<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>TrustCor votes YES on Ballot SC31v3: Browser Alignment</p>
<p>To be clear, we broadly support the idea of having one set of
common requirements to ensure CA compliance across all of the Root
Programs.<br>
</p>
<p>However, we do have concerns with other portions of this ballot
that include the recently rejected SC22 Ballot, which TrustCor
voted no. TrustCor is committed to the requirements of the Root
Programs, therefore, we plan to accept and fully comply with the
398 day limit for certificates come September - but we do feel
that we were given no other choice. We are concerned that this
ballot contains such controversial issues and hope that going
forward the Forum can continue meaningful collaboration and seek
agreement on future directions for WebPKI.</p>
We also are of the belief that a broader understanding of the
meaning of CRL/OCSP revocation reasons should be reached, but this
should not stop the reconciliation of the BRs and the Root Program
requirements.
<p>Regards,</p>
<p>Neil<br>
</p>
<div class="moz-cite-prefix">On 09/07/2020 18:00, Ryan Sleevi via
Servercert-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACvaWvax71NgvYfj2e2r3EQmDBB8mZMyPKvtcOE2Jse9WF32=g@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div style="color:rgb(0,0,0)">This begins the voting period for
Ballot <span class="gmail-il">SC31v3</span>: Browser Alignment</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)"><b>Purpose of Ballot:</b></div>
<div style="color:rgb(0,0,0)"><b><br>
</b></div>
<div style="color:rgb(0,0,0)">As a regular part of Root Program
maintenance, and reflecting the independent nature of each
Root Programs' needs and requirements, Root Programs have
introduced a number of requirements above and beyond those
captured in the Baseline Requirements. For Root Programs, this
approach results in a lack of certainty, as the requirements
are not independently audited and assessed, unless otherwise
provided for. For CAs, this introduces confusion when applying
to have the same CA certificate trusted by multiple Root
Programs, as the effective requirements that the CA and
certificates need to comply with are the union of the
most-restrictive policies.<br>
<br>
The following ballot attempts to resolve this uncertainty for
Root Programs, and ambiguity for CAs, by incorporating Root
Program-specific requirements that are either effective or
will, in the future, be effective.<b><br>
</b></div>
<div style="color:rgb(0,0,0)"><br>
</div>
<span style="color:rgb(0,0,0)">This was originally drafted in </span><a
href="https://github.com/sleevi/cabforum-docs/pull/10"
target="_blank" moz-do-not-send="true">https://github.com/sleevi/cabforum-docs/pull/10</a><span
style="color:rgb(0,0,0)"> , and as a pull request is available
at </span><a
href="https://github.com/cabforum/documents/pull/195"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/pull/195</a><br
style="color:rgb(0,0,0)">
<br style="color:rgb(0,0,0)">
<span style="color:rgb(0,0,0)">The full description, and
motivation, of each change, along with the effective dates,
are available at the above pull request.</span><br
style="color:rgb(0,0,0)">
<br style="color:rgb(0,0,0)">
<span style="color:rgb(0,0,0)">The following motion has been
proposed by Ryan Sleevi of Google and endorsed by Clint Wilson
of Apple and Mike Reilly of Microsoft.</span>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">The changes between SC31v1 and
SC31v2 can be viewed at <a
href="https://github.com/cabforum/documents/compare/90a7dfe95d32ae8c76a4fa55c7b038d4928872c6...1bb3be897213b21d15b837befa885b0ba34bfd3d"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/90a7dfe95d32ae8c76a4fa55c7b038d4928872c6...1bb3be897213b21d15b837befa885b0ba34bfd3d</a> .
This corrects "Not applicable" to "No stipulation", updates
the formatting/markup for Pandoc and provides additional
example text to the effective date table for the Chair or
Vice-Chair.</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">The changes between SC31v2 and <span
class="gmail-il">SC31v3</span> can be viewed at</div>
<div style="color:rgb(0,0,0)"><a
href="https://github.com/cabforum/documents/compare/1bb3be897213b21d15b837befa885b0ba34bfd3d...a9a7814da2328c3d3d54d8355eff6fe398354af8"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/1bb3be897213b21d15b837befa885b0ba34bfd3d...a9a7814da2328c3d3d54d8355eff6fe398354af8</a> .
This addresses an issue with certificate suspension for
pre-existing, non-TLS certificates from TLS-capable
subordinate CAs, and attempts to clarify the expectations
around the use of CRL reason codes by requiring they be
documented in the CA's CP/CPS. This also shuffles a
requirement already present in the BRs and the RFCs, regarding
Delegated Responders being conflated with TLS-capable CAs,
into the "Cleanup and Clarification" ballot.<br>
<br>
<b>--- MOTION BEGINS ---<br>
</b><br>
This ballot modifies "Baseline Requirements for the Issuance
and Management of Publicly-Trusted Certificates" ("Baseline
Requirements") as follows, based on Version 1.7.0<br>
<br>
MODIFY the Baseline Requirements as defined in the following
redline:<br>
<a
href="https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8</a><br>
<br>
This ballot modifies the “Guidelines for the Issuance and
Management of Extended Validation Certificates” (“EV
Guidelines”) as follows, based on version 1.7.2:<br>
<br>
MODIFY the EV Guidelines as defined in the following redline:<br>
<a
href="https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8"
target="_blank" moz-do-not-send="true">https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8</a><br>
<br>
The Chair or Vice-Chair is permitted to update the Relevant
Dates of the Baseline Requirements and the EV Guidelines to
reflect these changes.<br>
<br>
<b>--- MOTION ENDS ---<br>
</b><br>
This ballot proposes two Final Maintenance Guidelines.<br>
<br>
</div>
<div style="color:rgb(0,0,0)">The procedure for approval of this
ballot is as follows:<br>
<br>
Discussion (7+ days)<br>
Start Time: 2-July 2020 00:00 UTC<br>
End Time: after 9-July 2020 00:00 UTC<br>
<br>
Vote for approval (7 days)<br>
Start Time: 9-July 2020 17:00 UTC<br>
End Time: 16-July 2020 17:00 UTC</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
</body>
</html>