[cabf_validation] Notes of Validation WG Meeting 2017-Nov-16

Doug Beattie doug.beattie at globalsign.com
Mon Nov 20 05:27:35 MST 2017


Hi all,

I don't think that Ballot 192 (Latin Notary) was added to the BR spec.  Will this be in the next update?

Doug


From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Ben Wilson via Validation
Sent: Sunday, November 19, 2017 5:32 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Subject: [cabf_validation] Notes of Validation WG Meeting 2017-Nov-16

Here are my notes of our call last Thursday for the Validation WG, 11-16-2017.  Feel free to suggest changes.

Present:  Tim Hollebeek, Tom Ritter, Frank Corday, Ben Wilson, Bruce Morton, Rick Andrews, Robin Alden, Rich Smith, Ken Myers,

We reviewed the notes of the Face-to-Face meeting in Taiwan.  We reviewed backlog ballots.  SRV Names are currently being discussed on the list, and so that discussion can continue there.  Latin Notary clarification ballot (Ballot 192) already passed in June, and it is unclear whether this ballot is the same as that one.  So there is some confusion or miscommunication.  If changes need to be made, then we would need a new ballot.

Tim will circulate a ballot in about two weeks that clarifies the Random Value / Request Token / Nonce issues.

Use of Multiple Methods and/or Cross Methods as part of the same domain validation was discussed at the face-to-face meeting, but more follow-up on this topic is needed.  This issue might be cleared up more once the random value / request token / nonce topic is cleared up.  So we may have to wait on that effort first.

>From the F2F notes - document reuse and scope are still confusing and could use clarification.

The Validation WG could go through the Ballot 190 issues list.  Jeremy has the most current one and needs to circulate it on the list.
IP address validation could also use some work, clarification, etc.  Jeremy circulated a proposal on 1 October.  Ben hit re-send and re-circulated it.

CAA was also discussed at the F2F.  RFC 6844 discusses how CAA works, but it doesn't talk about failure cases (CNAME loops etc.), only when all of the calls succeed.  The recording of the discussion on CAA from the F2F is available if anyone wants to listen to it.  Rick will listen to it and provide some feedback.  We also need to see whether there is still support for a working group on CAA.  The F2F notes indicate that the Validation WG would create a normalization document.  The notes also indicate that there was discussion about modifying CAA to include indicators of brands and certificate types.

The WG discussed BR Section 7.1.4.3.1.b and the use of vanity CAs - that this concept is already well developed in current CA practice, but the baseline requirements need to be more explicit in indicating that this practice is allowed.

Bruce raised an add-on topic for discussion.  He had sent an email suggesting we delete outdated portions of the Baseline Requirements that talk about internal names and ICANN's adoption of gTLDs.  There was consensus in the group on the call that these provisions were outdated and should be deleted.  It was recommended that Bruce send his email to the Public list and note that the Validation WG didn't see any reason why this language couldn't be deleted.

Adjourned.

Next meeting at same time in 3 weeks on 7 Dec. 2017.  Ben will send out a meeting invite for WebEx.


Ben Wilson, JD, CISA, CISSP
DigiCert VP Compliance
+1 801 701 9678


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20171120/a6a39a7d/attachment-0001.html>


More information about the Validation mailing list