<!DOCTYPE html>

<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p><font face="Calibri">Actalis votes 'yes'</font><br>

    </p>

    <div class="moz-cite-prefix">Il 26/04/2024 02:00, Wayne Thayer via

      Servercert-wg ha scritto:<br>

    </div>

    <blockquote type="cite"

cite="mid:0100018f17b415ae-778c107a-354f-4239-9c91-1848b0fd4f07-000000@email.amazonses.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <title></title>

      <div align="center">

        <table width="30%" cellspacing="2" cellpadding="2" border="1">

          <tbody>

            <tr>

              <td valign="top" bgcolor="#ffff00"> <span

                  style="color: red;">NOTICE:</span> Pay attention -

                external email - Sender is

<a class="moz-txt-link-abbreviated" href="mailto:0100018f17b415ae-778c107a-354f-4239-9c91-1848b0fd4f07-000000@amazonses.com">0100018f17b415ae-778c107a-354f-4239-9c91-1848b0fd4f07-000000@amazonses.com</a>

              </td>

            </tr>

          </tbody>

        </table>

        <br>

      </div>

      <br>

      <div dir="ltr">

        <div dir="ltr">

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt"

id="m_3076436754704620828gmail-docs-internal-guid-03c99b0b-7fff-1c11-84e1-099f15f7f345">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Purpose of Ballot SC-073</span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

This ballot proposes updates to the Baseline Requirements for the

Issuance and Management of Publicly-Trusted TLS Server Certificates

related to weak and compromised private keys. These changes lie

primarily in Section <a href="http://6.1.1.3" target="_blank"

            moz-do-not-send="true">6.1.1.3</a>:</span></p>

          <ul style="margin-top:0px;margin-bottom:0px">

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:0pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

6.1.1.3(4) clarifies that, for the purpose of this requirement, CAs

shall be made aware of compromised keys using their existing

notification mechanism(s).</span></p>

</li>

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:12pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

6.1.1.3(5) improves guidance for CAs around the detection of weak

keys. Should this ballot pass, these changes become effective on

November 15, 2024.</span></p>

</li>

          </ul>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Notes:</span></p>

          <ul style="margin-top:0px;margin-bottom:0px">

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:0pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

This ballot builds on the extensive work done by SSL.com in

creating ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions

are appreciated.</span></p>

</li>

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Thanks to Rob Stradling of Sectigo for the generation and

publication of the set of Debian weak keys referenced in this

ballot.</span></p>

</li>

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

The Debian weak keys requirements have been discussed extensively,

including in the following threads:</span> <a

href="https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html"

            style="text-decoration:none" target="_blank"

            moz-do-not-send="true"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">

https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html</span></a>

<span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

and</span> <a

href="https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html"

            style="text-decoration:none" target="_blank"

            moz-do-not-send="true"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">

https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html</span></a><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span></p>

</li>

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:12pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

This ballot does not appear to conflict with any other ballots that

are currently under discussion.</span></p>

</li>

          </ul>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <br>

          </p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

The following motion has been proposed by Wayne Thayer of Fastly,

and endorsed by Brittany Randall of GoDaddy and Bruce Morton of

Entrust.</span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

— Motion Begins —</span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

This ballot modifies the “Baseline Requirements for the Issuance

and Management of Publicly-Trusted Certificates” (“Baseline

Requirements”), based on Version 2.0.3.</span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

MODIFY the Baseline Requirements for the Issuance and Management of

Publicly-Trusted TLS Server Certificates as specified in the

following Redline:</span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Here is a link to the immutable GitHub redline:</span> <a

href="https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0"

              style="text-decoration:none" target="_blank"

              moz-do-not-send="true"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">

https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0</span></a><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

— Motion Ends —</span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:0pt;padding:0pt 0pt 12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

This ballot proposes a Final Maintenance Guideline. The procedure

for approval of this ballot is as follows:</span></p>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:0pt;margin-bottom:12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Discussion (7+ days)</span></p>

          <ul style="margin-top:0px;margin-bottom:0px">

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:0pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Start time: 2024-04-18 00:00:00 UTC</span></p>

</li>

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:0pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

End time: 2024-04-26 00:00:00 UTC</span></p>

</li>

          </ul>

          <p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:12pt">

            <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Vote for approval (7 days)</span></p>

          <ul style="margin-top:0px;margin-bottom:0px">

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<p dir="ltr"

style="line-height:1.38;background-color:rgb(255,255,255);margin-top:12pt;margin-bottom:0pt;padding:0pt 0pt 12pt"

            role="presentation"><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

Start time: </span><span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">2024-04-26

00:00:00 UTC</span></p>

</li>

            <li dir="ltr"

style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

<span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

End time:</span> <span

style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">

2024-05-03 00:00:00 UTC</span></li>

          </ul>

        </div>

      </div>

      <br>

      <fieldset class="moz-mime-attachment-header"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Servercert-wg mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>

<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>

</pre>

    </blockquote>

  </body>

</html>