<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
On another matter (decided to start a new thread to separate the two
issues), we also observed that there is no consistency on the way
time intervals are written. For example:<br>
<ul>
<li><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+">"one hour", <br>
</span></li>
<li><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+">"</span><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+">sixteen hours", <br>
</span></span></li>
<li><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"></span>"seven
days", <br>
</span></li>
<li><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+">"</span><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+">ten days", <br>
</span></span></li>
<li><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+">"</span></span><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+">twelve months", <br>
</span></span></span></li>
<li><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+">"</span></span></span><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+">366
days", <br>
</span></span></span></span></li>
<li><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+">"</span></span></span></span><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker js-code-nav-pass "
data-code-marker="+"><span class="blob-code-inner
blob-code-marker js-code-nav-pass " data-code-marker="+"><span
class="blob-code-inner blob-code-marker
js-code-nav-pass " data-code-marker="+"><span class="x
x-first x-last">367 days".</span></span></span></span></span></span></li>
</ul>
We should pick one format style using numbers like "1 hour, 16
hours, 7 days, 10 days, 12 months". I'd be happy to go over the
document and propose these updates on this ballot or we could
schedule it for a cleanup ballot.<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 15/12/2021 7:51 π.μ., Dimitris
Zacharopoulos (HARICA) via Servercert-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100017dbca55a86-b6199d6a-5b41-476b-8070-ebd7511e9ac9-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<br>
HARICA disagrees with adding the following text to the Baseline
Requirements:<br>
<br>
<i><span class="blob-code-inner blob-code-marker js-code-nav-pass
" data-code-marker="+"><span class="pl-mb">"**Effective
2022-06-01:**</span> For purposes of computing differences,
a difference of 3,600 seconds shall be equal to one hour, and
a difference of 86,400 seconds shall be equal to one day,
ignoring leap seconds. Any amount of time greater than this,
including fractional seconds, shall represent an additional
unit of measure, such as an additional hour or additional
day."</span></i><br>
<br>
My team has advised me that when using the standard (vixie) cron,
an admin cannot state that an action must take place:<br>
<ul>
<li>every x minutes, for x>60</li>
<li>every x hours, for x>24</li>
<li>every x days, for x>1</li>
<li>every x months, for x>12</li>
</ul>
An admin would need to create custom scripts to overcome these
problems, thus creating a possibility of human error. It is also
not possible to specify seconds. This is just one of the tools
that can be used by admins. Windows has the same limitations in
the "tasks" scheduling tool.<br>
<br>
This is a very simple indication that such a change in the
requirements will require significant analysis and implementation
effort by all CAs without good justification.<br>
<br>
HARICA still doesn't see a clear benefit from generalizing the
expectation that all time intervals in the BRs, EVGs, NetSec
should be evaluated at the level of 1 second which is an
"expensive" compliance obligation and should be applied/enforced
in areas where it is really needed. The necessity may come from
interoperability risks as we have seen for the validity of
certificates and OCSP/CRL. If other areas seem appropriate for
this level of accuracy, we should identify, justify and add to the
requirements instead of making a general requirement for such an
expensive operation.<br>
<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 2/12/2021 5:20 μ.μ., Tim Hollebeek
via Servercert-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100017d7bbbd472-39436b21-605d-4705-b406-b80179b53943-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Ballot SC-52 version 2: Specify CRL
Validity Intervals in Seconds<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Purpose of Ballot: Similar to Ballot
SC-31 which modified the specification of<o:p></o:p></p>
<p class="MsoNormal">OCSP validity periods to be in seconds,
this ballot modifies the specification<o:p></o:p></p>
<p class="MsoNormal">of CRL validity periods to be in seconds
to avoid confusion about exactly which<o:p></o:p></p>
<p class="MsoNormal">periods are valid and which are not. The
ballot also specifies that other time <o:p></o:p></p>
<p class="MsoNormal">periods should be handled the same way,
which has broader impacts throughout <o:p></o:p></p>
<p class="MsoNormal">the document.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">These changes should not be interpreted
as implying that missing a deadline by<o:p></o:p></p>
<p class="MsoNormal">a few seconds is any more or less
important than it previously was. The<o:p></o:p></p>
<p class="MsoNormal">changes are merely intended to provide
additional clarity and precision about<o:p></o:p></p>
<p class="MsoNormal">exactly where the deadlines are.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The following motion has been proposed by
Tim Hollebeek of DigiCert and endorsed <o:p></o:p></p>
<p class="MsoNormal">by Trevoli Ponds-White of Amazon and Kati
Davids of GoDaddy.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---MOTION BEGINS---<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This ballot modifies the “Baseline
Requirements for the Issuance and Management <o:p></o:p></p>
<p class="MsoNormal">of Publicly-Trusted Certificates”
(“Baseline Requirements”), based on Version 1.8.0:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">MODIFY the Baseline Requirements as
specified in the following Redline:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a
href="https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...2b9cf93af71233095f370cdc1d1b587166da4b07"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...2b9cf93af71233095f370cdc1d1b587166da4b07</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---MOTION ENDS---<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This ballot proposes a Final Maintenance
Guideline. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The procedure for approval of this ballot
is as follows: <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Discussion (7+ days)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Start Time: December 2, 2021 10:30 am
Eastern<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">End Time: No earlier than December 9,
2021 10:30 am Eastern<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Start Time: TBD<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">End Time: TBD<o:p></o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Servercert-wg@cabforum.org" moz-do-not-send="true">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
<br>
</body>
</html>