
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>SSL.com votes YES on Ballot <span class="gmail-il">SC31v3.<br>

      </span></p>

    <div class="moz-cite-prefix">On 7/9/2020 12:00 PM, Ryan Sleevi via

      Servercert-wg wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CACvaWvax71NgvYfj2e2r3EQmDBB8mZMyPKvtcOE2Jse9WF32=g@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div style="color:rgb(0,0,0)">This begins the voting period for

          Ballot <span class="gmail-il">SC31v3</span>: Browser Alignment</div>

        <div style="color:rgb(0,0,0)"><br>

        </div>

        <div style="color:rgb(0,0,0)"><b>Purpose of Ballot:</b></div>

        <div style="color:rgb(0,0,0)"><b><br>

          </b></div>

        <div style="color:rgb(0,0,0)">As a regular part of Root Program

          maintenance, and reflecting the independent nature of each

          Root Programs' needs and requirements, Root Programs have

          introduced a number of requirements above and beyond those

          captured in the Baseline Requirements. For Root Programs, this

          approach results in a lack of certainty, as the requirements

          are not independently audited and assessed, unless otherwise

          provided for. For CAs, this introduces confusion when applying

          to have the same CA certificate trusted by multiple Root

          Programs, as the effective requirements that the CA and

          certificates need to comply with are the union of the

          most-restrictive policies.<br>

          <br>

          The following ballot attempts to resolve this uncertainty for

          Root Programs, and ambiguity for CAs, by incorporating Root

          Program-specific requirements that are either effective or

          will, in the future, be effective.<b><br>

          </b></div>

        <div style="color:rgb(0,0,0)"><br>

        </div>

        <span style="color:rgb(0,0,0)">This was originally drafted in </span><a

          href="https://github.com/sleevi/cabforum-docs/pull/10"

          target="_blank" moz-do-not-send="true">https://github.com/sleevi/cabforum-docs/pull/10</a><span

          style="color:rgb(0,0,0)"> , and as a pull request is available

          at </span><a

          href="https://github.com/cabforum/documents/pull/195"

          target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/pull/195</a><br

          style="color:rgb(0,0,0)">

        <br style="color:rgb(0,0,0)">

        <span style="color:rgb(0,0,0)">The full description, and

          motivation, of each change, along with the effective dates,

          are available at the above pull request.</span><br

          style="color:rgb(0,0,0)">

        <br style="color:rgb(0,0,0)">

        <span style="color:rgb(0,0,0)">The following motion has been

          proposed by Ryan Sleevi of Google and endorsed by Clint Wilson

          of Apple and Mike Reilly of Microsoft.</span>

        <div style="color:rgb(0,0,0)"><br>

        </div>

        <div style="color:rgb(0,0,0)">The changes between SC31v1 and

          SC31v2 can be viewed at <a

href="https://github.com/cabforum/documents/compare/90a7dfe95d32ae8c76a4fa55c7b038d4928872c6...1bb3be897213b21d15b837befa885b0ba34bfd3d"

            target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/90a7dfe95d32ae8c76a4fa55c7b038d4928872c6...1bb3be897213b21d15b837befa885b0ba34bfd3d</a> .

          This corrects "Not applicable" to "No stipulation", updates

          the formatting/markup for Pandoc and provides additional

          example text to the effective date table for the Chair or

          Vice-Chair.</div>

        <div style="color:rgb(0,0,0)"><br>

        </div>

        <div style="color:rgb(0,0,0)">The changes between SC31v2 and <span

            class="gmail-il">SC31v3</span> can be viewed at</div>

        <div style="color:rgb(0,0,0)"><a

href="https://github.com/cabforum/documents/compare/1bb3be897213b21d15b837befa885b0ba34bfd3d...a9a7814da2328c3d3d54d8355eff6fe398354af8"

            target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/1bb3be897213b21d15b837befa885b0ba34bfd3d...a9a7814da2328c3d3d54d8355eff6fe398354af8</a> .

          This addresses an issue with certificate suspension for

          pre-existing, non-TLS certificates from TLS-capable

          subordinate CAs, and attempts to clarify the expectations

          around the use of CRL reason codes by requiring they be

          documented in the CA's CP/CPS. This also shuffles a

          requirement already present in the BRs and the RFCs, regarding

          Delegated Responders being conflated with TLS-capable CAs,

          into the "Cleanup and Clarification" ballot.<br>

          <br>

          <b>--- MOTION BEGINS ---<br>

          </b><br>

          This ballot modifies "Baseline Requirements for the Issuance

          and Management of Publicly-Trusted Certificates" ("Baseline

          Requirements") as follows, based on Version 1.7.0<br>

          <br>

          MODIFY the Baseline Requirements as defined in the following

          redline:<br>

          <a

href="https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8"

            target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8</a><br>

          <br>

          This ballot modifies the “Guidelines for the Issuance and

          Management of Extended Validation Certificates” (“EV

          Guidelines”) as follows, based on version 1.7.2:<br>

          <br>

          MODIFY the EV Guidelines as defined in the following redline:<br>

          <a

href="https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8"

            target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8</a><br>

          <br>

          The Chair or Vice-Chair is permitted to update the Relevant

          Dates of the Baseline Requirements and the EV Guidelines to

          reflect these changes.<br>

          <br>

          <b>--- MOTION ENDS ---<br>

          </b><br>

          This ballot proposes two Final Maintenance Guidelines.<br>

          <br>

        </div>

        <div style="color:rgb(0,0,0)">The procedure for approval of this

          ballot is as follows:<br>

          <br>

          Discussion (7+ days)<br>

          Start Time: 2-July 2020 00:00 UTC<br>

          End Time: after 9-July 2020 00:00 UTC<br>

          <br>

          Vote for approval (7 days)<br>

          Start Time: 9-July 2020 17:00 UTC<br>

          End Time: 16-July 2020 17:00 UTC</div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Servercert-wg mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>

<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>

</pre>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Chris Kemmerer

Manager of Operations

SSL.com


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~ To find the reefs, look~~~~~~~~

~~~~     for the wrecks.    ~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</pre>

  </body>

</html>