<div dir="ltr"><div dir="ltr">On Wed, Apr 24, 2019 at 1:52 PM Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div class="gmail-m_-8462522427603143505WordSection1"><p class="MsoNormal"><span style="font-size:11pt">Inline.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><div style="border-color:currentcolor currentcolor currentcolor blue;border-style:none none none solid;border-width:medium medium medium 1.5pt;padding:0in 0in 0in 4pt"><div><div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0in 0in"><p class="MsoNormal"><b><span style="font-size:11pt">From:</span></b><span style="font-size:11pt"> Infrastructure <<a href="mailto:infrastructure-bounces@cabforum.org" target="_blank">infrastructure-bounces@cabforum.org</a>> <b>On Behalf Of </b>Jos Purvis (jopurvis)<br><b>Sent:</b> Wednesday, April 24, 2019 1:47 PM<br><b>To:</b> <a href="mailto:infrastructure@cabforum.org" target="_blank">infrastructure@cabforum.org</a><br><b>Subject:</b> [Infrastructure] Questions from working through the BRs<u></u><u></u></span></p></div></div><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif">Forgot to raise these earlier, but I ran across some questions as I hacked my way through the BR content. I thought I’d raise them here to start, and then can </span><span style="font-size:10.5pt;font-family:Consolas">raise()</span><span style="font-size:10.5pt;font-family:"Georgia",serif"> </span><span style="font-size:11pt;font-family:"Georgia",serif">any that aren’t handled at this level to the SCWG for discussion.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif"><u></u> <u></u></span></p><ol style="margin-top:0in" type="1" start="1"><li class="gmail-m_-8462522427603143505MsoListParagraph" style="margin-left:0in"><span style="font-size:11pt;font-family:"Georgia",serif">In 1.6.1, under ‘Definitions’, we define ‘Effective Date’ as just ‘1 July 2012’. No context or anything else, just the date. Was that meant to be an example of an effective date, or the date the BRs became effective, or…?<u></u><u></u></span></li></ol><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;color:red">Effective Date of the BRs.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><ol style="margin-top:0in" type="1" start="2"><li class="gmail-m_-8462522427603143505MsoListParagraph" style="margin-left:0in"><span style="font-size:11pt;font-family:"Georgia",serif">The BRs seem to be now the exclusive ‘property’ of the SCWG, which then focuses them on TLS Client/Server certificates, with S/MIME and email certificates handed off to the nascent S/MIME WG. With that in mind, do we still need section 3.2.3 (“Authentication of Individual Identity”)?<u></u><u></u></span></li></ol><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;color:red">Individually validated TLS server certificates are still a thing.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><ol style="margin-top:0in" type="1" start="3"><li class="gmail-m_-8462522427603143505MsoListParagraph" style="margin-left:0in"><span style="font-size:11pt;font-family:"Georgia",serif">Not quite a question, but I think we should either remove all of the “No stipulations” or add them in everywhere—it looks kind of weird to have them in some places and not in others.<u></u><u></u></span></li></ol><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;color:red">IIRC “No stipulations” was explicitly added to sections that were discussed by the previously existing Policy Working Group. Sections that are still blank are blank because there wasn’t consensus that they should be blank.</span><span style="font-size:11pt"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><ol style="margin-top:0in" type="1" start="4"><li class="gmail-m_-8462522427603143505MsoListParagraph" style="margin-left:0in"><span style="font-size:11pt;font-family:"Georgia",serif">Should we prune section 6.1.5 to remove all of the key sizes that are now no longer usable, like MD5 and RSA-1024?<u></u><u></u></span></li></ol><p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;color:red">If people want, it can be handled in the spring cleanup ballot, which should be out for discussion soon (I’m waiting for Wayne’s Bylaw ballot to make ballots easier).<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt"><u></u> </span></p></div></div></div></blockquote><div><br></div><div>Working on it :-)</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div class="gmail-m_-8462522427603143505WordSection1"><div style="border-color:currentcolor currentcolor currentcolor blue;border-style:none none none solid;border-width:medium medium medium 1.5pt;padding:0in 0in 0in 4pt"><p class="MsoNormal"><span style="font-size:11pt"><u></u></span></p><ol style="margin-top:0in" type="1" start="5"><li class="gmail-m_-8462522427603143505MsoListParagraph" style="margin-left:0in"><span style="font-size:11pt;font-family:"Georgia",serif">Can we re-word the list in section 8.2 to make it more grammatically agreeable? :)<u></u><u></u></span></li><li class="gmail-m_-8462522427603143505MsoListParagraph" style="margin-left:0in"><span style="font-size:11pt;font-family:"Georgia",serif">It looks like sections 3.2.2.5.5 to 7 could use some re-wording to make them full sentences and turn them into requirements (they read like descriptions). Would that be a ballot for those changes, or simply a proposed wording change on the SCWG?<u></u><u></u></span></li></ol><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif"><u></u></span></p></div></div></div></blockquote><div><br></div><div>Those sections were modeled after 3.2.2.4, so I suspect there are more sections that could be improved. Given the importance of these sections, I'd like to see even minor clarifications go through the ballot process.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div class="gmail-m_-8462522427603143505WordSection1"><div style="border-color:currentcolor currentcolor currentcolor blue;border-style:none none none solid;border-width:medium medium medium 1.5pt;padding:0in 0in 0in 4pt"><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif"> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif">Cheers,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif">Jos<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Georgia",serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:9pt;font-family:Consolas;color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:9pt;font-family:Consolas;color:black">-- <br>Jos Purvis (<a href="mailto:jopurvis@cisco.com" target="_blank">jopurvis@cisco.com</a>)<br>.:|:.:|:. cisco systems | Cryptographic Services<br>PGP: 0xFD802FEE07D19105 | +1 919.991.9114 (desk)</span><span style="font-size:11pt"><u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p></div></div></div>_______________________________________________<br>
Infrastructure mailing list<br>
<a href="mailto:Infrastructure@cabforum.org" target="_blank">Infrastructure@cabforum.org</a><br>
<a href="http://cabforum.org/mailman/listinfo/infrastructure" rel="noreferrer" target="_blank">http://cabforum.org/mailman/listinfo/infrastructure</a><br>
</blockquote></div></div>