<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Thanks Aaron,<br>
<br>
Would it be ok for you to create a <a
href="https://github.com/cabforum/servercert/issues">GitHub issue</a>
to identify the specific sections that deviate in content? We might
tackle that in a cleanup ballot. I don't think the capitalization is
so much of a concern but if others think it is, please speak up :) <br>
<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 8/5/2024 1:19 π.μ., Aaron Gable
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAEmnEreCEx_rqLqjyXr12RiYvZyRB3Zj2h4ND4oJ4o66TORQdA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Two notes on this ballot, findings from our process for
handling upcoming requirements:</div>
<div><br>
</div>
<div>1) Let's Encrypt has <a
href="https://github.com/letsencrypt/cp-cps/tree/d5b258a/tools/lint"
moz-do-not-send="true">created and open-sourced a tool</a>
for linting a CPS to confirm compliance with RFC 3647 Section
6 and Ballot SC-074. If you maintain your CPS document in
markdown, it should be very simple to use or adapt to your
particular situation.</div>
<div><br>
</div>
<div>2) The Baseline Requirements themselves do not quite comply
with RFC 3647 Section 6, with several section titles that
deviate from that outline in either capitalization or actual
content.</div>
<div><br>
</div>
<div>We hope this information is helpful to others,</div>
<div>Aaron</div>
<div><br>
</div>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Apr 25, 2024 at
9:27 AM Dimitris Zacharopoulos (HARICA) via Servercert-wg
<<a href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div> <br>
<h1 id="m_-8449533255907748392bkmrk-page-title">SC-74 -
Clarify CP/CPS structure according to RFC 3647</h1>
<h2 id="m_-8449533255907748392bkmrk-summary">Summary</h2>
<p id="m_-8449533255907748392bkmrk-the-tls-baseline-req">The
TLS Baseline Requirements require in section 2.2 that:</p>
<p id="m_-8449533255907748392bkmrk-%22the-certificate-pol"><em>"The
Certificate Policy and/or Certification Practice
Statement MUST be structured in accordance with RFC
3647 and MUST include all material required by RFC
3647."</em></p>
<p id="m_-8449533255907748392bkmrk-the-intent-of-this-l">The
intent of this language was to ensure that all CAs' CP
and/or CPS documents contain a similar structure, making
it easier to review and compare against the BRs.
However, there was some ambiguity as to the actual
structure that CAs should follow. After several
discussions in the <a
href="https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html"
moz-do-not-send="true">SCWG Public Mailing List</a>
and F2F meetings, it was agreed that more clarity should
be added to the existing requirement, pointing to the
outline described in section 6 of RFC 3647.</p>
<o:p id="m_-8449533255907748392bkmrk-the-following-motion">The
following motion has been proposed by Dimitris
Zacharopoulos (HARICA) and endorsed by Aaron Poulsen
(Amazon) and Tim Hollebeek (Digicert). <o:br></o:br></o:p>
<p id="m_-8449533255907748392bkmrk-you-can-view-and-com">You
can view the github pull request representing this
ballot <a
href="https://github.com/cabforum/servercert/pull/503"
moz-do-not-send="true">here</a>. <br>
</p>
<h2 id="m_-8449533255907748392bkmrk-motion-begins">Motion
Begins</h2>
<p id="m_-8449533255907748392bkmrk-modify-the-%22baseline">MODIFY
the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted TLS Server Certificates"
based on Version 2.0.4 as specified in the following
redline:<br>
</p>
<ul
id="m_-8449533255907748392bkmrk-https%3A%2F%2Fgithub.com%2Fc">
<li><a
href="https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae</a>
<br>
</li>
</ul>
<h2 id="m_-8449533255907748392bkmrk-motion-ends">Motion
Ends</h2>
<p id="m_-8449533255907748392bkmrk-this-ballot-proposes">This
ballot proposes a Final Maintenance Guideline. The
procedure for approval of this ballot is as follows:</p>
<h4
id="m_-8449533255907748392bkmrk-discussion-%2811%2B-days">Discussion (at
least 7 days)</h4>
<ul
id="m_-8449533255907748392bkmrk-start-time%3A-2024-01-">
<li>Start time: 2024-04-25 16:30:00 UTC</li>
<li>End time: on or after 2024-05-02 16:30:00 UTC</li>
</ul>
<h4
id="m_-8449533255907748392bkmrk-vote-for-approval-%287">Vote
for approval (7 days)</h4>
<ul
id="m_-8449533255907748392bkmrk-start-time%3A-tbd-end-">
<li>Start time: TBD</li>
<li>End time: TBD</li>
</ul>
<br>
</div>
_______________________________________________<br>
Servercert-wg mailing list<br>
<a href="mailto:Servercert-wg@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">Servercert-wg@cabforum.org</a><br>
<a
href="https://lists.cabforum.org/mailman/listinfo/servercert-wg"
rel="noreferrer" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
</blockquote>
</div>
</div>
</blockquote>
<br>
</body>
</html>