<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
StartCom Abstains<br>
<br>
<div class="moz-cite-prefix">On 10/26/2015 11:38 PM, Jeremy Rowley
wrote:<br>
</div>
<blockquote
cite="mid:ef1fe64cf20e4ca2b4d1b89e7cffb6e5@EX2.corp.digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.u
{mso-style-name:u;}
span.strike
{mso-style-name:strike;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="line874" style="background:white"><span
style="font-family:"Arial",sans-serif;color:black">Here’s
the official Short-Lived Cert Ballot. The review period
starts tomorrow. With the ballot starting on Nov 3. <o:p></o:p></span></p>
<p class="line874" style="background:white"><b><span
style="font-family:"Arial",sans-serif;color:black">Ballot
153 – Short-Lived Certificates<o:p></o:p></span></b></p>
<p class="line862" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">The
following motion has been proposed by Jeremy Rowley of<span
class="apple-converted-space"> </span><span
style="border:none windowtext 1.0pt;padding:0in">DigiCert</span><span
class="apple-converted-space"> </span>and endorsed by Ryan
Sleevi of Google and Gervase Markham of Mozilla.<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">--
MOTION BEGINS --<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">1)
Add/revise the following definitions:<o:p></o:p></span></p>
<p class="line867" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span class="u"><u><span
style="font-family:"Arial",sans-serif;color:black">Issuance
Time: The time at which a Certificate’s digital
signature is calculated.</span></u></span><span
style="font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="line867" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span class="u"><u><span
style="font-family:"Arial",sans-serif;color:black">Short-Lived
Certificate: A Certificate with a Validity Period less
than 96 hours and a notBefore time no earlier than 24
hours before the Issuance Time and a notAfter time no
later than 72 hours after the Issuance Time.</span></u></span><span
style="font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="line862" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">Validity
Period: The period of time<span
class="apple-converted-space"> </span><span class="strike"><s>measured</s></span><span
class="apple-converted-space"> </span>from<span
class="apple-converted-space"> </span><span class="u"><u>notBefore
through notAfter, inclusive</u></span>.<span
class="apple-converted-space"> </span><span class="strike"><s>the
date when the Certificate is issued until the Expiry
Date.</s></span><o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">2)
Modify Section 4.9.10 as follows:<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">4.9.10.
On</span><span style="font-family:"Cambria
Math",serif;color:black">‐</span><span
style="font-family:"Arial",sans-serif;color:black">line
Revocation Checking Requirements<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">Effective
1 January 2013, the CA SHALL support an OCSP capability
using the GET method for Certificates issued in accordance
with these Requirements.<o:p></o:p></span></p>
<p class="line862" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">For
the status of Subscriber Certificates<span
class="apple-converted-space"> </span><span class="u"><u>other
than a Short-Lived Certificate containing a
cRLDistributionPoints extension</u></span>: The CA SHALL
update information provided via an Online Certificate Status
Protocol at least every four days. OCSP responses from this
service MUST have a maximum expiration time of ten days.<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">3)
Modify Section 7.1.2.3 as follows:<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">7.1.2.3.
Subscriber Certificate<span class="apple-converted-space"> </span>…<o:p></o:p></span></p>
<p class="line862" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">b.
cRLDistributionPoints This extension<span
class="apple-converted-space"> </span><span class="u"><u>MUST
be present for Short-Lived Certificates that lack an
authorityInformationAccess extension and</u></span><span
class="apple-converted-space"> </span>MAY be present for
all other certificates. If present, it MUST NOT be marked
critical, and it MUST contain the HTTP URL of the CA’s CRL
service. See Section 13.2.1 for details.<o:p></o:p></span></p>
<p class="line862" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">c.
authorityInformationAccess With the exception of stapling<span
class="apple-converted-space"> </span><span class="u"><u>and
Short-Lived Certificates</u></span>,<span
class="apple-converted-space"> </span><span class="strike"><s>which
is noted below</s></span>, this extension MUST be
present. It MUST NOT be marked critical, and it MUST contain
the HTTP URL of the Issuing CA’s OCSP responder
(accessMethod = 1.3.6.1.5.5.7.48.1). It SHOULD also contain
the HTTP URL of the Issuing CA’s certificate (accessMethod =
1.3.6.1.5.5.7.48.2).<o:p></o:p></span></p>
<p class="line862" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">The
HTTP URL of the Issuing CA’s OCSP responder MAY be omitted<span
class="apple-converted-space"> </span><span class="u"><u>for
Short-Lived Certificates containing a
cRLDistributionPoints extension or if</u></span><span
class="apple-converted-space"> </span>Subscriber “staples”
OCSP responses for the Certificate in its TLS handshakes
[RFC4366].<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">--
MOTION ENDS --<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">The
review period for this ballot shall commence at 27 October
2015, and will close at 3 November 2015. Unless the motion
is withdrawn during the review period, the voting period
will start immediately thereafter and will close at 10
November 2015. Votes must be cast by posting an on-list
reply to this thread.<o:p></o:p></span></p>
<p class="line862" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">A
vote in favor of the motion must indicate a clear 'yes' in
the response. A vote against must indicate a clear 'no' in
the response. A vote to abstain must indicate a clear
'abstain' in the response. Unclear responses will not be
counted. The latest vote received from any representative of
a voting member before the close of the voting period will
be counted. Voting members are listed here:<span
class="apple-converted-space"> </span><a
moz-do-not-send="true"
href="https://cabforum.org/members/"><span
style="border:none windowtext 1.0pt;padding:0in">https://cabforum.org/members/</span></a><o:p></o:p></span></p>
<p class="line874" style="background:white;orphans:
auto;text-align:start;widows: 1;-webkit-text-stroke-width:
0px;word-spacing:0px">
<span
style="font-family:"Arial",sans-serif;color:black">In
order for the motion to be adopted, two thirds or more of
the votes cast by members in the CA category and greater
than 50% of the votes cast by members in the browser
category must be in favor. Quorum is currently nine (9)
members– at least nine members must participate in the
ballot, either by voting in favor, voting against, or
abstaining.<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>