<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.blob-code-inner
{mso-style-name:blob-code-inner;}
span.x
{mso-style-name:x;}
span.pl-mb
{mso-style-name:pl-mb;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:862862271;
mso-list-template-ids:-1513356362;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1061056390;
mso-list-template-ids:1852317714;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Corey and I are working on a cleanup ballot right now, and I agree that cleaning this sort of thing up to be more uniform would be a useful inclusion.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Perhaps we should file a github issue to track it?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-Tim<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Servercert-wg <servercert-wg-bounces@cabforum.org>
<b>On Behalf Of </b>Dimitris Zacharopoulos (HARICA) via Servercert-wg<br>
<b>Sent:</b> Tuesday, January 4, 2022 6:45 AM<br>
<b>To:</b> servercert-wg@cabforum.org<br>
<b>Subject:</b> Re: [Servercert-wg] Ballot SC-52 version 2: Specify CRL Validity Intervals in Seconds (cleanup time interval style)<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><br>
On another matter (decided to start a new thread to separate the two issues), we also observed that there is no consistency on the way time intervals are written. For example:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span class="blob-code-inner">"one hour", </span><br>
<br>
<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span class="blob-code-inner">"sixteen hours", </span><br>
<br>
<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span class="blob-code-inner">"seven days", </span><br>
<br>
<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span class="blob-code-inner">"ten days", </span><br>
<br>
<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span class="blob-code-inner">"twelve months", </span><br>
<br>
<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span class="blob-code-inner">"366 days", </span><br>
<br>
<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span class="blob-code-inner">"</span><span class="x">367 days".</span><o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-bottom:12.0pt">We should pick one format style using numbers like "1 hour, 16 hours, 7 days, 10 days, 12 months". I'd be happy to go over the document and propose these updates on this ballot or we could schedule it for a
cleanup ballot.<br>
<br>
Dimitris.<o:p></o:p></p>
<div>
<p class="MsoNormal">On 15/12/2021 7:51 π.μ., Dimitris Zacharopoulos (HARICA) via Servercert-wg wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><br>
HARICA disagrees with adding the following text to the Baseline Requirements:<br>
<br>
<span class="pl-mb"><i>"**Effective 2022-06-01:**</i></span><span class="blob-code-inner"><i> For purposes of computing differences, a difference of 3,600 seconds shall be equal to one hour, and a difference of 86,400 seconds shall be equal to one day, ignoring
leap seconds. Any amount of time greater than this, including fractional seconds, shall represent an additional unit of measure, such as an additional hour or additional day."</i></span><br>
<br>
My team has advised me that when using the standard (vixie) cron, an admin cannot state that an action must take place:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2">
every x minutes, for x>60<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2">
every x hours, for x>24<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2">
every x days, for x>1<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2">
every x months, for x>12<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-bottom:12.0pt">An admin would need to create custom scripts to overcome these problems, thus creating a possibility of human error. It is also not possible to specify seconds. This is just one of the tools that can be used
by admins. Windows has the same limitations in the "tasks" scheduling tool.<br>
<br>
This is a very simple indication that such a change in the requirements will require significant analysis and implementation effort by all CAs without good justification.<br>
<br>
HARICA still doesn't see a clear benefit from generalizing the expectation that all time intervals in the BRs, EVGs, NetSec should be evaluated at the level of 1 second which is an "expensive" compliance obligation and should be applied/enforced in areas where
it is really needed. The necessity may come from interoperability risks as we have seen for the validity of certificates and OCSP/CRL. If other areas seem appropriate for this level of accuracy, we should identify, justify and add to the requirements instead
of making a general requirement for such an expensive operation.<br>
<br>
<br>
Dimitris.<o:p></o:p></p>
<div>
<p class="MsoNormal">On 2/12/2021 5:20 μ.μ., Tim Hollebeek via Servercert-wg wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Ballot SC-52 version 2: Specify CRL Validity Intervals in Seconds<o:p></o:p></p>
<p class="MsoNormal">Purpose of Ballot: Similar to Ballot SC-31 which modified the specification of<o:p></o:p></p>
<p class="MsoNormal">OCSP validity periods to be in seconds, this ballot modifies the specification<o:p></o:p></p>
<p class="MsoNormal">of CRL validity periods to be in seconds to avoid confusion about exactly which<o:p></o:p></p>
<p class="MsoNormal">periods are valid and which are not. The ballot also specifies that other time
<o:p></o:p></p>
<p class="MsoNormal">periods should be handled the same way, which has broader impacts throughout
<o:p></o:p></p>
<p class="MsoNormal">the document.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">These changes should not be interpreted as implying that missing a deadline by<o:p></o:p></p>
<p class="MsoNormal">a few seconds is any more or less important than it previously was. The<o:p></o:p></p>
<p class="MsoNormal">changes are merely intended to provide additional clarity and precision about<o:p></o:p></p>
<p class="MsoNormal">exactly where the deadlines are.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The following motion has been proposed by Tim Hollebeek of DigiCert and endorsed
<o:p></o:p></p>
<p class="MsoNormal">by Trevoli Ponds-White of Amazon and Kati Davids of GoDaddy.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">---MOTION BEGINS---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">This ballot modifies the “Baseline Requirements for the Issuance and Management
<o:p></o:p></p>
<p class="MsoNormal">of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version 1.8.0:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">MODIFY the Baseline Requirements as specified in the following Redline:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><a href="https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...2b9cf93af71233095f370cdc1d1b587166da4b07">https://github.com/cabforum/servercert/compare/cda0f92ee70121fd5d692685b97ebb6669c74fb7...2b9cf93af71233095f370cdc1d1b587166da4b07</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">---MOTION ENDS---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">This ballot proposes a Final Maintenance Guideline. <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The procedure for approval of this ballot is as follows: <o:p>
</o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Discussion (7+ days)<o:p></o:p></p>
<p class="MsoNormal">Start Time: December 2, 2021 10:30 am Eastern<o:p></o:p></p>
<p class="MsoNormal">End Time: No earlier than December 9, 2021 10:30 am Eastern<o:p></o:p></p>
<p class="MsoNormal">Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoNormal">Start Time: TBD<o:p></o:p></p>
<p class="MsoNormal">End Time: TBD<o:p></o:p></p>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Servercert-wg mailing list<o:p></o:p></pre>
<pre><a href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Servercert-wg mailing list<o:p></o:p></pre>
<pre><a href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>