[cabfpub] [cabfman] Ballot[80 - revised] - BR Response for non-issued certificates

Ryan Hurst ryan.hurst at globalsign.com
Thu Aug 2 06:38:14 UTC 2012


GlobalSign believes in this amendment and would like to see the described behavior become the codified behavior for all OCSP servers.

 

We like others use third-party products to offer our OCSP responses and have not had sufficient time to work on a plan with those vendors to get timelines for the associated changes in place.

 

And while we feel the extension from six months to one year helps address this problem I am still unsure of what my vendors ability to respond is on this issue and starting over by building my own would likely take longer than the allotted time given existing commitments.

 

As such unfortunately we cannot yes at this time, if the period were extended an additional six months I feel I could find a way to make it happen and would be able to vote yes. 

 

Alternatively if the vote was withheld for a few weeks I could begin to work with my suppliers to identify what reasonable timeframe could be met at which point I could understand what timeframe we could commit to.

 

Ryan

 

From: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Wednesday, August 01, 2012 11:37 AM
To: 'management at cabforum.org'
Cc: CABFPub
Subject: Re: [cabfman] [cabfpub] Ballot[80 - revised] - BR Response for non-issued certificates

 

StartCom votes YES

On 07/26/2012 11:28 PM, From Tim Moses: 

Yngve Pettersen has accepted a “friendly amendment”.  Ben Wilson and Carsten Dahlenkamp are requested to confirm their continued endorsement.  The motion now reads as follows:

... Motion begins....

Effective 1 Feb 2013

... Erratum begins ...

Insert a new section at the end of section 13.2 of the Baseline Requirements with the following heading and text:

"13.2.6 Response for non-issued certificates

If the OCSP responder receives a request for status of a certificate that has not been issued, then the responder SHOULD NOT respond with a "good" status. The CA SHOULD monitor the responder for such requests as part of its security response procedures.

Effective 1 August 2013, OCSP responders MUST NOT respond with a "good" status for such certificates."

... Erratum ends ...

The ballot review period comes into effect at 21:00 UTC on 19 July 2012 and will close at 21:00 UTC on 26 July 2012. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 21:00 UTC on 2 August 2012. Votes must be cast by posting an on-list reply to this thread.

... Motions ends ...

A vote in favor of the motion must indicate a clear 'yes' in the response.

A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted.

Voting members are listed here:

 <http://www.cabforum.org/forum.html> http://www.cabforum.org/forum.html

with the addition of  <https://www.cabforum.org/wiki/TrendMicro> TrendMicro.

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and one half or more of the votes cast by members in the browser category must be in favour. Also, at least seven members must participate in the ballot, either by voting in favour, voting against or abstaining

 

 

T: +1 613 270 3183

 






_______________________________________________
Public mailing list
Public at cabforum.org
http://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120801/136c9182/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4276 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120801/136c9182/attachment-0002.p7s>


More information about the Public mailing list