<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>HARICA will endorse</p>
<p>Regards,<br>
Antonis<br>
</p>
<div class="moz-cite-prefix">Στις 13/8/24 01:22, ο/η Aaron Gable via
Servercert-wg έγραψε:<br>
</div>
<blockquote type="cite"
cite="mid:0100019148af4213-2d46ed88-450e-4999-a803-ad4d9015cc6b-000000@email.amazonses.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Thank you to Ben Wilson for offering to endorse.
<div><br>
</div>
<div>Thank you also to Bruce Morton, Wayne Thayer, and Antonios
Eleftheriadis for providing feedback on the proposed ballot
text. I have made minor updates per their comments, and am
still seeking a second endorser.</div>
<div><br>
</div>
<div>Aaron</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Aug 9, 2024 at
11:54 AM Aaron Gable <<a
href="mailto:aaron@letsencrypt.org" moz-do-not-send="true"
class="moz-txt-link-freetext">aaron@letsencrypt.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">This ballot has grown out of discussions around
whether OCSP responses must be made available for
Precertificates, and how quickly they must be made available
after initial issuance. Much of that conversation is
captured in <a
href="https://bugzilla.mozilla.org/show_bug.cgi?id=1905419"
moz-do-not-send="true">this bugzilla incident</a> and <a
href="https://github.com/mozilla/pkipolicy/issues/280"
moz-do-not-send="true">this Mozilla issue</a>.
<div><br>
</div>
<div>In addition, I've often felt like Sections 4.9.9 and
4.9.10 are poorly laid out, with little rhyme or reason as
to why any particular requirement lives in one section or
the other. RFC 3647 says that Section 4.9.10 is meant to
place requirements on relying parties, not on CAs, which
explains much of the confusion.</div>
<div><br>
</div>
<div>The result is a total rearrangement of Sections 4.9.9
and 4.9.10. This ballot empties 4.9.10, moves all of its
requirements into 4.9.9, and arranges them into three
sections:</div>
<div>- A few definitions (which apply only in this section);</div>
<div>- Requirements which apply to OCSP Responders whose
URLs are found in the AIA OCSP field of certificates; and</div>
<div>- Requirements which apply to all OCSP Responses,
regardless of how it was queried.</div>
<div><br>
</div>
<div>The PR representing this ballot is here: <a
href="https://github.com/cabforum/servercert/pull/535"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/servercert/pull/535</a></div>
<div><br>
</div>
<div>Please let me know if you have any comments or
suggested changes on the GitHub PR, and please let me know
if you'd be willing to endorse.</div>
<div><br>
</div>
<div>Thank you,</div>
<div>Aaron</div>
</div>
</blockquote>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Servercert-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/servercert-wg">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
</body>
</html>