[cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

Ryan Sleevi sleevi at google.com
Fri Jul 21 08:08:11 MST 2017 

Hi Kirk,

As we saw from the discussions of Ballot 190, the inclusion of
additional information "for clarity's sake" can have the deleterious
side-effect of changing both the meaning and interpretation. The
clarifications that had previously been proposed had notable issues
they introduced.

So I don't think we can say there is no harm - and, in general, it
means even more work to maintain these documents - so I'm hoping we
can find a situation in which there is a single, well-understood path,
rather than attempting to restate it several times. Given that these
represent technical standards documents, and understanding that it
takes a degree of professional expertise to understand and interpret
them (much like any other standards document), it doesn't seem
entirely unfair to suggest that there may be elements that are
difficult for the lay-person, provided that they're unambiguous for
the practitioners.

On Fri, Jul 21, 2017 at 11:02 AM, Kirk Hall via Public
<public at cabforum.org> wrote:
> Meant for public list -- see my response below.
>
> -----Original Message-----
> From: Ryan Sleevi [mailto:sleevi at google.com]
> Sent: Thursday, July 20, 2017 6:09 PM
> To: Kirk Hall <Kirk.Hall at entrustdatacard.com>
> Subject: Re: [EXTERNAL]Re: [cabfpub] Ballot 190 - Recording BR Version Number
>
> Hi Kirk,
>
> Did you mean to omit the list?
>
> On Thu, Jul 20, 2017 at 9:08 PM, Kirk Hall <Kirk.Hall at entrustdatacard.com> wrote:
>> The two responses (Gerv's and mine) are not in conflict, and there is no harm in including the extra information in the BRs.  I'm a big believer in helping people avoid mistakes when it's easy to do.
>>
>> -----Original Message-----
>> From: Ryan Sleevi [mailto:sleevi at google.com]
>> Sent: Thursday, July 20, 2017 6:02 PM
>> To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Public
>> Discussion List <public at cabforum.org>
>> Cc: Wayne Thayer <wthayer at godaddy.com>
>> Subject: [EXTERNAL]Re: [cabfpub] Ballot 190 - Recording BR Version
>> Number
>>
>> Kirk,
>>
>> Given that the Forum already publishes its Ballots - and keeps track of changes within the documents - and given CAs are already required to annually review their CP/CPS (in addition to following the current published version), do you believe Gerv's response is not a perfectly reasonable and easy to accomplish approach?
>>
>> It would be useful to understand, given all the existing tools and practices, what's missing.
>>
>> On Thu, Jul 20, 2017 at 8:19 PM, Kirk Hall via Public <public at cabforum.org> wrote:
>>> Wayne, I think your idea has merit in this special situation – and
>>> it’s something we can probably accomplish without a ballot.
>>>
>>>
>>>
>>> Statute books commonly have notations at the end of each statute
>>> showing all the times the statute was amended – often it will show
>>> year and public law number (in “reverse” order with the most recent
>>> first) so users can go back and find each law that affected a current statute.
>>>
>>>
>>>
>>> When we compile the BRs after Ballot 190 passes, we can put the BR
>>> version number where each of the 10 methods was LAST amended by the
>>> Forum.  That way, a CA who looks at the most recent BR compilation
>>> will know which methods have been recently amended, and which have
>>> not.  No one has to use this information, but it would be easy to
>>> include in a footnote at the end of BR 3.2.2.4, and update when there is any further change.
>>>
>>>
>>>
>>> Ben and I will discuss after Ballot 190 has passed.
>>>
>>>
>>>
>>> From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Wayne
>>> Thayer via Public
>>> Sent: Tuesday, July 18, 2017 6:32 PM
>>> To: public at cabforum.org
>>> Subject: [EXTERNAL][cabfpub] Ballot 190 - Recording BR Version Number
>>>
>>>
>>>
>>> Ballot 190 Includes the following statement in 3.2.2.4:
>>>
>>>
>>>
>>> The CA SHALL maintain a record of which domain validation method,
>>> including relevant BR version number, they used to validate every domain.
>>>
>>>
>>>
>>> While I understand the logic behind this, I’m concerned about the
>>> “relevant BR version number”. This could be interpreted in a number of imprecise ways.
>>> For instance, does ballot 202 require CAs to update their system to
>>> record compliance with changes to the definitions in some of the methods?
>>>
>>>
>>>
>>> I suggest that we add version numbers to each of the 10 validation
>>> methods listed in the BRs and require CAs to record compliance with a
>>> specific version of the validation method for each domain they
>>> validate. This allows ballot authors to explicitly increment the
>>> version number of a given method when a material change is made, and
>>> provides clear guidance to CAs on what version number to record.
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Wayne
>>>
>>>
>>> _______________________________________________
>>> Public mailing list
>>> Public at cabforum.org
>>> https://cabforum.org/mailman/listinfo/public
>>>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list