[cabf_validation] Working Group Minutes for Nov 17, 2016

陳立群 realsky at cht.com.tw
Thu Nov 24 04:15:23 MST 2016


Dear Jeremy,

 

       My first name is Li-Chun. My last name is Chen.

 

        My presentation file on Oct., 20 F2F meeting is as attached file.

 

1.      About Topic 1 in attached file page1 to page 8. For fixing UI in
Firefox about certificate details ,  I has filed a bug in  https
<https://bugzilla.mozilla.org/show_bug.cgi?id=1308755> ://
<https://bugzilla.mozilla.org/show_bug.cgi?id=1308755>
bugzilla.mozilla.org/show_bug.cgi?id=1308755 before F2F meeting by Gervase’
s suggestion.

 

         Mozilla said this bug has been marked as a duplicate of bug 500333
<https://bugzilla.mozilla.org/show_bug.cgi?id=500333> 

 

          Thanks for Dimitris Zacharopoulos, he said he will help me to
solve the problem in previous CP working group call. He has filed a bug to
Microsoft in
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/9829329
/ last week.

 

2.      About topic 2 in the presentation, because Ryan Sleevi said CT OID
is registered by Google, not IETF, and in page 22 of attached file, he said
he will vote no for 3 OIDs registered by Microsoft  to CA/Browser Forum, and
it seems Gervase did not agree to change.  Because Browsers have the right
of veto in CA/Browser Forum. So maybe we only need to solve EV Guideline
section 9.2.5 about 3 OIDs ‘s ASN.1 language. Thanks for Bruce and Peter’s
help.

 

Sincerely Yours,

 

               Li-Chun Chen

               Chunghwa Telecom

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of
Jeremy Rowley via Validation
Sent: Thursday, November 24, 2016 4:19 AM
To: validation (validation at cabforum.org)
Cc: Jeremy Rowley
Subject: [外部郵件] [cabf_validation] Working Group Minutes for Nov 17, 2016

 

Attendees: Ben, Tarah, Chris, Peter, Bruce, Jeremy, Tim H., Rick, Tyler, Tim
S, Li Chen, Jeremy, Doug

 

IP address ballot:

Tarah asked for a summary of what we learned on the domain validation ballot
that could apply here. Bruce explained we eliminated the seventh step in
domain validation and added four in. We can replicate this for the IP
ballot. Peter agreed. We struck the any other method by asking people to
contribute all their methods. The ballot should be straight forward –
strike #4 unless someone objects. Jeremy asked everyone to send additional
methods over before the next call. Jeremy offered to start a draft of
cleaned-up language. Peter reminded the group that if you contribute
something, you can’t later excluded it. Bruce asked what we should do about
practical demo. Peter said we should look at all the methods and make sure
they are similar to the domain-based validation methods. Jeremy summarized.
The first step is to gather the methods used. Second revise the language.
Tarah offered to assist in the language change. Peter proposed we remove
option 1 and 4 completely in the first version. Option 1 is a practical demo
on a website identified by the IP address. This leaves looking up the IP
address owner or do a reverse look up. Peter and Tarah said we should make
it as simple as possible. Doug thinks we should align this ballot with 169.
Doug would like to support a legal opinion method and other manual methods
to demonstrate control. 

 

CNAME record validation:

Jeremy is looking for two endorsers. This adds CNAME to the list of DNS
records permissible for checking control. Rick raised a concern that you
wouldn’t be able to have an A record. Peter explained that you can prefix
the domain name with an underscore character. Because we allow the prefix,
you can mix it with the others.  We already allow this for TXT records. This
adds another record type to check for the same data.

 

SRV ballot:

Peter explained that an RFC permits SRV names. You can specify the service
as well as a host name. This has two values. It allows you to specify a cert
that is allowed only for a set service. For protocols that use SRV locator
records, it allows delegation of the services to a provider without
delegating the whole host. This allows boot strapping. Peter said he’d
resend the RFC to the list. Under the BRs, there is a closed set of what can
be included in certs. This is outside of what is allowed. The ballot would
expand the allowed types to include SRV names. Jeremy said he is endorsing.
We’re looking for another endorser. Peter is going to check whether he can
propose/endorse. Jeremy will recirculate the ballot

 

OID changes:

Li Chen went through his proposal for fixing how the jurisdiction of
incorporation information in browsers. Peter reminded us that at the face to
face we decided to include ANS-1 syntax explicitly in the EV Guidelines.
Bruce said we should make the subject location information the same between
the BRs and EV Guidelines the same. This was discussed at the face to face.
Bruce volunteered to review the differences between the EV guidelines and
BRs. Peter offered to circulate language about the ANS-1 syntax.

 

Additional Items:

Chris suggested we look at verification databases. Chris will get something
together with Kirk and Bruce and present it.

 

Summary of tasks:

1.       Everyone will look on IP validation and send their methods. Jeremy
and Tarah will work on a draft ballot

2.       Jeremy will recirculate the CNAME ballot.

3.       Jeremy will send the SRV name ballot. Peter will resend the RFC

4.       Bruce will look at making the subject information consistent. Peter
will draft the ANS-1 language.

5.       Chris will look at the validation databases and make a proposal for
the next meeting.

 

 



本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20161124/f01186ac/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Chunghwatelecom-cabforum20161020v3.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 4402295 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20161124/f01186ac/attachment-0001.bin>


More information about the Validation mailing list