Inigo,

As I am working to migrate the EV Guidelines into the EV Code Signing Baseline Requirements I took a look at the mapping you provided for the EV Guidelines and noticed that you are proposing migration of EVG section 11.1 into section 3.2.1. This particular section is labeled "Method to prove possession of private key" in RFC 3647 so I don't think it is appropriate. I think it's best to create new subsections under 3.2.

Thanks,
Dimitris.

On 8/9/2023 7:54 μ.μ., Inigo Barreira wrote:

Hi all,

Attached you´ll find the EVG v1.8.0 with comments in all sections indicating where those sections, and the content, have been moved into the new EVG RFC3647 format. So, with this document, plus the redlined version, I hope you can have now a clearer view of the changes done.

Let me know if you need anything else to clarify the new version.

Regards

*De:* Inigo Barreira <[email protected]>
*Enviado el:* martes, 29 de agosto de 2023 17:06
*Para:* Tim Hollebeek <[email protected]>; Dimitris Zacharopoulos (HARICA) <[email protected]>; CA/B Forum Server Certificate WG Public Discussion List <[email protected]> *Asunto:* RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot

Thanks Dimitris and Tim.

I did something of that internally but didn´t reflect on the document, so will try to reproduce to have it clearer.

OTOH, and as indicated in the PR, the whole section 11 has been placed in section 3.2 keeping the rest of the numbering. So, for example:

EVG                                     EVG3647

11.1                                    3.2.1

11.1.1                                 3.2.1.1

11.1.2                                 3.2.1.2

11.1.3                                 3.2.1.3

11.2                                    3.2.2

11.2.1                                 3.2.2.1

….. ….

11.13                                  3.2.13

11.14                                  3.2.14

11.14.1                               3.2.14.1

11.14.2                               3.2.14.2

11.14.3                               3.2.14.3

Hope this can clarify the main difficult that I found in the document, where to place it and how.

Regards

*De:*Tim Hollebeek <[email protected]>
*Enviado el:* martes, 29 de agosto de 2023 16:59
*Para:* Dimitris Zacharopoulos (HARICA) <[email protected]>; Inigo Barreira <[email protected]>; CA/B Forum Server Certificate WG Public Discussion List <[email protected]> *Asunto:* RE: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Yes, exactly.  I would like to see a list that shows that EVG-classic section 1.4 is now in EVG-3647 section 4.1.  Then I can look at where the new text landed, see how the conversion was handled, we can all verify that nothing was lost or left out, etc.

Without that, anyone attempting to review the document is forced to recreate the mapping just to figure out where everything went and that nothing was missed or put in the wrong place. Redlines are not sufficient when large amounts of text are moving around to different places.

I’m saying this because from my spot-checking, the conversion appears to be pretty good, and I’d like to be able to do a final verification that it’s mostly correct so I can endorse.

-Tim

*From:*Dimitris Zacharopoulos (HARICA) <[email protected] <mailto:[email protected]>>
*Sent:* Tuesday, August 29, 2023 7:58 AM
*To:* Inigo Barreira <[email protected] <mailto:[email protected]>>; CA/B Forum Server Certificate WG Public Discussion List <[email protected] <mailto:[email protected]>>; Tim Hollebeek <[email protected] <mailto:[email protected]>> *Subject:* Re: [Servercert-wg] SC-065: Convert EVGs into RFC 3647 format pre-ballot

Hi Inigo,

You can take some guidance from previous successful efforts to convert existing documents into RFC 3647 format. The latest attempt was in the Code Signing BRs conversion in May 2022. Check out the mapping document and the comments in the ballot discussion period <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fpipermail%2Fcscwg-public%2F2022-May%2F000795.html&data=05%7C01%7CInigo.Barreira%40sectigo.com%7C745e9a7716ad496fd2c708dba8a083f5%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638289179605518540%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=I%2FvFPk7GebgbEFSqcHvazeciYyB7YrMV8iU%2FaWjzs8Y%3D&reserved=0>.

For each existing section/paragraph, it would be nice to have a comment describing where that existing language will land in the converted document (destination). This will allow all existing text to be accounted for.

During this process, you might encounter duplicate or redundant text which needs to be flagged accordingly. You might also get into some uncertainty as to which RFC3647 section is a best fit for existing text that might require additional discussion.

I hope this helps.


Dimitris.

On 29/8/2023 12:42 μ.μ., Inigo Barreira via Servercert-wg wrote:

    Hi Tim,

    See attached redlined and current versions. I just used what
    Martijn suggested yesterday but let me know if this is what you
    were looking for.

    Regards

    *De:*Tim Hollebeek <[email protected]>
    <mailto:[email protected]>
    *Enviado el:* lunes, 28 de agosto de 2023 19:49
    *Para:* Inigo Barreira <[email protected]>
    <mailto:[email protected]>; CA/B Forum Server Certificate
    WG Public Discussion List <[email protected]>
    <mailto:[email protected]>
    *Asunto:* RE: SC-065: Convert EVGs into RFC 3647 format pre-ballot

    CAUTION: This email originated from outside of the organization.
    Do not click links or open attachments unless you recognize the
    sender and know the content is safe.

    Thanks for doing this Inigo … I know re-organizations like this
    are a lot of work and fall very much in the category of “important
    but not fun”.  So thanks for taking an initial stab at this.

    Is there a mapping that shows where all the original text ended
    up?  I think that’s going to be essential for people to be able to
    review this.  I did some spot checking, and your conversion looks
    pretty good, but I wasn’t able to do a more detailed review
    without a mapping.

    -Tim

    *From:*Servercert-wg <[email protected]
    <mailto:[email protected]>> *On Behalf Of *Inigo
    Barreira via Servercert-wg
    *Sent:* Monday, August 28, 2023 5:20 AM
    *To:* CA/B Forum Server Certificate WG Public Discussion List
    <[email protected] <mailto:[email protected]>>
    *Subject:* [Servercert-wg] SC-065: Convert EVGs into RFC 3647
    format pre-ballot

    Hello,

    The current Extended Validation Guidelines (EVGs) are written in a
    non-standardized format. For many years it has been discussed to
    convert this document into the RFC 3647 format and follow the
    standardized model for this type of documents.

    Given that this has been known for several years, I have prepared
    the following ballot text, which converts the EVGs into the RFC
    3647 format:

    EVGs based on RFC3647 by barrini · Pull Request #440 ·
    cabforum/servercert (github.com)
    
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl.avanan.click%2Fv2%2F___https%3A%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F440___.YXAzOmRpZ2ljZXJ0OmE6bzoyOGIxNWVhZGVmZDlkZTM0NjQzZTA3YTlmYTA2MzM5YTo2OmExZWM6NGZmMGEzM2U0ZWZjOTU4MTM1NWRkNjU3ZDE5YjU3Y2YxNzg1NWU0ZTVjYzkzY2NjM2M0MWU5MzEyYzJmZTQ0NzpoOkY&data=05%7C01%7CInigo.Barreira%40sectigo.com%7C745e9a7716ad496fd2c708dba8a083f5%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638289179605518540%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2jhio9I%2BtrHrcID7wDE%2Bd0foKLLpWsWxg8JLyoaRRZs%3D&reserved=0>

    I am currently seeking two endorsers as well as any feedback on
    the ballot content itself (wording, effective dates, etc.).

    Thanks,

    _______________________________________________

    Servercert-wg mailing list

    [email protected]  <mailto:[email protected]>

    https://lists.cabforum.org/mailman/listinfo/servercert-wg  
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7CInigo.Barreira%40sectigo.com%7C745e9a7716ad496fd2c708dba8a083f5%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638289179605675225%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PEKvI1ROnN3jYvucjp92GYalUTrtp0nEGKL7fj0WiJ4%3D&reserved=0>

_______________________________________________
Servercert-wg mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Reply via email to