GoDaddy votes Yes.
From: Public on behalf of Kirk Hall via Public
Reply-To: CA/Browser Forum Public Discussion List
Date: Tuesday, April 25, 2017 at 10:45 PM
To: CA/Browser Forum Public Discussion List
Cc: Kirk Hall
Subject: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions
(ame
Jeremy,
>>If there are still concerns, should we drop the reuse language altogether?
I would support this ballot regardless of what explicit reuse language is
included, but I would like to see some explicit statement on reuse included,
even if the statement is “you can’t reuse data/documents fr
GoDaddy votes Yes.
Thanks,
Wayne
From: Public on behalf of Kirk Hall via Public
Reply-To: CA/Browser Forum Public Discussion List
Date: Tuesday, May 23, 2017 at 3:07 PM
To: CA/Browser Forum Public Discussion List
Cc: Kirk Hall
Subject: [cabfpub] Voting has started on Ballot 200 - Amendment
GoDaddy votes Yes.
From: Public on behalf of Ben Wilson via Public
Reply-To: CA/Browser Forum Public Discussion List
Date: Thursday, May 25, 2017 at 12:50 PM
To: CABFPub
Cc: Ben Wilson
Subject: [cabfpub] Ballot 201 - .onion Revisions
Ballot 201 - .Onion Revisions
This ballot is meant to c
Gerv,
Thanks for moving this forward. Overall I think this looks good and I will
endorse. I do however think that deliverable #2 could be clarified a bit. I’ll
propose the following:
2. For proposals involving replacement with an existing framework or standard,
details of the availability
GoDaddy votes Yes.
From: Public on behalf of Gervase Markham via
Public
Reply-To: CA/Browser Forum Public Discussion List
Date: Monday, June 5, 2017 at 1:07 PM
To: CABFPub
Cc: Gervase Markham
Subject: [cabfpub] Ballot 203: Formation of Network Security Working Group (v2)
[This replaces the
GoDaddy votes Yes.
From: Public on behalf of Gervase Markham via
Public
Reply-To: Gervase Markham , CA/Browser Forum Public
Discussion List
Date: Thursday, June 22, 2017 at 4:42 AM
To: CABFPub
Subject: [cabfpub] Ballot 205: Membership-Related Clarifications
Ballot 205: Membership-Related Cl
Forwarding on behalf on Li-Chun since his emails are currently being rejected…
On 7/6/17, 10:14 AM, "realsky(CHT)" wrote:
Chunghwa Telecom Co., Ltd. votes Yes for Ballot 205.
Li-Chun Chen
-
Mike Reilly
Ballot 190 Includes the following statement in 3.2.2.4:
The CA SHALL maintain a record of which domain validation method, including
relevant BR version number, they used to validate every domain.
While I understand the logic behind this, I’m concerned about the “relevant BR
version number”. Thi
Peter,
Would you consider adding ‘in the left most Domain Label’ to the definition of
Wildcard Domain Name? While the definition of Authorization Domain Name
contradicts this, it was pointed out to me that someone unfamiliar with the
history might misinterpret the new definition to allow someth
ot start
with “*.”.
Do either of these definitions of Wildcard Domain Name work for you?
Thanks,
Peter
On Jul 18, 2017, at 6:49 PM, Wayne Thayer via Public
mailto:public@cabforum.org>> wrote:
Peter,
Would you consider adding ‘in the left most Domain Label’ to the definition of
W
given CAs are already required to annually review their CP/CPS
[WT] I find it difficult to believe that it would be considered acceptable for
a CA to wait [up to] a year to update the version number of a validation method
after a material improvement is made to that method.
do you believe Gerv's
On 7/21/17, 6:22 AM, "Ryan Sleevi" wrote:
On Fri, Jul 21, 2017 at 12:30 AM, Wayne Thayer via Public
> [WT]Gerv’s suggestion is a reasonable interpretation, but another reasonable
> interpretation is that CAs must increment the version number of the BRs that
> they lo
The original concern I raised was with the ballot 190 requirement that CAs
begin to log the BR version number associated with the validation method used
on each request. My concerns are:
1. The BR version doesn’t clearly indicate when a validation method has
changed. As has been stated, the BR v
Ben – here’s a simple approach to versioning the entire section with changes in
ALL CAPS:
3.2.2.4. Validation of Domain Authorization or Control
This section defines VERSION 1 OF the permitted processes and procedures for
validating the Applicant's ownership or control of the domain.
The CA SHAL
Yes - It would be up to the author of the ballot to increment the version
number when a material change is made to any of the methods.
From: Kirk Hall
Date: Tuesday, August 1, 2017 at 4:54 PM
To: Wayne Thayer , Ben Wilson ,
CA/Browser Forum Public Discussion List , Gervase Markham
Subject: RE
GoDaddy votes yes.
Thanks,
Wayne
From: Public on behalf of Kirk Hall via Public
Reply-To: Kirk Hall , CA/Browser Forum Public
Discussion List
Date: Wednesday, August 30, 2017 at 7:52 AM
To: CA/Browser Forum Public Discussion List
Subject: [cabfpub] **Voting has started on Ballot 212: Canon
GoDaddy votes Yes.
From: Public on behalf of Kirk Hall via Public
Reply-To: Kirk Hall , CA/Browser Forum Public
Discussion List
Date: Friday, August 25, 2017 at 8:47 AM
To: CA/Browser Forum Public Discussion List
Subject: [cabfpub] Voting has started on Ballot 210 (NetSec Revisions)
Entrust
I have a question related to the (unchanged) requirement that the CA revoke the
certificate within 24 hours if ‘the subscriber requests in writing that the CA
revoke the Certificate’. Presumably, this is the subscriber sending an email to
the CA’s problem reporting email address. If so, I would
On 9/4/17, 2:22 AM, "Gervase Markham" wrote:
On 01/09/17 18:51, Wayne Thayer via Public wrote:
>> I have a question related to the (unchanged) requirement that the CA
>> revoke the certificate within 24 hours if ‘the subscriber requests in
>> wr
I’d suggest adding a topic on CAA implementation issues and how to address them.
Thanks,
Wayne
From: Public on behalf of Kirk Hall via Public
Reply-To: Kirk Hall , CA/Browser Forum Public
Discussion List
Date: Monday, September 11, 2017 at 4:43 PM
To: CA/Browser Forum Public Discussion List
Thanks Geoff. To be clear, does your proposed language require ‘authentication
of an NSEC RRset that proves that no DS RRset is present for this zone’ in
order to meet the new condition of the last item, or can an unauthenticated
query that returns no DS record be used to meet this condition? If
GoDaddy votes Yes.
From: Public on behalf of Kirk Hall via Public
Reply-To: Kirk Hall , CA/Browser Forum Public
Discussion List
Date: Tuesday, September 12, 2017 at 3:23 PM
To: CA/Browser Forum Public Discussion List
Subject: [cabfpub] Voting has started on Ballot 190
Voting has started on
GoDaddy votes Yes.
From: Public on behalf of Kirk Hall via Public
Reply-To: Kirk Hall , CA/Browser Forum Public
Discussion List
Date: Thursday, September 28, 2017 at 9:42 AM
To: CA/Browser Forum Public Discussion List
Subject: [cabfpub] Voting has started on Ballot 215 - Fix Ballot 190 Errat
>>I do not believe that's not been a concern of any Forum mailing list to date,
>>because that's now how the Forum has operated its mailing lists.
This is precisely how the Forum operates its lists – questions@ in particular,
but all the others as well. And while Eddy Nigg was the long-time ques
ntive concern.
On Wed, Oct 11, 2017 at 1:18 PM, Dean Coclin
mailto:dean_coc...@symantec.com>> wrote:
I’m currently responding to questions as best I can. We haven’t had much volume
on that list though.
Dean
From: Public
[mailto:public-boun...@cabforum.org<mailto:public-boun...@cabforum.org>] O
At this time, both Ben and I have access to moderate all the lists.
From: Ryan Sleevi
Date: Wednesday, October 11, 2017 at 11:03 AM
To: Wayne Thayer
Cc: Dean Coclin , CA/Browser Forum Public Discussion
List , Gervase Markham
Subject: Re: [cabfpub] Ballot 213 - Revocation Timeline Extension
Ah
Virginia,
As Ryan stated, this requirement is about constraining the liability limits
that CAs are allowed to place in their SA/RPA(s). If the CA isn’t permitted to
enter in to an agreement with a liability limit lower than what is specified by
the CA/B Forum and enforced by the root programs
The EV process is intended to gather a robust body of information about the
Subject that, when viewed collectively, "provides users with a trustworthy
confirmation of the identity of the entity". James and later Ryan have
pointed out a weakness in the standard where incorrect data from a single
dat
This is indeed a difficult problem. Mozilla would like the membership
criteria for browsers to reflect the role of making CA trust decisions
while remaining as open and inclusive as possible. The existing rule has
been in place for many years and hasn’t been abused. Note that Comodo
launched their
Matthias,
I think you've raised a valid point. I'm working on ballot 213 "Revocation
Timeline Extension" that makes changes to this section of the BRs, and I
will draft some language to attempt to address this. If you have any ideas
on how this requirement should be stated, please let me know.
Th
On Mon, Jan 8, 2018 at 9:46 AM, Tim Hollebeek via Public <
public@cabforum.org> wrote:
> I’m not sure there are other valid cases (in fact I suspect there are
> not), but Wayne mentioned on the validation WG call that he’s concerned
> that this change could be very disruptive if not handled carefu
Thank you Ben, Virginia, and WG members for all your hard work to get us to
this point. I reviewed these documents and have just a few comments:
My main question is about our bi-weekly teleconference. In Ben’s latest
draft Server Certificate WG charter, this call appears to be defined as a
Server
On Mon, Jan 15, 2018 at 7:56 AM, Tim Hollebeek
wrote:
>
> What are we going to do about continuity of existing working groups (old
> terminology, not new)? Is it necessary for the Server Certificate Working
> Group Charter to say anything about sub-working groups (I wish we hadn't
> used the exi
On Fri, Jan 19, 2018 at 12:03 PM, Virginia Fournier via Public <
public@cabforum.org> wrote:
> Yes, a Working Group can form its own subcommittees within itself.
>
I don't think this statement is obviously true. The current bylaws define
these "subcommittees" (called Working Groups) - the new by
Thanks Dean!
On Tue, Jan 23, 2018 at 11:50 AM, Dean Coclin
wrote:
>
>1.
>2. Initial chairs: Yes, unless otherwise decided by the working group
>(as currently stated in the document)
>
> 'Yes, in the future, newly elected forum chairs automatically become
chairs of the Server Certifi
Mozilla votes Yes on Ballot 218.
Wayne
On Mon, Jan 29, 2018 at 2:51 PM, Tim Hollebeek via Public <
public@cabforum.org> wrote:
>
>
> I’m highly skeptical that discussing this for another month will change
> anybody’s minds. It has already been discussed for over a month, including
> at three v
Gerv and I, with support from Tim as chair of the Validation Working Group,
would like to dedicate the entire first day (Tuesday) of the upcoming
meeting hosted by Amazon to a “Validation Summit” where security experts
help us to review all of the existing domain validation methods. Doing this
woul
On Fri, Feb 2, 2018 at 12:38 PM, James Burton wrote:
> I would like to spend some time in discussing extended validation vetting.
> I feel that extended validated is not vetted to enough to acceptable
> standards.
>
I want to be careful about trying to accomplish too much at this meeting.
The Val
On Fri, Feb 2, 2018 at 12:44 PM, Ryan Sleevi wrote:
> Note that Interested Parties cannot participate in meetings, whether F2F
> or Phone, unless explicitly invited, nor participate on the Wiki or Members
> mail list.
>
> Agreed. The intent is for the Chair to extend meeting invitations to the
In
We're interpreting the bylaws as requiring the Chair to invite Interested
Parties to attend WG teleconferences, correct? If the reason for this only
applies to F2F Meetings as Dean suggests, then I suggest that we update the
new bylaws to allow Interested Parties to attend WG teleconferences withou
This question (what is being certified?) will be one of the first topics on
the agenda for the Validation WG meeting in Virginia.
On Mon, Feb 5, 2018 at 12:19 AM, Adriano Santoni via Public <
public@cabforum.org> wrote:
> I agree. Before re-discussing the various 3.2.2.4 methods, we should first
Kirk,
To avoid any concerns over the meaning of the bylaws with respect to having
Interested Parties attend WG teleconferences, will you please extend an
invitation to Interested Parties to attend the March 1, 2018 Validation
Working Group teleconference? We intend to use the call for planning and
Mozilla ha published a list of problem reporting mechanisms (mostly email
addresses) for all root CAs in our program. It is the first link under
'Information for the Public' at
https://wiki.mozilla.org/CA#Information_for_the_Public
Wayne
On Mon, Feb 19, 2018 at 4:05 PM, Kirk Hall via Public
wrot
Mozilla votes Yes on ballot 220.
Wayne
On Fri, Mar 23, 2018 at 3:40 AM, Tim Hollebeek via Public <
public@cabforum.org> wrote:
>
>
> Ballot 220: Minor Cleanups (Spring 2018)
>
>
>
> Purpose of Ballot: This ballot corrects two incorrect cross-references and
> one terminology error.
>
>
>
> The fo
Mozilla votes YES on ballot 206.
On Tue, Mar 27, 2018 at 8:20 PM, Virginia Fournier via Public <
public@cabforum.org> wrote:
>
> Ballot 206: Amendment to IPR Policy & Bylaws re Working Group Formation
>
> Purpose of Ballot: This ballot is the result of the work done by the
> CA/Browser Forum (th
Mozilla votes Yes on ballot 219.
On Tue, Apr 3, 2018 at 9:13 AM, Corey Bonnell via Public <
public@cabforum.org> wrote:
> Ballot 219 v2: Clarify handling of CAA Record Sets with no
> "issue"/"issuewild" property tag
>
>
>
> Purpose of this ballot:
>
>
>
> RFC 6844 contains an ambiguity in regard
At this point there are enough inconsistencies between cablint and zlint
that I find both valuable.
For example:
https://crt.sh/?caid=1661&opt=cablint,zlint&minNotBefore=2017-01-01
- Wayne
On Mon, Apr 16, 2018 at 5:00 AM, Doug Beattie via Public <
public@cabforum.org> wrote:
> Hi Dave,
>
>
>
>
Ballot 224: WHOIS and RDAP
Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the
successor to WHOIS, and this ballot adds explicit support for RDAP to the
BRs by adding a definition of "WHOIS". The new definition permits the use
of the registry or registrar's web interface, and requir
Mozilla votes yes on ballot 223 v2.
On Mon, May 7, 2018 at 9:49 PM Dimitris Zacharopoulos via Public <
public@cabforum.org> wrote:
> The following motion has been proposed by Dimitris Zacharopoulos of HARICA
> and endorsed by Moudrick M. Dadashov of SSC and Tim Hollebeek from
> Digicert.
>
> *Bac
Since there has been no discussion, I plan to begin the voting period on
this ballot tomorrow.
On Thu, May 3, 2018 at 12:02 PM Wayne Thayer wrote:
> Ballot 224: WHOIS and RDAP
>
> Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the
> successor to WHOIS, and this ballot adds explic
Ballot 224: WHOIS and RDAP
Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the
successor to WHOIS, and this ballot adds explicit support for RDAP to the
BRs by adding a definition of "WHOIS". The new definition permits the use
of the registry or registrar's web interface, and requir
Mozilla votes Yes on Ballot 224.
- Wayne
On Tue, May 15, 2018 at 12:21 PM Wayne Thayer wrote:
> Ballot 224: WHOIS and RDAP
>
> Purpose of Ballot: The Registry Data Access Protocol (RDAP) is the
> successor to WHOIS, and this ballot adds explicit support for RDAP to the
> BRs by adding a definit
Lat year, Jeremy proposed changes to section 4.9 of the BRs. I'd like to
revive that discussion with the following ballot proposal:
https://github.com/cabforum/documents/compare/master...wthayer:patch-1
Summary of Changes:
* The first change creates a tiered timeline for revocations. The most
crit
On Wed, May 16, 2018 at 1:19 PM Ryan Sleevi wrote:
>
> On Wed, May 16, 2018 at 4:00 PM, Wayne Thayer via Public <
> public@cabforum.org> wrote:
>
>> Lat year, Jeremy proposed changes to section 4.9 of the BRs. I'd like to
>> revive that discussion with the
On Fri, May 18, 2018 at 9:02 AM Ryan Sleevi via Public
wrote:
> Do we really need "one or more"? Isn't that the same problem of "We may or
> may not boil the ocean along the way"?
>
> <
+1
>
> Concrete deliverables, along with lightweight rechartering, is a model
> that most SDOs have successful
I'm unable to locate a redline of the changes in this final version of the
ballot, making it difficult to vote. Is this not a "Draft Guideline Ballot"
that should be clearly labeled as proposing a Final Maintenance Guideline,
and that requires a redline be provided?
- Wayne
On Tue, May 22, 2018 a
On Wed, May 23, 2018 at 5:21 AM Tim Hollebeek
wrote:
> People fought pretty hard for the ability to post ballots without
> redlines; this isn’t the first by far. I actually opposed that and lost.
>
>
>
>
I looked at the last handful of ballots. All of them (224, 223, 220, 219,
and 218) included
h-1
On Thu, May 17, 2018 at 1:17 AM Kirk Hall
wrote:
> I will add this to the Agenda for the F2F plenary session in London
>
>
>
> *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Wayne
> Thayer via Public
> *Sent:* Wednesday, May 16, 2018 1:00 PM
> *
The part that I find unclear is how one becomes a member of the Server
Certificate WG. The charter defines membership criteria but there doesn't
appear to be a process for adding members at the WG level.
On Wed, Jun 27, 2018 at 10:21 AM Kirk Hall via Public
wrote:
> Summary based on quotes from
I've proposed a ballot that would require validation methods to be
documented in publicly trusted certificates:
https://cabforum.org/pipermail/validation/2018-June/000917.html
And have since received some feedback and revised it:
https://cabforum.org/pipermail/validation/2018-June/000953.html
P
How are the concerns that were raised by Microsoft (copied below for
reference) addressed in this version? If the intent is for the language in
section 2.g(iv) to only apply to periodic, policy-driven password changes
and not to prevent event-driven changes, I think that should be clarified.
* How
On Fri, Jul 13, 2018 at 4:50 AM Tim Hollebeek
wrote:
> Do you have proposed modifications that would address these questions? I
> would be happy to incorporate them.
>
>
>
How about this:
iv. Frequent password changes have been shown to cause users to
select less
secu
Mozilla abstains on ballot SC2. While I do believe this method is beneficial, I
have a few concerns that can be addressed with more time:
- the concerns that Google raised were never clearly resolved on the list.
- the reference to “domain being validated” in the appending is unclear. Is
that t
Jos - I have a few minor comments:
* I would like the ballot to either define the initial chair, or define a
method for electing that person. I see no reason to wait until the WG is
formed to figure that out.
* I would like the minimum quorum for a vote to always be 'the larger of 5
or the average
Looks good Jos, just a few suggested tweaks:
The proposer of the ballot, Jos Purvis, will act as chair of the Working
Group until the first Working Group Teleconference, at which time the group
will select a chair and vice-chair either through election or acclamation
of those present. The chair an
I understood that my comment on the phrase "domain being validated" in the
appendix would be addressed in this ballot?
On Fri, Aug 3, 2018 at 9:19 AM Tim Hollebeek via Servercert-wg <
servercert...@cabforum.org> wrote:
> I expect the email address would be the entirety of the RDATA for the RR,
>
On Fri, Aug 3, 2018 at 2:01 PM Tim Hollebeek
wrote:
> Does changing that noun phrase to Authorization Domain Name address your
> concern?
>
>
> Yes, that fixes the issue.
___
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/
ublic
> To: Wayne Thayer , CA/Browser Forum Public Discussion
> List
> Sent: Fri, 22 Jun 2018 9:13
> Subject: Re: [cabfpub] [EXTERNAL] Reviving Ballot 213 - Revocation
> Timeline Extension
>
> I’ll endorse this.
>
>
>
> -Tim
>
>
>
> *From:* Public [mailto:public
This begins the formal discussion period for ballot SC6.
==
Ballot SC6: Revocation Timeline Extension
Purpose of Ballot:
Section 4.9.1.1 of the Baseline Requirements currently requires CAs to
revoke a Subscriber certificate within 24 hours of identifying
nce is to avoid any change that could
derail this ballot.
Thanks, Bruce.
>
>
>
> *From:* Public [mailto:public-boun...@cabforum.org] *On Behalf Of *Wayne
> Thayer via Public
> *Sent:* August 13, 2018 4:58 PM
> *To:* CA/B Forum Server Certificate WG Public Discussion List <
Apologies for the off-topic post. For those who participate in the
mozilla.dev.security.policy forum, please read on:
I discovered earlier this afternoon that delivery of messages to the
Mozilla list are being delayed by more than 24 hours, apparently due to
some recent infrastructure changes. I d
On Thu, Aug 16, 2018 at 2:13 PM Curt Spann wrote:
> Hi Wayne,
>
> Have you considered adding language to address what happens if the domain
> registration is sold or transferred to other person/org? I am thinking of
> the scenario where a person buys a domain name and would like the
> previously
On Thu, Aug 16, 2018 at 3:10 PM Geoff Keating wrote:
> I see we’re changing "The CA determines that any of the information
> appearing in the Certificate is inaccurate or misleading” to remove “or
> misleading”.
>
> With that change, is there still an equivalent for non-wildcard
> certificates of
Thanks for pulling this together Tim. I would also be happy to endorse once
we get it cleaned up. I noticed a few wording issues - can we put this on
GitHub and collaborate there? I'm happy to do that if you'd like.
Wayne
On Fri, Aug 17, 2018 at 9:56 AM Tim Hollebeek via Servercert-wg <
servercer
envision that could expose a subscribers Private Key that are not also
>> consistent with #3?
>>
>>
>>
>> While this is the same argument that I've made in the past, I think the
>> goal here is to reduce ambiguity for those that might take a tortured
>> r
gt;> had access to it, or there exists a practical technique by which an
>> unauthorized person may discover its value. A Private Key is also
>> considered compromised if methods have been developed that can easily
>> calculate it based on the Public Key (such as a Debian we
Mozilla votes Yes on ballot FORUM-1.
- Wayne
> *From: *Public on behalf of CA/B Forum
> Public List
> *Reply-To: *"Jos Purvis (jopurvis)" , CA/B Forum
> Public List
> *Date: *Sunday, 12 August, 2018 at 22:47
> *To: *CA/B Forum Public List
> *Subject: *[cabfpub] (Final? Update) Ballot FORUM-1
On Mon, Aug 20, 2018 at 1:43 PM Doug Beattie
wrote:
> Tim,
>
>
>
> I agree that Vulnerability is different from key compromise and the
> actions we take should reflect that and I think we should try to keep 12
> and 13 type events in the 5-day list.
>
>
>
> Is our strategy to have vulnerabilities
On Tue, Aug 21, 2018 at 2:15 PM Bruce Morton via Public
wrote:
> BR 6.1.1.3 states “The CA SHALL reject a certificate request if the
> requested Public Key does not meet the requirements set forth in Sections
> 6.1.5 and 6.1.6 or if it has a known weak Private Key (such as a Debian
> weak key, se
Doug,
On Thu, Aug 23, 2018 at 12:26 PM Doug Beattie
wrote:
> Wayne and Ryan,
>
>
>
> I received some good out-of-band suggestions so I’m passing those along.
>
>
>
> Generally - though not always (e.g. zero days) - attacks are seen as
> 'possible', then 'feasible' before they become 'demonstrabl
Here is version 2 of this ballot, incorporating many of the improvements
that have been proposed. The original discussion period began more than 14
days ago, so per the bylaws this is the start of a new discussion period,
and voting can begin no sooner than 7 days from now.
===
On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton <
bruce.mor...@entrustdatacard.com> wrote:
> Works for me.
>
> Bruce.
>
> On Aug 29, 2018, at 10:29 AM, Ryan Sleevi wrote:
>
> Just to confirm: Your concern is about the CA feeling that the evidence
> does not meet any of the requirements to revoke, an
On Wed, Aug 29, 2018 at 9:05 AM Ryan Sleevi wrote:
>
>
> On Wed, Aug 29, 2018 at 11:53 AM Wayne Thayer wrote:
>
>> On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton <
>> bruce.mor...@entrustdatacard.com> wrote:
>>
>>> Works for me.
>>>
>>> Bruce.
>>>
>>> On Aug 29, 2018, at 10:29 AM, Ryan Sleevi wro
On Thu, Aug 30, 2018 at 10:42 AM Ryan Sleevi wrote:
> Thanks Wayne.
>
> I know you're intentionally avoiding the controversial cleanups with this
> specific Ballot, so it will be good to have a follow-on discussion for
> those matters, as CAs will no doubt having to make only one update to their
On Thu, Aug 30, 2018 at 6:24 PM Ryan Sleevi wrote:
>
>
> On Thu, Aug 30, 2018 at 6:41 PM Wayne Thayer via Servercert-wg <
> servercert...@cabforum.org> wrote:
>
>> On Thu, Aug 30, 2018 at 10:42 AM Ryan Sleevi wrote:
>>
>>> Thanks Wayne.
>>>
>>> I know you're intentionally avoiding the controvers
Mozilla votes Yes to ballot SC8
- Wayne
On Thu, Aug 30, 2018 at 8:01 AM Kirk Hall via Public
wrote:
> *Ballot SC8: Election of Server Certificate Working Group Chair – Term
> Nov. 1, 2018 – Oct. 31, 2020*
>
>
>
>
>
> *-Motion begins-*
>
>
>
> In accordance with Bylaw 4.1(c), *Dimitris Zacharop
On Fri, Aug 31, 2018 at 9:21 AM Ryan Sleevi wrote:
>
>
> On Fri, Aug 31, 2018 at 12:10 PM Wayne Thayer wrote:
>
>> But aren't these distinct organizations?
>>>
>> >
>> In what sense? Certainly in the physical world they are the same.
>>
>
> In the information being reported in the certificate. O
Here is version 3 of this ballot, incorporating changes to v2 suggested by
Bruce and Ryan (thanks!).
I noticed that our current bylaws have reverted back to a fixed-length
discussion period, so I have changed this version to comply.
==
Ballot SC6 version 3
On Tue, Sep 4, 2018 at 11:10 AM Ryan Sleevi via Servercert-wg <
servercert...@cabforum.org> wrote:
>
> On Tue, Sep 4, 2018 at 1:53 PM Dimitris Zacharopoulos
> wrote:
>
>> The CA will still get an "unclean" report anyway because of the RFC5280
>>> violation or the mis-issuance per se, we are not d
Bylaws section 2.3 ("General Provisions Applicable to all Ballots") says
"Any proposed ballot needs two endorsements by other Members in order to
proceed." The language in section 4 describing "confirmation ballots" and
"election ballots" appears to fall under this requirement.
On Thu, Sep 6, 2018
On Fri, Sep 7, 2018 at 7:26 AM Tim Hollebeek
wrote:
> This is correct. The ballot requirements for endorsers and discussion
> periods applies to _*all*_ ballots. The bylaws are pretty clear on that;
> it’s even in the title of section 2.3.
>
>
>
> The fact that 4.1(c) of the bylaws requires a b
This ballot entered the voting period late on Friday. Voting ends this
Friday 2018-09-14 at 20:00 UTC.
On Fri, Aug 31, 2018 at 12:51 PM Wayne Thayer wrote:
> Here is version 3 of this ballot, incorporating changes to v2 suggested by
> Bruce and Ryan (thanks!).
>
> I noticed that our current byla
Mozilla votes Yes to ballot SC6 v3.
- Wayne
On Mon, Sep 10, 2018 at 11:54 AM Wayne Thayer wrote:
> This ballot entered the voting period late on Friday. Voting ends this
> Friday 2018-09-14 at 20:00 UTC.
>
> On Fri, Aug 31, 2018 at 12:51 PM Wayne Thayer wrote:
>
>> Here is version 3 of this ba
This ballot doesn't appear to account for any of the scoping proposed or
concerns raised in this thread:
https://cabforum.org/pipermail/public/2018-July/013736.html
If the intent here is that conversion of an existing WG binds the new
subcommittee to the original scope of the WG, then that should
Kirk,
My concern is that the ballot doesn't explicitly state what you (and I
agree) believe is intended here. Someone in the future can look back at the
ballot language we passed with SC9 and interpret it differently. Simply
copying the VWG scope (and deliverables) into the body of the motion woul
In my opinion it makes some sense to move forward with a conversion of the
Validation WG to a Subcommittee with the existing broad scope and no
expiration date.
On Thu, Sep 13, 2018 at 3:21 PM Kirk Hall
wrote:
> I’m taking your comment as saying you will vote in favor of the ballot if
> I make t
Would it be helpful to take a step back and propose an amendment to the
Bylaws or SCWG charter that addresses Subcommittees in sufficient detail? I
would be willing to work on that. Meanwhile, if the Network Security WG
left some urgent work unfinished, nothing prevents SCWG members from
collaborat
On Thu, Sep 13, 2018 at 5:05 PM Ryan Sleevi wrote:
> Why does a subcommittee need this?
>
> How can we answer that when we don't know what the heck a Subcommittee is?
I would characterize the problem as more than confusion, which implies that
there is a correct answer to these Subcommittee questi
On Fri, Sep 14, 2018 at 11:40 AM Tim Hollebeek via Public <
public@cabforum.org> wrote:
> Ryan,
>
>
>
I am not Ryan, but...
Unfortunately, as a native Californian, I am a very non-violent person, and
> the Code of Conduct explicitly forbids violence, so can we be in utterly
> non-violent agreemen
1 - 100 of 169 matches
Mail list logo