This also seems like it would be a good application for the CABF Github account:
https://github.com/cabforum/documents/blob/master/docs/BR.md On Wed, Mar 30, 2016 at 2:54 PM, Rick Andrews <[email protected]> wrote: > Peter, you've done a lot of work here, and I don't want to appear > ungrateful, but it's difficult to follow some of these changes. In the > past, others have submitted ballots with redlined Word or pdf docs to make > it easier to see exactly what is changing. Would it be possible to do that > for this ballot? > > -Rick > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Peter Bowen > Sent: Monday, March 28, 2016 5:27 PM > To: CABFPub <[email protected]> > Subject: [cabfpub] Draft Ballot - Baseline Requirements Corrections > > All, > > Here is the combined set of changes from the corrections thread. It does > not include allowing underscore in FQDNs nor does it allow U-labels in > commonName attributes, as these did not appear to have consensus. It does > include a basic proposed change to the allowable content of the > organizationName field of CA certificates, to match what is allowed in > non-CA certificates, as an attempt to incorporate feedback from discussion > on that topic. > > I’ve proposed making these immediately effective, as I did not hear people > calling out a need for time to implement. > > Thanks, > Peter > > ============= > > Ballot 1XX: Baseline Requirements Corrections > > The following motion has been proposed by Peter Bowen of Amazon and > endorsed by _____________ of _____________ and __________ of ____________: > > Background: > > A number of small corrections and clarifications to the Baseline > Requirements have been identified. These are, in general, changes that > reflect the existing understanding of the Baseline Requirements by the > Forum. Due to the understanding that these primarily represent existing > practice, they are combined for efficiency. > > -- MOTION BEGINS -- > > Effective the date of passage, the following modifications to the Baseline > Requirements are adopted: > > In Section 1.6.1: > - In the definition of "Applicant Representative", replace "and agrees to > the Certificate Terms of Use" with "the Terms of Use" and append "or is the > CA" at the end of the definition; > - In the definition of "Terms of Use", append "or is the CA" at the end of > the definition; > - In the definition of "Wildcard Certificate", replace "an asterisk (*) in > the left‐most position of any of the Subject Fully‐Qualified Domain Names" > with "a Wildcard DN in any of the Subject Alternative Name dNSNames"; > - Insert a new definition: "Wildcard Domain Name (Wildcard DN): A Domain > Name formed by prepending '*.' to a FQDN" > > In section 3.2.2.6: > - Replace "wildcard character (*)" with "Wildcard DN"; > - Replace "wildcard character occurs in the first label position to the > left of" with "FQDN portion of the Wildcard DN is"; > - Replace " a wildcard would fall within the label immediately to the left > of a registry‐controlled† or public suffix," with "so,"; > - Replace "“*.example.com” to Example Co." with "“*.example” if the > .example gTLD includes Specification 13 in its registry agreement". > > Move the content in section 3.3.1 to section 4.2.1 to become the third > paragraph in 4.2.1 and leave section 3.3.1 blank. > > In section 4.9.9, replace all occurrences of "RFC2560" with "RFC6960". > > In section 5.2.2, insert "CA" immediately before "Private Key". > > In section 6.1.2, append "without authorization by the Subscriber" to the > end of the first sentence. > > In section 6.1.6, update the last citation to read: "[Source: Sections > 5.6.2.3.2 and 5.6.2.3.3, respectively, of NIST SP 56A: Revision 2]" > > In section 6.2, in the second sentence, insert "CA" immediately before > both instances of "Private Key". > > In section 6.2.5, append "without authorization by the Subordinate CA" to > the end of the sentence. > > In section 7, insert the following introduction paragraph: > "All Certificates and Certificate Revocation Lists SHALL comply with RFC > 5280 and RFC 6818. They SHALL additionally comply with RFC3279, RFC4055, > RFC5480, RFC5756, RFC5758 as appropriate based on the Subject Public Key > Info and the Signature Algorithm present in the certificate." > > In sections 7.1.2.1(e) and 7.1.2.2(h) change the organizationName line to > read: > "- organizationName (OID 2.5.4.10): This field MUST be present and the > contents MUST contain either the Subject CA’s name or DBA as verified under > Section 3.2.2.2. The CA may include information in this field that differs > slightly from the verified name, such as common variations or > abbreviations, provided that the CA documents the difference and any > abbreviations used are locally accepted abbreviations; e.g., if the > official record shows “Company Name Incorporated”, the CA MAY use “Company > Name Inc.” or “Company Name”." > > Change the title of section 7.1.4.2 to "Subject Information - Subscriber > Certificates". > > In section 7.1.4.2.1, replace "Wildcard FQDNs are permitted." with > "Wildcard DNs are permitted as an exception to RFC5280 and X.509". > > In section 9.6.1 item 6: > - Insert "are the same entity or" immediately prior to "are Affiliated"; > - Remove "and accepted". > > In section 9.6.3, replace "agreement to the Terms of Use agreement." with > "acknowledgement of the Terms of Use." > > In section 9.6.3 item 2, replace "maintain sole control" with "assure > control". > > In the following sections, replace all occurrences of "Subscriber or Terms > of Use Agreement" with "Subscriber Agreement or Terms of Use". > - Section 1.6.1, in the definition of "Subscriber" > - Section 4.1.2 > - Section 4.9.1.1 > - Section 4.9.11 > - Section 9.6.1 > - Section 9.6.3 > > -- MOTION ENDS -- > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
