[cabfpub] Ballot 190 - Recording BR Version Number
Kirk.Hall at entrustdatacard.com
Thu Jul 20 17:19:11 MST 2017
Wayne, I think your idea has merit in this special situation – and it’s something we can probably accomplish without a ballot.
Statute books commonly have notations at the end of each statute showing all the times the statute was amended – often it will show year and public law number (in “reverse” order with the most recent first) so users can go back and find each law that affected a current statute.
When we compile the BRs after Ballot 190 passes, we can put the BR version number where each of the 10 methods was LAST amended by the Forum. That way, a CA who looks at the most recent BR compilation will know which methods have been recently amended, and which have not. No one has to use this information, but it would be easy to include in a footnote at the end of BR 188.8.131.52, and update when there is any further change.
Ben and I will discuss after Ballot 190 has passed.
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Wayne Thayer via Public
Sent: Tuesday, July 18, 2017 6:32 PM
To: public at cabforum.org
Subject: [EXTERNAL][cabfpub] Ballot 190 - Recording BR Version Number
Ballot 190 Includes the following statement in 184.108.40.206:
The CA SHALL maintain a record of which domain validation method, including relevant BR version number, they used to validate every domain.
While I understand the logic behind this, I’m concerned about the “relevant BR version number”. This could be interpreted in a number of imprecise ways. For instance, does ballot 202 require CAs to update their system to record compliance with changes to the definitions in some of the methods?
I suggest that we add version numbers to each of the 10 validation methods listed in the BRs and require CAs to record compliance with a specific version of the validation method for each domain they validate. This allows ballot authors to explicitly increment the version number of a given method when a material change is made, and provides clear guidance to CAs on what version number to record.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public