[Servercert-wg] Document Versioning

Ryan Sleevi sleevi at google.com
Tue Aug 27 05:58:08 MST 2019

On Tue, Aug 27, 2019 at 3:42 AM Dimitris Zacharopoulos (HARICA) <
dzacharo at harica.gr> wrote:

> Dimitris: I'm wanting to make sure I understand your latest objection. You
> believe it is important to object to an attempt which can help CA
> understanding and compliance, because the numbers are not sequential, and
> because sequential numbers - which have to date harmed CA understanding and
> compliance - are how we've always done it, right?
> Not at all. If we want to signal a "significant change" to CAs and the
> ecosystem, all I'm saying is that we need to discuss what is the proper way
> to do that. Is it a "bump" in the version number? Is it a blog on our
> public web site? Is it both? Other ideas?

That is, in fact, an objection. You've just changed the objection from
sequentiality to not having been consulted, except this is exactly what the
Ballot process is intended for. If the suggestion now is earnest efforts to
solve well-understood problems with Ballots are somehow problematic, not
because the change itself is problematic, but because there wasn't some
pre-Ballot discussion - and perhaps the formation of a Pre-Ballot
Committee, and perhaps a subcommittee to explore the formation of a
Pre-Ballot Committee, etc.

Again, I know these are very direct statements, but I'm trying to cut to
the core and highlight that the amount of discussion here is entirely
disproportionate, and the reasons, while continually shifting, basically
boil down to that.

> My impression (and I don't know this for a fact) is that every change in
> the Guidelines is "significant enough" for CAs to pay attention. Perhaps
> this is why the numbers were sequential. Again, I would defer to the
> previous Chairs to clarify.

This is hardly the case and hardly supported by any data. This was the
exact motivation for skipping sequential numbers in the past.

> I'm sorry for not phrasing it correctly. This is clearly not what I wanted
> to convey so let me try again. When we have an existing unspecified
> practice in place (like the fact that the Chair adds a version number,
> updates the two tables and adds a table of contents), which has not been
> objected to for years, this is not a reason to consider it wrong, malicious
> or something that produces harm.

This is, unfortunately, again advocating that we should treat as canon
everything the Chair does, despite any support.

I'm fully supportive of following existing practices, and I'm fully
supportive that changes in practices should be accompanied with a Ballot.
Just as it would be unconscionable for the Chair to begin making up their
own interpretations and imposing this on the Forum - something a previous
Chair was in the habit of - it should be unconscionable to suggest we
cannot or should not Ballot things which, while they may differ from
existing practice, are attempts at doing the right thing.

Like, we can't insist the status quo, or kick it off to endless
discussions, when there are real problems we need to solve. If that's the
approach the Forum wants to take to addressing the security issues, perhaps
we should disband the Forum, because that's highly ineffective.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190827/c6949f95/attachment.html>

More information about the Servercert-wg mailing list