<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body>
<div><br></div><div>SSC votes "Yes".</div><div><br></div><div>Thanks,</div><div>M.D.</div><div><br></div><div><br></div><div id="composer_signature"><div style="font-size:88%;color:#364f67" dir="auto">Sent from my Samsung device</div></div><br><br>-------- Original message --------<br>From: Dimitris Zacharopoulos <jimmy@it.auth.gr> <br>Date: 7/27/16 17:00 (GMT+02:00) <br>To: CABFPub <public@cabforum.org> <br>Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of
private key due to incorrect certificate info <br><br>HARICA votes "yes" for ballot 173. <br><br>Dimitris. <br><br><br>> On 26 Ιουλ 2016, at 20:10, Ben Wilson <ben.wilson@digicert.com> wrote:<br>> <br>> DigiCert votes "yes".<br>> <br>> -----Original Message-----<br>> From: public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] On Behalf Of Dean Coclin<br>> Sent: Friday, July 22, 2016 6:28 PM<br>> To: Josh Aas <josh@letsencrypt.org>; CABFPub <public@cabforum.org><br>> Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of private key due to incorrect certificate info<br>> <br>> Thanks Josh. So for clarification for others voting, the revised ballot includes the 45 day effective date. <br>> <br>> -----Original Message-----<br>> From: public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] On Behalf Of Josh Aas<br>> Sent: Friday, July 22, 2016 7:49 PM<br>> To: CABFPub <public@cabforum.org><br>> Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of private key due to incorrect certificate info<br>> <br>> To clarify, my YES vote includes the 45-day waiting period before the changes take effect.<br>> <br>> All votes from this point on should be for the ballot as originally proposed but with a 45 day waiting period before the changes take effect. Thanks.<br>> <br>>> On Fri, Jul 22, 2016 at 4:30 PM, Josh Aas <josh@letsencrypt.org> wrote:<br>>> Let's Encrypt votes YES<br>>> <br>>>> On Thu, Jul 14, 2016 at 9:17 AM, Josh Aas <josh@letsencrypt.org> wrote:<br>>>> Ballot 173 - Removal of requirement to cease use of private key due <br>>>> to incorrect certificate info<br>>>> <br>>>> The following motion has been proposed by Josh Aas of ISRG / Let's <br>>>> Encrypt. Ben Wilson of Digicert and Chris Bailey of Entrust endorse.<br>>>> <br>>>> Background:<br>>>> <br>>>> BR Section 9.6.3 point 5 says:<br>>>> <br>>>> "Reporting and Revocation: An obligation and warranty to promptly <br>>>> cease using a Certificate and its associated Private Key, and <br>>>> promptly request the CA to revoke the Certificate, in the event that:<br>>>> (a) any information in the Certificate is, or becomes, incorrect or <br>>>> inaccurate, or (b) there is any actual or suspected misuse or <br>>>> compromise of the Subscriber’s Private Key associated with the Public <br>>>> Key included in the Certificate;"<br>>>> <br>>>> There is a problem here, which is that this requires a subscriber to <br>>>> stop using a private key just because information in a certificate is <br>>>> inaccurate or incorrect. People should stop using a cert with <br>>>> inaccurate or incorrect information, but they shouldn't be required <br>>>> to stop using a key pair unless there is known or suspected compromise.<br>>>> <br>>>> This is particularly problematic for HPKP.<br>>>> <br>>>> --Motion Begins--<br>>>> <br>>>> Effective upon the date of passage, the following modifications are <br>>>> made to the Baseline Requirements:<br>>>> <br>>>> Change the following text in Section 9.6.3:<br>>>> =======================<br>>>> Reporting and Revocation: An obligation and warranty to promptly <br>>>> cease using a Certificate and its associated Private Key, and <br>>>> promptly request the CA to revoke the Certificate, in the event that:<br>>>> (a) any information in the Certificate is, or becomes, incorrect or <br>>>> inaccurate, or (b) there is any actual or suspected misuse or <br>>>> compromise of the Subscriber’s Private Key associated with the Public <br>>>> Key included in the Certificate; =======================<br>>>> <br>>>> To:<br>>>> =======================<br>>>> Reporting and Revocation: An obligation and warranty to: (a) promptly <br>>>> request revocation of the Certificate, and cease using it and its <br>>>> associated Private Key, if there is any actual or suspected misuse or <br>>>> compromise of the Subscriber’s Private Key associated with the Public <br>>>> Key included in the Certificate; and (b) promptly request revocation <br>>>> of the Certificate, and cease using it, if any information in the <br>>>> Certificate is or becomes incorrect or inaccurate.<br>>>> =======================<br>>>> <br>>>> --Motion Ends--<br>>>> <br>>>> The review period for this ballot shall commence at 2200 UTC on 14 <br>>>> July 2016, and will close at 2200 UTC on 21 July 2016. Unless the <br>>>> motion is withdrawn during the review period, the voting period will <br>>>> start immediately thereafter and will close at 2200 UTC on 28 July <br>>>> 2016. Votes must be cast by posting an on-list reply to this thread.<br>>>> <br>>>> A vote in favor of the motion must indicate a clear 'yes' in the <br>>>> response. A vote against must indicate a clear 'no' in the response.<br>>>> A vote to abstain must indicate a clear 'abstain' in the response.<br>>>> Unclear responses will not be counted. The latest vote received from <br>>>> any representative of a voting member before the close of the voting <br>>>> period will be counted. Voting members are listed here:<br>>>> https://cabforum.org/members/<br>>>> <br>>>> In order for the motion to be adopted, two thirds or more of the <br>>>> votes cast by members in the CA category and greater than 50% of the <br>>>> votes cast by members in the browser category must be in favor.<br>>>> Quorum is currently ten (10) members– at least ten members must <br>>>> participate in the ballot, either by voting in favor, voting against, or abstaining.<br>>>> <br>>>> --<br>>>> Josh Aas<br>>>> Executive Director<br>>>> Internet Security Research Group<br>>>> Let's Encrypt: A Free, Automated, and Open CA<br>>> <br>>> <br>>> <br>>> --<br>>> Josh Aas<br>>> Executive Director<br>>> Internet Security Research Group<br>>> Let's Encrypt: A Free, Automated, and Open CA<br>> <br>> <br>> <br>> --<br>> Josh Aas<br>> Executive Director<br>> Internet Security Research Group<br>> Let's Encrypt: A Free, Automated, and Open CA _______________________________________________<br>> Public mailing list<br>> Public@cabforum.org<br>> https://cabforum.org/mailman/listinfo/public<br>> _______________________________________________<br>> Public mailing list<br>> Public@cabforum.org<br>> https://cabforum.org/mailman/listinfo/public<br>_______________________________________________<br>Public mailing list<br>Public@cabforum.org<br>https://cabforum.org/mailman/listinfo/public<br></body></html>