[cabfpub] Ballot - NameConstraints criticality flag
philliph at comodo.com
Fri May 25 16:18:40 UTC 2012
As a meta point, this might be an area where it was useful to tell the IETF
PKIX WG that this vote is going on while it is going on.
The only pushback I saw on this issue was the usual crowd of DoD contractors
who see no reason for PKIX to serve anything that is not a requirement for
the DoD. Here we have a mechanism that can demonstrate that a community with
at least equal authority in PKI expertise has considered the issue seriously
and decided that the balance of concerns here favors a change.
From: Tim Moses
Sent: Friday, May 25, 2012 10:45 AM
Subject: [cabfpub] Ballot - NameConstraints criticality flag
Kathleen Wilson made the following motion, and Steve Roylance and Adam
Langley endorsed it.
Delete the following text from the "Subordinate CA Certificate" section of
both the Baseline Requirements Appendix B and EV Guidelines Appendix B:
"All other fields and extensions MUST be set in accordance to RFC 5280."
AND replace it with the following:
"F. nameConstraints (optional)
. If present, this extension SHOULD be marked critical*.
All other fields and extensions MUST be set in accordance to RFC 5280.
* Non-critical Name Constraints are an exception to RFC 5280 that MAY be
used until the Name Constraints extension is supported by Application
Software Suppliers whose software is used by a substantial portion of
Relying Parties worldwide."
The ballot review period comes into effect at 21:00 UTC on May 25, 2012 and
will close at 21:00 UTC on June 1, 2012. Unless the motion is withdrawn
during the review period, the voting period will start immediately
thereafter and will close at 21:00 UTC on June 8, 2012. Votes must be cast
by "reply all" to this email.
A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted.
Voting members are listed here:
with the addition of TrendMicro.
In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and one half or more of the votes cast by
members in the browser category must be in favour. Also, at least eight
members must participate in the ballot, either by voting in favour, voting
against or abstaining.
T: +1 613 270 3183
Public mailing list
Public at cabforum.org
More information about the Public