[cabfpub] Ballot 100: Extend Deadline - OCSP Good Response

Ben Wilson ben at digicert.com
Thu May 23 13:19:44 MST 2013


Ballot 100 - Extend Deadline - OCSP Good Response 

 

Motion: 

 

Joe Kaluzny made the following motion, and Stephen Davidson and Steve
Roylance endorsed it:

---

 

Motion begins 

---

 

EFFECTIVE IMMEDIATELY, in order to allow third party vendors of OCSP
responders to enable their software to support the requirement, we propose
extending the compliance deadline for section 13.2.6 with the following
erratum:

---

 

Erratum begins 

 

--- 

 

In Section 13.2.6 of the Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates, DELETE: 

 

13.2.6 Response for non-issued certificates 

 

If the OCSP responder receives a request for status of a certificate that
has not been issued, then the responder SHOULD NOT respond with a "good"
status. The CA SHOULD monitor the responder for such requests as part of its
security response procedures. 

 

Effective 1 August 2013, OCSP responders MUST NOT respond with a "good"
status for such certificates. 

 

And INSERT: 

 

13.2.6 Response for non-issued certificates 

 

If the OCSP responder receives a request for status of a certificate that
has not been issued, then the responder SHOULD NOT respond with a "good"
status. The CA SHOULD monitor the responder for such requests as part of its
security response procedures. 

 

Effective 1 August 2013, OCSP responders SHOULD NOT respond with a "good"
status for such certificates. 

 

Effective 1 August 2014, OCSP responders MUST NOT respond with a "good"
status for such certificates. 

 

--- 

 

Erratum ends 

 

---

The ballot review period comes into effect at 2100 UTC on 23 May 2013 and
will close at 2100 UTC on 30 May 2013. Unless the motion is withdrawn during
the review period, the voting period will start immediately thereafter and
will close at 2100 UTC on 6 June 2013.

Votes must be cast by an on-list reply to this thread. 

 

A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. 

 

The latest vote received from any representative of a voting member before
the close of the voting period will be counted. 

--- 

 

Motion ends 

--- 

 

Voting members are listed here: http://www.cabforum.org/forum.html 

 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and one half or more of the votes cast by
members in the browser category must be in favor. The current quorum number
is seven. Therefore, at least seven members must participate in the ballot,
either by voting in favor, voting against, or indicating their abstention.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130523/586dd985/attachment.html 


More information about the Public mailing list