[Cscwg-public] Discussion period begins: Ballot CSC-12 - CRL Revocation Date Clarification

Corey Bonnell Corey.Bonnell at digicert.com
Mon Oct 25 21:50:24 UTC 2021


As a reminder, please raise any questions or concerns by tomorrow morning.
Absent any feedback, I plan to start the voting period at 2021-10-26 14:00
UTC.

Thanks,

Corey

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Corey
Bonnell via Cscwg-public
Sent: Tuesday, October 19, 2021 10:00 AM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Discussion period begins: Ballot CSC-12 - CRL
Revocation Date Clarification




CRL Revocation Date Clarification





Purpose of this ballot:


While RFC 5280, section 5.3.2 specifies that it is best practice to include
the Invalidity Date CRL entry extension to denote when a certificate first
became invalid, Certificate Consumer software commonly ignores this
extension in favor of using the time encoded in the CRL entry revocationDate
field for this purpose. This ballot clarifies that CAs shall use the
revocationDate to denote when a certificate first became invalid even if
that time precedes issuance of the latest CRL. Additionally, this ballot
clarifies that if the CA is becomes aware of a more appropriate revocation
date for a revoked Code Signing Certificate, then the CA may include this
date in subsequently issued CRLs and OCSP responses pertaining to that
revoked Code Signing Certificate.

The following motion has been proposed by Corey Bonnell of DigiCert and
endorsed by Rob Stradling of Sectigo and Bruce Morton of Entrust.


MOTION BEGINS


This ballot updates the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates” version 2.5
according to the attached redline which includes:

*	Add the effective date of the CRL profile change in section 1.3.
*	Modification of the third paragraph of section 13.2.1.
*	Addition of two paragraphs after the third paragraph of section
13.2.1.
*	Add explanatory footnote to the bottom of the last page of section
13.2.1.


MOTION ENDS




The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 2021-10-19 14:00 UTC

End Time: not before 2021-10-26 14:00 UTC



Vote for approval (7 days)

Start Time: TBD

End Time: TBD



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20211025/7d80b65b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20211025/7d80b65b/attachment-0001.p7s>


More information about the Cscwg-public mailing list