<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Dear Members,<br>
<br>
Following up to the CP/CPS RFC3647 alignment discussion at the last
F2F, I prepared a ballot to address the ambiguity regarding the
appropriate sections from RFC 3647 that CAs need to include in their
CP and/or CPS documents.<br>
<br>
An effective date was added because these changes may be considered
normative compared to the current version of the BRs. I also
included elements from <a
href="https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md#33-cps-and-cpses">section
3.3(5) of MRSP</a>.<br>
<br>
Please let me know if you have any comments or concerns. I also need
one more endorser to kick off the official discussion period.<br>
<br>
<br>
Best regards,<br>
Dimitris.<br>
<br>
<h1 class="break-text" id="bkmrk-page-title">SC-74 - Clarify CP/CPS
structure according to RFC 3647</h1>
<div style="clear:left;"></div>
<h2 id="bkmrk-summary">Summary</h2>
<p id="bkmrk-the-tls-baseline-req">The TLS Baseline Requirements
require in section 2.2 that:</p>
<p id="bkmrk-%22the-certificate-pol"><em>"The Certificate Policy
and/or Certification Practice Statement MUST be structured in
accordance with RFC 3647 and MUST include all material required
by RFC 3647."</em></p>
<p id="bkmrk-the-intent-of-this-l">The intent of this language was
to ensure that all CAs' CP and/or CPS documents contain a similar
structure, making it easier to review and compare against the BRs.
However, there was some ambiguity as to the actual structure that
CAs should follow. After several discussions in the <a
href="https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html">SCWG
Public Mailing List</a> and F2F meetings, it was agreed that
more clarity should be added to the existing requirement, pointing
to the outline described in section 6 of RFC 3647.</p>
<p id="bkmrk-the-following-motion">The following motion has been
proposed by Dimitris Zacharopoulos (HARICA) and endorsed by Aaron
Poulsen (Amazon) and XXXX (XXXX). <br>
</p>
<p id="bkmrk-you-can-view-and-com">You can view and comment on the
github pull request representing this ballot <a
href="https://github.com/cabforum/servercert/pull/503">here</a>. <br>
</p>
<h2 id="bkmrk-motion-begins">Motion Begins</h2>
<p id="bkmrk-modify-the-%22baseline">MODIFY the "Baseline
Requirements for the Issuance and Management of Publicly-Trusted
TLS Server Certificates" based on Version 2.0.4 as specified in
the following redline:<br>
</p>
<ul id="bkmrk-https%3A%2F%2Fgithub.com%2Fc">
<li class="null"><a
href="https://github.com/cabforum/servercert/pull/503/files"
class="moz-txt-link-freetext">https://github.com/cabforum/servercert/pull/503/files</a>
(EDITORIAL NOTE: this link will be replaced with the immutable
URL before starting the official discussion period)<br>
</li>
</ul>
<h2 id="bkmrk-motion-ends">Motion Ends</h2>
<p id="bkmrk-this-ballot-proposes">This ballot proposes a Final
Maintenance Guideline. The procedure for approval of this ballot
is as follows:</p>
<h4 id="bkmrk-discussion-%2811%2B-days">Discussion (at least 7 days)</h4>
<ul id="bkmrk-start-time%3A-2024-01-">
<li class="null">Start time: 2024-04-29 10:00:00 UTC</li>
<li class="null">End time: on or after 2024-05-06 10:00:00 UTC</li>
</ul>
<h4 id="bkmrk-vote-for-approval-%287">Vote for approval (7 days)</h4>
<ul id="bkmrk-start-time%3A-tbd-end-">
<li class="null">Start time: TBD</li>
<li class="null">End time: TBD</li>
</ul>
<p></p>
<br>
</body>
</html>