Purpose of Ballot
This ballot resolves a number of issues to improve the clarity and consistency of these documents. Changes incorporated are listed in the commit log of the pull request, and include:
Motion
The following motion has been proposed by Martijn Katerbarg (Sectigo) and endorsed by Corey Bonnell (DigiCert) and Ryan Dickson (Chrome Root Program)
Motion Begins
MODIFY the "Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements") based on Version 2.1.1 as specified in the following redline:
Motion Ends
This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
Discussion (at least 7 days)
Vote for approval (7 days)
--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/2ecc3c21-3539-5ae2-d1c8-b304a6e09f9c%40opera.com.
Hi Tobias,
Thank you for the feedback. And thanks Henry for chiming in.
> The proposed ballot (and linked commit) change the latter to:
>"[...] a Network Perspective MUST observe the same challenge information
>(i.e. Random Value or Request Token) as the Primary Network Perspective."
>I wonder if this is intentional. The only valid "challenge information" in
>this context would be an IP address, and "Random Value" or "Request Token"
>are only given as examples and hermeneutics hopefully would lead one to
>conclude that they are not actually valid in the context of 3.2.2.4.8. So
>this change in the language may not even change what 3.2.2.4.8 requires,
>but to me, it seems that this change is simply removing clarity from the
>language, and I am not sure why that is something that we would want to
>do.
This feedback seems in line with the feedback Aaron gave on a different method. I’ll update this to state “To count as corroborating, a Network Perspective MUST observe the same IP address as the Primary Network Perspective.”, as it used to.
> I am still 50:50 undecided on whether I would have done this as
>part of a Cleanup Ballot myself, but with your added perspective I am OK
>to roll with it as it is.
I’d have the same concern if it would set stricter requirements. In this case, unless there’s more pushback, I’ll roll with it as-is.
I’ll launch a v3 due to the latest change on Monday.
Regards,
Martijn
-- You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.