[cabf_validation] Ballot 218: Remove validation methods #1 and #5
Tim Hollebeek
tim.hollebeek at digicert.com
Wed Jan 3 12:36:48 MST 2018
Now that we don't have the automatic 7 day trigger, I thought it was
appropriate to start the discussion period. The ballot represents Comodo,
Digicert, and Google's current position. I understand other people have
different positions.
This ballot does not preclude other efforts to turn #1 into a usable
validation method. But as it is right now, it's horrible.
-Tim
From: Doug Beattie [mailto:doug.beattie at globalsign.com]
Sent: Wednesday, January 3, 2018 12:32 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>
Cc: validation (validation at cabforum.org) <validation at cabforum.org>
Subject: RE: Ballot 218: Remove validation methods #1 and #5
<Moved to Validation WG list>
Tim, I'm surprised you posted this to the public list when several CAs
expressed concern over removing method 1 and this was on our agenda to
discuss tomorrow. Why did we jump the gun here?
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Tim Hollebeek
via Public
Sent: Wednesday, January 3, 2018 2:22 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org
<mailto:public at cabforum.org> >
Subject: [cabfpub] Ballot 218: Remove validation methods #1 and #5
Ballot 218: Remove validation methods #1 and #5
Purpose of Ballot: Section 3.2.2.4 says that it "defines the permitted
processes and procedures for validating the Applicant's ownership or control
of the domain." Most of the validation methods actually do validate
ownership and control, but two do not, and can be completed solely based on
an applicant's own assertions.
Since these two validation methods do not meet the objectives of section
3.2.2.4, and are actively being used to avoid validating domain control or
ownership, they should be removed, and the other methods that do validate
domain control or ownership should be used.
The following motion has been proposed by Tim Hollebeek of DigiCert and
endorsed by Ryan Sleevi of Google and Rich Smith of Comodo.
-- MOTION BEGINS -
This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" as follows, based upon Version
1.5.4:
In Section 3.2.2.4.1, add text at the end: "For certificates issued on or
after March 1, 2018, this method SHALL NOT be used for validation, and
completed validations using this method SHALL NOT be used for the issuance
of certificates."
In Section 3.2.2.4.5, add text at the end: "For certificates issued on or
after March 1, 2018, this method SHALL NOT be used for validation, and
completed validations using this method SHALL NOT be used for the issuance
of certificates."
In Section 4.2.1, after the paragraph that begins "After the change to any
validation method", add the following paragraph: "Validations completed
using methods specified in Section 3.2.2.4.1 or Section 3.2.2.4.5 SHALL NOT
be re-used on or after March 1, 2018."
-- MOTION ENDS -
For the purposes of section 4.2.1, the new text added to 4.2.1 from this
ballot is "specifically provided in a [this] ballot."
The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time: 2017-01-03 19:30:00 UTC
End Time: Not Before 2017-01-10 19:30:00 UTC
Vote for approval (7 days)
Start Time: TBD
End Time: TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180103/7c982f71/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180103/7c982f71/attachment.p7s>
More information about the Validation
mailing list