[cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

Dean Coclin Dean_Coclin at symantec.com
Sat Feb 11 19:14:06 UTC 2017

Minor changes to ballots have traditionally been allowed in the forum. "Minor" has been left to the discretion of the ballot producer/endorsers but we've seldom seen controversy over that.

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Scott Rea via Public
Sent: Saturday, February 11, 2017 1:57 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Scott Rea <scott at scottrea.com>
Subject: Re: [cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

G'day Gerv,

is it permissible to change the ballot applicability date without invalidating the ballot? I thought Ryan indicated earlier this week it was not possible to change anything once the ballot process had started...??

Can someone please clarify?


On 2/11/2017 9:49 PM, Gervase Markham via Public wrote:
> On 09/02/17 21:08, Ryan Sleevi via Public wrote:
>> Ballot 185 - Limiting the Lifetime of Certificates
>> The following motion has been proposed by Ryan Sleevi of Google, Inc 
>> and endorsed by Josh Aas of ISRG and Gervase Markham of Mozilla to 
>> introduce
> Having endorsed this, I confess I was thinking more about the maximum 
> certificate lifetime (which I do support as a target we need to get 
> to, and soon) than about the lead time - which, by the time this 
> ballot passes, will be about 2 months and a week. Given the level of 
> ongoing engagement with the question, having agreed to endorse I was 
> also a little surprised to see us enter the formal discussion period so soon.
> In one sense, the argument that "this is just a change of a number in 
> some certificate profiles" is right. In another sense, I accept that 
> it does take time to adjust customer expectations, even if the 
> different action required by said customer may be a year or more in the future.
> While it might be argued CAs should have asked their customers about 
> the potential impact of this change after previous discussions, it's 
> not reasonable to suggest that they should have been preparing them 
> for its enactment before any ballot was passed.
> There are some ways a lifetime ballot might be constructed to ease 
> this difficulty, some of which even keep a May date for this first 
> step, but they are not in the realm of the sort of minor adjustment 
> historically permitted to ballots during the formal discussion period.
> I therefore request that the applicability date in this ballot be 
> changed from 1st May 2017 to, at the earliest, 24th August 2017, 6 
> months after the ballot voting end date. 6 months has been floated 
> before as a reasonable lead time for high-impact changes, so I hope 
> this will remove that point of objection even for those who feel this 
> change is high-impact.
> As the voting period begins on Thu/Fri next week, I hope we can apply 
> this change soon, and continue from there with a process of thoughtful 
> listening and discussion on that basis.
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://clicktime.symantec.com/a/1/o8FTtIP44x5_vMa2c3DyH5L-da2_bAdjh5N
> lqrk5XQs=?d=HIHHEANkf_jNPxW-Au503ys7yftWHAPY6NCBeRKP6GmtBLZj14KQzChg5c
> -xPYqiwFAstuLUkGKFVeFOqOWw_goUM7hyIp3mCd7r00CV7m9ra7mEBc-Pq8-__sHpN1Tj
> yoFQ1vnqAiLf7FY-zq4nvVHV3WIkGxPwLNhwddn8kx4focNjAxexcChRwGs-M3d2fq7tmI
> tNG6S83h2RtcGsD-2_eG2fk9fiZErFqFPmWE7Br1SOS6_uMZ49z9n89CP6lWfWao7mdaWV
> kaWuMTVucXXxU7s8qWiKE7T9zs96sBLiC1jXJWpkoanCUFT5Enrz7n2DhEmRtykyHCzsqg
> ZXvst-jF3rODjdBT_LWkDDl_njjQ_Irp99LiiMGEDyVZXKunjnaY_dst9whfoM80ChRQKV
> mMjdh__1u7LDiYIDHYU%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistin
> fo%2Fpublic

Scott Rea, MSc, CISSP
Ph# (801) 874-4114
Public mailing list
Public at cabforum.org

More information about the Public mailing list