<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <br>
    <span dir="ltr" style="margin-top:0; margin-bottom:0;">Hi Aaron,</span>
    <br>
    <br>
    <span dir="ltr" style="margin-top:0; margin-bottom:0;">If there are
      no objections from others, would it be ok if we add this proposal
      to the upcoming profiles ballot which will be discussed at the
      F2F, and merge your PR in the profiles branch? I would just set
      the date to whatever effective date we decide, other than Jan 1 :)</span>
    <br>
    <br>
    <span dir="ltr" style="margin-top:0; margin-bottom:0;">The change
      seems rather uncontroversial. I'd be willing to endorse a separate
      ballot if the group decides not to include it in the profiles
      ballot.</span> <br>
    <br>
    <br>
    <span dir="ltr" style="margin-top:0; margin-bottom:0;">Thanks,</span>
    <br>
    <span dir="ltr" style="margin-top:0; margin-bottom:0;">Dimitris.<br>
      <br>
      <br>
    </span><br>
    <br>
    <div class="moz-cite-prefix">On 14/10/2022 8:04 μ.μ., Aaron Gable
      via Servercert-wg wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:01000183d774ace6-10af4785-33f9-4e11-ae8c-4ffda44ca092-000000@email.amazonses.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">Hi all,
        <div><br>
        </div>
        <div>Based on a long discussion[1] on MDSP, I've come to the
          conclusion that it would be good for the BRs to specifically
          mandate that sharded/partitioned CRLs include the Issuing
          Distribution Point extension and its distributionPoint field.
          This is both because the field is important to defend against
          replacement attacks, and because RFC 5280's language seems to
          actually say something different and has led to a long
          discussion on interpretation.</div>
        <div><br>
        </div>
        <div>To this end, I would like to propose a ballot to include
          explicit language to this effect in the BRs:</div>
        <div><br>
        </div>
        <div><a href="https://github.com/cabforum/servercert/pull/396"
            moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/servercert/pull/396</a><br>
        </div>
        <div><br>
        </div>
        <div>Clint Wilson at Mozilla has kindly agreed to endorse; I'm
          seeking a second endorser (and any thoughts and opinions on
          the ballot text itself, of course!) so that it can be assigned
          a ballot number and officially open the discussion period.</div>
        <div><br>
        </div>
        <div>Thanks,</div>
        <div>Aaron</div>
        <div><br>
        </div>
        <div>[1] <a
href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/qhrGxLvyreU"
            moz-do-not-send="true" class="moz-txt-link-freetext">https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/qhrGxLvyreU</a></div>
      </div>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>