<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Tim,<br>
<br>
I thought there was rough consensus NOT to extend the "1 sec
accuracy" to time duration requirements other than the CRL and OCSP.<br>
<br>
For example, measuring 24 hours or 5 days to revoke a certificate
doesn't need the accuracy of a second.<br>
<br>
It's not easy to programmatically measure this level of accuracy for
every CA process. When the requirements identify this level of
accuracy (e.g. RFC 5280), it makes sense to programmatically enforce
them, otherwise it is too painful to implement for every time
measurement and produces very little -if any- security improvements
to the ecosystem.<br>
<br>
HARICA does not support the current proposal to extend the accuracy
to the entirety of the BRs (and by extension to NetSec and EV
Guidelines).<br>
<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 18/11/2021 5:43 μ.μ., Tim Hollebeek
via Servercert-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100017d33b80b45-b5166223-e986-4911-a4f6-cb076f2e473d-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Ballot SC-52: Specify CRL Validity
Intervals in Seconds<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Purpose of Ballot: Similar to Ballot SC-31
which modified the specification of<o:p></o:p></p>
<p class="MsoNormal">OCSP validity periods to be in seconds,
this ballot modifies the specification<o:p></o:p></p>
<p class="MsoNormal">of CRL validity periods to be in seconds to
avoid confusion about exactly which<o:p></o:p></p>
<p class="MsoNormal">periods are valid and which are not. The
ballot also specifies that other time <o:p></o:p></p>
<p class="MsoNormal">periods should be handled the same way,
which has broader impacts throughout <o:p></o:p></p>
<p class="MsoNormal">the document.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The following motion has been proposed by
Tim Hollebeek of DigiCert and endorsed <o:p></o:p></p>
<p class="MsoNormal">by Trevoli Ponds-White of Amazon and Kati
Davids of GoDaddy.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---MOTION BEGINS---<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This ballot modifies the “Baseline
Requirements for the Issuance and Management <o:p></o:p></p>
<p class="MsoNormal">of Publicly-Trusted Certificates”
(“Baseline Requirements”), based on Version 1.8.0:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">MODIFY the Baseline Requirements as
specified in the following Redline:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a
href="https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...0c265a673b10c460264a721214b902484c0d1c1f"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...0c265a673b10c460264a721214b902484c0d1c1f</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---MOTION ENDS---<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This ballot proposes a Final Maintenance
Guideline. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The procedure for approval of this ballot
is as follows: <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Discussion (7+ days)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Start Time: November 18, 2021 10:30am
Eastern<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">End Time: No earlier than November 25, 2021
10:30 am Eastern<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Start Time: TBD<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">End Time: TBD<o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
<br>
</body>
</html>