[cabf_validation] Minutes from the meeting of 2 August 2018

Ryan Sleevi sleevi at google.com
Fri Aug 10 10:43:38 MST 2018


On Fri, Aug 10, 2018 at 1:31 PM Wayne Thayer <wthayer at mozilla.com> wrote:

> If I'm understanding you correctly, you're suggesting that the date a
> domain/IP address validation is performed can be used as a versioning
> mechanism and thus we should consider including that information in the
> certificate. The question of how best to version validation methods keeps
> coming up, and if we are going to change it from the status quo (new
> version == new method number), then let's do it now before we begin
> requiring this information be included in a certificate. Having said that,
> I think the use of dates to identify versions of validation methods is a
> poor approach. It's an assumption rather than an assertion. Assuming that
> we end up using OIDs to encode the validation methods, I would recommend we
> encode method versions in the OID as 'OID ARC'.'method number'.'version
> number'.
>

Apologies for not being clearer - I agree that "change the text" = "change
the number" is, arguably, a far better outcome and result, even with its
trade-offs. I also agree that the date approach is inevitably heuristic -
and is only applicable in the case where we have situations of reusing
numbers, or which we allow a variety of levels of assurance to utilize the
same numbers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180810/05afe952/attachment.html>


More information about the Validation mailing list