<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 10/6/2024 3:29 μ.μ., Martijn
Katerbarg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:SA1PR17MB6503DBDC3192952C2EF1FEE3E3C62@SA1PR17MB6503.namprd17.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}h1
{mso-style-priority:9;
mso-style-link:"Heading 1 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:24.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:18.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-link:"Heading 1";
font-family:"Aptos Display",sans-serif;
color:#0F4761;}span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Aptos Display",sans-serif;
color:#0F4761;}p.null, li.null, div.null
{mso-style-name:null;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Aptos",sans-serif;
color:#0F4761;
font-style:italic;}span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0cm;}ul
{margin-bottom:0cm;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">Dimitris, <br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">I’ve got a question as to the intent of the
following line from section 8.7:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">“Effective 2025-03-15, the CA SHOULD use a
Linting process to verify the technical accuracy of
Certificates within the selected sample set.”<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">Is the intent here that the CA should re-lint
the selected sample set, even if they were originally linted
during the issuance process (as pre-issuance, post-issuance,
or both)?</span></p>
</div>
</blockquote>
<br>
Yes, as this may include a new version of the Linting software.
Please let me know you have any suggested language to make this a
bit more clear.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:SA1PR17MB6503DBDC3192952C2EF1FEE3E3C62@SA1PR17MB6503.namprd17.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">Regards,<br>
<br>
Martijn<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="color:black">From: </span></b><span
style="color:black">Servercert-wg
<a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg-bounces@cabforum.org"><servercert-wg-bounces@cabforum.org></a> on behalf
of Dimitris Zacharopoulos (HARICA) via Servercert-wg
<a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a><br>
<b>Date: </b>Monday, 10 June 2024 at 12:36<br>
<b>To: </b>CA/B Forum Server Certificate WG Public
Discussion List <a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a><br>
<b>Subject: </b>[Servercert-wg] Ballot SC-75 v2 -
Pre-sign linting<o:p></o:p></span></p>
</div>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">CAUTION:
This email originated from outside of the
organization. Do not click links or open attachments
unless you recognize the sender and know the content
is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<h1>SC-75 v2 Pre-sign linting<o:p></o:p></h1>
<h2 id="bkmrk-summary">Summary<o:p></o:p></h2>
<p id="bkmrk-this-pull-request-pr">There have been
numerous compliance incidents publicly disclosed by CAs
in which they failed to comply with the technical
requirements described in standards associated with the
issuance and management of publicly-trusted TLS
Certificates. However, the industry has developed
open-source tools, linters, that are free to use and can
help CAs avoid certificate misissuance. Using such
linters before issuing a precertificate from a
Publicly-Trusted CA (pre-issuance linting) can prevent
the mis-issuance in a wide variety of cases.<o:p></o:p></p>
<p id="bkmrk-the-following-motion">The following motion
has been proposed by Dimitris Zacharopoulos of HARICA
and endorsed by Corey Bonnell of Digicert and Ben Wilson
of Mozilla.<o:p></o:p></p>
<p id="bkmrk-you-can-view-and-com">You can view the GitHub
pull request representing this ballot <a
href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F518&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C4f08a6cb46f94d8303be08dc89393e45%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638536126159182982%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=8UNBMOzqoiWCRqa8mSWP97aUBmMeLVPtDLBQ7qNYJuU%3D&reserved=0"
moz-do-not-send="true">here</a>. <o:p></o:p></p>
<h2 id="bkmrk-motion-begins">Motion Begins<o:p></o:p></h2>
<p id="bkmrk-modify-the-%22baseline">MODIFY the "Baseline
Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates" based on
Version 2.0.5 as specified in the following redline:<o:p></o:p></p>
<ul id="bkmrk-https%3A%2F%2Fgithub.com%2Fc" type="disc">
<li class="null" style="mso-list:l1 level1 lfo1"><a
href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F20af1b271f2b689344ae353d3e78dc6b772199db...cc88926a3dee348a364542e5e259e9c7cab1f747&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C4f08a6cb46f94d8303be08dc89393e45%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638536126159193852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=evt9RYpYgB3cPSc9gj3A9AakPW04Ivyf%2FobDHIeU4CE%3D&reserved=0"
moz-do-not-send="true">https://github.com/cabforum/servercert/compare/20af1b271f2b689344ae353d3e78dc6b772199db...cc88926a3dee348a364542e5e259e9c7cab1f747</a><o:p></o:p></li>
</ul>
<h2 id="bkmrk-motion-ends">Motion Ends<o:p></o:p></h2>
<p id="bkmrk-this-ballot-proposes">This ballot proposes a
Final Maintenance Guideline. The procedure for approval
of this ballot is as follows:<o:p></o:p></p>
<h4 id="bkmrk-discussion-%2811%2B-days">Discussion (at
least 7 days)<o:p></o:p></h4>
<ul id="bkmrk-start-time%3A-2024-01-" type="disc">
<li class="null" style="mso-list:l0 level1 lfo2">Start
time: 2024-06-10 10:00:00 UTC<o:p></o:p></li>
<li class="null" style="mso-list:l0 level1 lfo2">End
time: on or after 2024-06-17 10:00:00 UTC<o:p></o:p></li>
</ul>
<h4 id="bkmrk-vote-for-approval-%287">Vote for approval (7
days)<o:p></o:p></h4>
<ul id="bkmrk-start-time%3A-tbd-end-" type="disc">
<li class="null" style="mso-list:l2 level1 lfo3">Start
time: TBD<o:p></o:p></li>
<li class="null" style="mso-list:l2 level1 lfo3">End
time: TBD<o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>