Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

2017-07-21 Thread Doug Beattie via Public
GlobalSign votes No. I’m sorry I didn’t spend more time on this during the review period, but I think it’s a mistake to define Domain Name to include wildcard values. I understand the issues with saying “Domain Name and Wildcard FQDN ” everywhere in the spec, but I’m sure we could have come

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

2017-07-21 Thread Ryan Sleevi via Public
How would that be different than the table in 1.2.1? On Fri, Jul 21, 2017 at 2:26 PM, Kirk Hall wrote: > Yes, or even a table at the end of the BRs - easy to do. > > -Original Message- > From: Ben Wilson [mailto:ben.wil...@digicert.com] > Sent: Friday, July

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

2017-07-21 Thread Kirk Hall via Public
Yes, or even a table at the end of the BRs - easy to do. -Original Message- From: Ben Wilson [mailto:ben.wil...@digicert.com] Sent: Friday, July 21, 2017 8:20 AM To: Ryan Sleevi ; CA/Browser Forum Public Discussion List ; Kirk Hall

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

2017-07-21 Thread Dean Coclin via Public
Symantec votes YES on Ballot 202. Dean Coclin -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling via Public Sent: Thursday, July 20, 2017 5:55 PM To: public@cabforum.org Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Re: [cabfpub] Ballot 190 - Recording BR Version Number

2017-07-21 Thread Ryan Sleevi via Public
On Fri, Jul 21, 2017 at 12:03 PM, Wayne Thayer via Public wrote: > [WT] The creation of a new version of the BRs is always the result of a > ballot, is it not? As a CA, we carefully monitor ballots that are approved > because they tell us what we need to change and when the

Re: [cabfpub] Ballot 190 - Recording BR Version Number

2017-07-21 Thread Wayne Thayer via Public
On 7/21/17, 6:22 AM, "Ryan Sleevi" wrote: On Fri, Jul 21, 2017 at 12:30 AM, Wayne Thayer via Public > [WT]Gerv’s suggestion is a reasonable interpretation, but another reasonable > interpretation is that CAs must increment the version number of the BRs that > they log

Re: [cabfpub] [Ext] .well-known and re-directs

2017-07-21 Thread Phillip Hallam-Baker via Public
I think that I broadly agree with Ryan on this but with possibly different argument. For me, the key issue is whether the validation mechanism provides evidence that the request comes from the intended party. The burden of proof for any validation mechanism is on the proposer. For HTTP

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

2017-07-21 Thread Ben Wilson via Public
Maybe someone could provide an example of how the BR version number would appear at the end of each validation method? For example, would it look like this? [BR 1.5.0] - with the implication that the method was allowed as of BR v. 1.5.0 going forward until the current version of the BRs? If

Re: [cabfpub] [Ext] .well-known and re-directs

2017-07-21 Thread Jeremy Rowley via Public
Thanks a ton for the reply, Ryan! {Didn't mean to make it sound urgent, but that same question keeps arising during the verification process} Your summary is correct, and my thinking aligned with yours - that we want a single request/response for verification. I was surprised Let's Encyrpt

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

2017-07-21 Thread Ryan Sleevi via Public
Hi Kirk, As we saw from the discussions of Ballot 190, the inclusion of additional information "for clarity's sake" can have the deleterious side-effect of changing both the meaning and interpretation. The clarifications that had previously been proposed had notable issues they introduced. So I

Re: [cabfpub] [Ext] .well-known and re-directs

2017-07-21 Thread Ryan Sleevi via Public
Hi Jeremy, Apologies for the delay in responding. Would this be a correct summary of the confusion: In HTTP, it is a Request/Response protocol. A request is made for a given resource, and a response is provided. Some responses include the resource directly requested (e.g. the 200/2xx series),

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

2017-07-21 Thread Kirk Hall via Public
Meant for public list -- see my response below. -Original Message- From: Ryan Sleevi [mailto:sle...@google.com] Sent: Thursday, July 20, 2017 6:09 PM To: Kirk Hall Subject: Re: [EXTERNAL]Re: [cabfpub] Ballot 190 - Recording BR Version Number Hi Kirk, Did

Re: [cabfpub] [Ext] .well-known and re-directs

2017-07-21 Thread Jeremy Rowley via Public
Is the lack of additional response agreement that “on the Authorization Domain” encompasses both the authorization domain names and redirects from an authorization domain name? From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Jeremy Rowley via Public Sent: Thursday, July 20,

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

2017-07-21 Thread Erwann Abalea via Public
Le 20 juil. 2017 à 23:13, Peter Bowen > a écrit : On Jul 20, 2017, at 11:02 AM, Erwann Abalea > wrote: Le 20 juil. 2017 à 16:52, Ryan Sleevi > a

Re: [cabfpub] Ballot 190 - Recording BR Version Number

2017-07-21 Thread Ryan Sleevi via Public
On Fri, Jul 21, 2017 at 12:30 AM, Wayne Thayer via Public wrote: > given CAs are already required to annually review their CP/CPS > [WT] I find it difficult to believe that it would be considered acceptable > for a CA to wait [up to] a year to update the version number of a