<div dir="ltr">Let's Encrypt votes YES to Ballot SC7.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 1, 2019 at 10:31 AM Wayne Thayer via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org">servercert-wg@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt" id="gmail-m_8067948784512860690gmail-m_-4802691360389064142gmail-docs-internal-guid-877afacf-7fff-40cf-f5d9-12ad68197f29"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Purpose of Ballot: </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Ballot 169 removed Method 11 ("Any Other Method") from 3.2.2.4 and replaced it with explicit validation methods, but it's sibling in 3.2.2.5 item 4 is still in the Baseline Requirements.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">This ballot removes 3.2.2.5 item 4 and replaces it with an explicit list of IP validation methods.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The intention is that, moving forward, IP validation methods will be handled in the same way as domain-name validation methods, and CAs that want to use new methods or variants of existing methods must bring them to the Forum for scrutiny, first.</span></span></p><span style="font-family:"times new roman",serif"><br></span><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Doug Beattie of GlobalSign and Tim Hollebeek of DigiCert.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">-- MOTION BEGINS -- </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based on Version 1.6.2:</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Add the following to the table in section 1.2.2:</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Compliance: 2019-08-01; Section 3.2.2.5; Summary Description: CAs MUST follow revised validation requirements in section 3.2.2.5 and MUST keep a record of IP Address validation methods used.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Add the following definitions to section 1.6.1:</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">IP Address:</span><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> A 32-bit or 128-bit label assigned to a device that uses the Internet Protocol for communication.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">IP Address Contact:</span><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> The person(s) or entity(ies) registered with an IP Address Registration Authority as having the right to control how one or more IP Addresses are used.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">IP Address Registration Authority:</span><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> The Internet Assigned Numbers Authority (IANA) or a Regional Internet Registry (RIPE, APNIC, ARIN, AfriNIC, LACNIC).</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Replace Baseline Requirements section 3.2.2.5, in its entirety, with the following text:</span></span></p><h4 dir="ltr" style="line-height:1.295;margin-top:12pt;margin-bottom:2pt"><span style="font-family:"times new roman",serif"><span style="font-size:12pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5. Authentication for an IP Address</span></span></h4><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">This section defines the permitted processes and procedures for validating the Applicant’s ownership or control of an IP Address listed in a Certificate.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The CA SHALL confirm that prior to issuance, the CA has validated each IP Address listed in the Certificate using at least one of the methods specified in this section.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Completed validations of Applicant authority may be valid for the issuance of multiple Certificates over time. In all cases, the validation must have been initiated within the time period specified in the relevant requirement (such as Section 4.2.1 of this document) prior to Certificate issuance. For purposes of IP Address validation, the term Applicant includes the Applicant's Parent Company, Subsidiary Company, or Affiliate. </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">After July 31, 2019, CAs SHALL maintain a record of which IP validation method, including the relevant BR version number, was used to validate every IP Address.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Note: IP Addresses verified in accordance with this section 3.2.5 may be listed in Subscriber Certificates as defined in section 7.1.4.2 or in Subordinate CA Certificates via iPAddress in permittedSubtrees within the Name Constraints extension. CAs are not required to verify IP Addresses listed in Subordinate CA Certificates via iPAddress in excludedSubtrees in the Name Constraints extension prior to inclusion in the Subordinate CA Certificate. </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5.1. Agreed-Upon Change to Website</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Confirming the Applicant's control over the requested IP Address by confirming the presence of a Request Token or Random Value contained in the content of a file or webpage in the form of a meta tag under the "/.well-known/pki-validation" directory, or another path registered with IANA for the purpose of validating control of IP Addresses, on the IP Address that is accessible by the CA via HTTP/HTTPS over an Authorized Port. The Request Token or Random Value MUST NOT appear in the request. </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">If a Random Value is used, the CA SHALL provide a Random Value unique to the certificate request and SHALL not use the Random Value after the longer of (i) 30 days or (ii) if the Applicant submitted the certificate request, the timeframe permitted for reuse of validated information relevant to the certificate (such as in Section 4.2.1 of this document). </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5.2. Email, Fax, SMS, or Postal Mail to IP Address Contact</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Confirming the Applicant's control over the IP Address by sending a Random Value via email, fax, SMS, or postal mail and then receiving a confirming response utilizing the Random Value. The Random Value MUST be sent to an email address, fax/SMS number, or postal mail address identified as an IP Address Contact.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Each email, fax, SMS, or postal mail MAY confirm control of multiple IP Addresses.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The CA MAY send the email, fax, SMS, or postal mail identified under this section to more than one recipient provided that every recipient is identified by the IP Address Registration Authority as representing the IP Address Contact for every IP Address being verified using the email, fax, SMS, or postal mail.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The Random Value SHALL be unique in each email, fax, SMS, or postal mail.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The CA MAY resend the email, fax, SMS, or postal mail in its entirety, including re-use of the Random Value, provided that the communication's entire contents and recipient(s) remain unchanged.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The Random Value SHALL remain valid for use in a confirming response for no more than 30 days from its creation. The CPS MAY specify a shorter validity period for Random Values, in which case the CA MUST follow its CPS.</span></span></p><span style="font-family:"times new roman",serif"></span><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5.3. Reverse Address Lookup</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> Confirming the Applicant’s control over the IP Address by obtaining a Domain Name associated with the IP Address through a reverse-IP lookup on the IP Address and then verifying control over the FQDN using a method permitted under BR Section 3.2.2.4.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5.4. Any Other Method</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Using any other method of confirmation, including variations of the methods defined in BR Section 3.2.2.5, provided that the CA maintains documented evidence that the method of confirmation establishes that the Applicant has control over the IP Address to at least the same level of assurance as the methods previously described in version 1.6.2 of these Requirements.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">CAs SHALL NOT perform validations using this method after July 31, 2019. Completed validations using this method SHALL NOT be re-used for certificate issuance after July 31, 2019. Any certificate issued prior to August 1, 2019 containing an IP Address that was validated using any method that was permitted under the prior version of this section 3.2.2.5 MAY continue to be used without revalidation until such certificate naturally expires.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5.5. Phone Contact with IP Address Contact</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Confirming the Applicant's control over the IP Address by calling the IP Address Contact’s phone number and obtaining a response confirming the Applicant's request for validation of the IP Address. The CA MUST place the call to a phone number identified by the IP Address Registration Authority as the IP Address Contact. Each phone call SHALL be made to a single number.</span></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">In the event that someone other than an IP Address Contact is reached, the CA MAY request to be transferred to the IP Address Contact.</span></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">In the event of reaching voicemail, the CA may leave the Random Value and the IP Address(es) being validated. The Random Value MUST be returned to the CA to approve the request.</span></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The Random Value SHALL remain valid for use in a confirming response for no more than 30 days from its creation. The CPS MAY specify a shorter validity period for Random Values. </span></span></p><span style="font-family:"times new roman",serif"><br></span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><b><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5.6 ACME “http-01” method for IP Addresses</span></b></span></p><span style="font-family:"times new roman",serif"><br></span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Confirming the Applicant's control over the IP Address by performing the procedure documented for an “http-01” challenge in draft 04 of “ACME IP Identifier Validation Extension,” available at </span><a href="https://tools.ietf.org/html/draft-ietf-acme-ip-04#section-4" style="text-decoration:none" target="_blank"><span style="font-size:11pt;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://tools.ietf.org/html/draft-ietf-acme-ip-04#section-4</span></a><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">.</span></span></p><span style="font-family:"times new roman",serif"><br></span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><b><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">3.2.2.5.7 ACME “tls-alpn-01” method for IP Addresses</span></b></span></p><span style="font-family:"times new roman",serif"><br></span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Confirming the Applicant's control over the IP Address by performing the procedure documented for a “tls-alpn-01” challenge in draft 04 of “ACME IP Identifier Validation Extension,” available at </span><a href="https://tools.ietf.org/html/draft-ietf-acme-ip-04#section-4" style="text-decoration:none" target="_blank"><span style="font-size:11pt;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://tools.ietf.org/html/draft-ietf-acme-ip-04#section-4</span></a><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">.</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">-- MOTION ENDS --</span><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">*** WARNING ***: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">A comparison of the changes can be found at:</span><a href="https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC14---Phone-validation-updates" style="text-decoration:none" target="_blank"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">https://github.com/wthayer/documents/compare/wthayer:master...Ballot-SC7</span></a><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"></span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The procedure for approval of this ballot is as follows:</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Discussion (7+ days)</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Start Time: 2019-01-24 01:00 UTC</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">End Time: Not before 2019-01-31 01:00 UTC</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Vote for approval (7 days)</span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Start Time: <span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">2019-02-01 19:00 UTC</span></span></span></span></p><p dir="ltr" style="line-height:1.295;margin-top:0pt;margin-bottom:8pt"><span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">End Time: <span style="font-family:"times new roman",serif"><span style="font-size:11pt;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">2019-02-08 19:00 UTC</span></span></span></span></p></div></div></div>
_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
<a href="http://cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">http://cabforum.org/mailman/listinfo/servercert-wg</a><br>
</blockquote></div>