<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 10/6/2024 6:45 μ.μ., Martijn
Katerbarg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:SA1PR17MB65032863DC1C31E2E6318BB6E3C62@SA1PR17MB6503.namprd17.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"Aptos Display";
panose-1:2 11 0 4 2 2 2 2 2 4;}@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}h1
{mso-style-priority:9;
mso-style-link:"Heading 1 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:24.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:18.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-link:"Heading 1";
font-family:"Aptos Display",sans-serif;
color:#0F4761;}span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Aptos Display",sans-serif;
color:#0F4761;}span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Aptos",sans-serif;
color:#0F4761;
font-style:italic;}p.null, li.null, div.null
{mso-style-name:null;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}span.EmailStyle28
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0cm;}ul
{margin-bottom:0cm;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">Thanks. I’ve added a suggestion onto the PR to
hopefully make this clearer. <br>
<br>
I also added a linebreak, so as to hopefully indicate to CAs
that linting alone during the self-audit is not enough to
satisfy the self-audit requirements.</span></p>
</div>
</blockquote>
<br>
Perfect, thank you Martijn!<br>
<br>
I also received some suggested language from Corey and will wait one
more day before incorporating those to the ballot and restart the
discussion period with a v3.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:SA1PR17MB65032863DC1C31E2E6318BB6E3C62@SA1PR17MB6503.namprd17.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="color:black">From: </span></b><span
style="color:black">Dimitris Zacharopoulos (HARICA)
<a class="moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr"><dzacharo@harica.gr></a><br>
<b>Date: </b>Monday, 10 June 2024 at 17:34<br>
<b>To: </b>Martijn Katerbarg
<a class="moz-txt-link-rfc2396E" href="mailto:martijn.katerbarg@sectigo.com"><martijn.katerbarg@sectigo.com></a>, CA/B Forum
Server Certificate WG Public Discussion List
<a class="moz-txt-link-rfc2396E" href="mailto:servercert-wg@cabforum.org"><servercert-wg@cabforum.org></a><br>
<b>Subject: </b>Re: [Servercert-wg] Ballot SC-75 v2 -
Pre-sign linting<o:p></o:p></span></p>
</div>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">CAUTION:
This email originated from outside of the
organization. Do not click links or open attachments
unless you recognize the sender and know the content
is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 10/6/2024 3:29 μ.μ., Martijn
Katerbarg wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:11.0pt" lang="EN-US">Dimitris, </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US">I’ve got a question as to the intent
of the following line from section 8.7:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US">“Effective 2025-03-15, the CA SHOULD
use a Linting process to verify the technical
accuracy of Certificates within the selected
sample set.”</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US">Is the intent here that the CA should
re-lint the selected sample set, even if they were
originally linted during the issuance process (as
pre-issuance, post-issuance, or both)?</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
Yes, as this may include a new version of the Linting
software. Please let me know you have any suggested
language to make this a bit more clear.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US">Regards,<br>
<br>
Martijn</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div id="mail-editor-reference-message-container">
<div>
<div
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="margin-bottom:12.0pt"><b><span
style="color:black">From: </span></b><span
style="color:black">Servercert-wg <a
href="mailto:servercert-wg-bounces@cabforum.org" moz-do-not-send="true"><servercert-wg-bounces@cabforum.org></a>
on behalf of Dimitris Zacharopoulos (HARICA)
via Servercert-wg <a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Date: </b>Monday, 10 June 2024 at 12:36<br>
<b>To: </b>CA/B Forum Server Certificate WG
Public Discussion List <a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true"><servercert-wg@cabforum.org></a><br>
<b>Subject: </b>[Servercert-wg] Ballot
SC-75 v2 - Pre-sign linting</span><o:p></o:p></p>
</div>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">CAUTION:
This email originated from outside of the
organization. Do not click links or open
attachments unless you recognize the sender
and know the content is safe.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<h1>SC-75 v2 Pre-sign linting<o:p></o:p></h1>
<h2 id="bkmrk-summary">Summary<o:p></o:p></h2>
<p id="bkmrk-this-pull-request-pr">There have
been numerous compliance incidents publicly
disclosed by CAs in which they failed to
comply with the technical requirements
described in standards associated with the
issuance and management of publicly-trusted
TLS Certificates. However, the industry has
developed open-source tools, linters, that are
free to use and can help CAs avoid certificate
misissuance. Using such linters before issuing
a precertificate from a Publicly-Trusted CA
(pre-issuance linting) can prevent the
mis-issuance in a wide variety of cases.<o:p></o:p></p>
<p id="bkmrk-the-following-motion">The following
motion has been proposed by Dimitris
Zacharopoulos of HARICA and endorsed by Corey
Bonnell of Digicert and Ben Wilson of Mozilla.<o:p></o:p></p>
<p id="bkmrk-you-can-view-and-com">You can view
the GitHub pull request representing this
ballot <a
href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F518&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C7c0abb3a92ab40cdece708dc8962c3b7%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638536304511774997%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=EnKzpp7LeHvFkCrPvp4yO6L5wyOaesGa3tWnoNsf0Jo%3D&reserved=0"
moz-do-not-send="true">here</a>. <o:p></o:p></p>
<h2 id="bkmrk-motion-begins">Motion Begins<o:p></o:p></h2>
<p id="bkmrk-modify-the-%22baseline">MODIFY the
"Baseline Requirements for the Issuance and
Management of Publicly-Trusted TLS Server
Certificates" based on Version 2.0.5 as
specified in the following redline:<o:p></o:p></p>
<ul id="bkmrk-https%3A%2F%2Fgithub.com%2Fc"
type="disc">
<li class="null"
style="mso-list:l0 level1 lfo1"><a
href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F20af1b271f2b689344ae353d3e78dc6b772199db...cc88926a3dee348a364542e5e259e9c7cab1f747&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C7c0abb3a92ab40cdece708dc8962c3b7%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638536304511788339%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3XfLt%2BuVtEivICDoYSCYOQUmabI6yzmR2PqzKX5CXlk%3D&reserved=0"
moz-do-not-send="true">https://github.com/cabforum/servercert/compare/20af1b271f2b689344ae353d3e78dc6b772199db...cc88926a3dee348a364542e5e259e9c7cab1f747</a><o:p></o:p></li>
</ul>
<h2 id="bkmrk-motion-ends">Motion Ends<o:p></o:p></h2>
<p id="bkmrk-this-ballot-proposes">This ballot
proposes a Final Maintenance Guideline. The
procedure for approval of this ballot is as
follows:<o:p></o:p></p>
<h4 id="bkmrk-discussion-%2811%2B-days">Discussion
(at least 7 days)<o:p></o:p></h4>
<ul id="bkmrk-start-time%3A-2024-01-"
type="disc">
<li class="null"
style="mso-list:l2 level1 lfo2">Start time:
2024-06-10 10:00:00 UTC<o:p></o:p></li>
<li class="null"
style="mso-list:l2 level1 lfo2">End time: on
or after 2024-06-17 10:00:00 UTC<o:p></o:p></li>
</ul>
<h4 id="bkmrk-vote-for-approval-%287">Vote for
approval (7 days)<o:p></o:p></h4>
<ul id="bkmrk-start-time%3A-tbd-end-"
type="disc">
<li class="null"
style="mso-list:l1 level1 lfo3">Start time:
TBD<o:p></o:p></li>
<li class="null"
style="mso-list:l1 level1 lfo3">End time:
TBD<o:p></o:p></li>
</ul>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>