2017 at 5:16 PM, Peter Bowen wrote: > It was my intent and understanding that the 30 days had nothing to do with > 4.2.1 or 3.2.2.4’s reuse requirements or allowances. We wanted to

Re: [cabfpub] Preballot - Revised Ballot 190

Hi Ryan, I don’t think there’s anything in the BRs that says that particular validation steps must happen before other steps, so long as the appropriate time limits are honored. Your example where a CA finds an existing certificate for a prospective customer, validates everything in that

Re: [cabfpub] Preballot - Revised Ballot 190

How does that fit with the quoted Section 4.1.2? "The certificate request MUST contain a request from, or on behalf of, the Applicant for the issuance of a Certificate, and a certification by, or on behalf of, the Applicant that all of the information contained therein is correct." 1) If there

Re: [cabfpub] Preballot - Revised Ballot 190

On Fri, May 19, 2017 at 7:12 PM, Ben Wilson wrote: > With regard to timing and the sequence of events, I would think that it > shouldn’t matter too much as long as the steps comply with and meet the > Baseline Requirements. In other words, a CA should take steps to

Re: [cabfpub] Preballot - Revised Ballot 190

> On 19 May 2017, at 3:43 pm, Ryan Sleevi wrote: > > How does that fit with the quoted Section 4.1.2? > > "The certificate request MUST contain a request from, or on behalf of, > the Applicant for the issuance of a Certificate, and a certification by, or > on behalf

Re: [cabfpub] Preballot - Revised Ballot 190

> On May 19, 2017, at 3:07 PM, Ryan Sleevi wrote: > > > > On Fri, May 19, 2017 at 6:00 PM, Peter Bowen > wrote: > Yes, it does. We know that CAs can generate keys on behalf of the > subscriber, so it is clear that a public key is

Re: [cabfpub] Preballot - Revised Ballot 190

The initial process looks like this: a. A potential customer requests a service; b. CA authenticates the potential customer, checks its authorization to represent the Subject (if not Subject); c. The CA makes a decision whether or not the potential customer is an

Re: [cabfpub] Preballot - Revised Ballot 190

> On May 19, 2017, at 5:12 AM, Ryan Sleevi via Public > wrote: > > On Fri, May 19, 2017 at 2:00 AM, Kirk Hall via Public > wrote: > > > However, in our current discussion of Ballot 190, no such strong > > evidentiary showing has ever been made by