[cabfpub] Allowing SHA-1 OCSP and CRL signatures past 2016

Ryan Sleevi sleevi at google.com
Wed Oct 26 15:47:11 UTC 2016 

On Oct 26, 2016 8:40 AM, "Kirk Hall via Public" <public at cabforum.org> wrote:
>
> Helpful suggestion, Gerv - thanks.
>
> On the question of whether our change of processes to comply with our IPR
Policy must be complete and immediate, I think about the prayer of the St.
Augustine who was trying to mend his ways: "Oh Lord, make me pure, but not
yet."
>
> After years of not following the exact procedures of our IPR Policy, we
have decided to pause new Guidelines changes that are not time critical in
order to get our existing Guidelines in order.  That process will be
complete by about Jan. 7, and new Maintenance Guidelines can then be
approved by about Feb. 15.  Unfortunately that is too late for Wayne's
amendment which needs to be approved by Dec. 31 to prevent CAs from being
out of compliance with current BR 7.1.3.  It seems everyone agrees that
Wayne's amendment makes sense.
>
> So how about this as an alternate plan?
>
> 1. We pass Wayne's ballot now in the "old" fashion - 7 days discussion, 7
days vote.  The change would then go into the "old" BRs so CAs can be
assured they will be in compliance after Dec. 31.  I don't think there
would be any criticism by regulators, etc. in doing this so long as we
continue to move toward full compliance with our IPR Policy.

This is not consistent with our bylaws. Knowing this, and having spent
several months discussion this, I don't believe this is a viable option.

> 2. This week we also modify Ballot 180 to include Wayne's amendment - we
treat this change as part of the 7 day discussion period that is currently
underway.  In this way, the new language will be adopted in accordance with
our IPR Policy, and there will be no gaps.

This makes 1 meaningless and, at best, symbolic - because it suggests 1 is
fait accompli.

I realize that you're ultimately trying to find solutions, and I appreciate
that. However, given your new role as Chair, I would request that this new
phase begin with more careful attention to the bylaws than perhaps afforded
in the past, so that we can avoid repeating the past mistakes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161026/17a984b8/attachment-0003.html>

More information about the Public mailing list