[cabfpub] Ballot 190 - Recording BR Version Number

Gervase Markham gerv at mozilla.org
Thu Jul 20 01:56:07 MST 2017

On 19/07/17 02:32, Wayne Thayer via Public wrote:
> /The CA SHALL maintain a record of which domain validation method,
> including relevant BR version number, they used to validate every domain. /
> While I understand the logic behind this, I’m concerned about the
> “relevant BR version number”. This could be interpreted in a number of
> imprecise ways. For instance, does ballot 202 require CAs to update
> their system to record compliance with changes to the definitions in
> some of the methods?

The BRs themselves require that you comply with the latest published
version. So I would expect that, each time a new version is released,
CAs evaluate the changes and plan to update their systems accordingly.
If the changes are material to domain validation, I would expect part of
that update to be changing the recording system to record that you are
now compliant with the new BR version. If they are not material to
domain validation, I would expect that update to be optional - in other
words, recording "1.7.3/" may be exactly the same as recording

> I suggest that we add version numbers to each of the 10 validation
> methods listed in the BRs and require CAs to record compliance with a
> specific version of the validation method for each domain they validate.
> This allows ballot authors to explicitly increment the version number of
> a given method when a material change is made, and provides clear
> guidance to CAs on what version number to record.

That would be another reasonable way of doing it, certainly.


(Note: on holiday from 7th-28th July)

More information about the Public mailing list