[cabfpub] Ballot 100: Extend Deadline - OCSP Good Response

i-barreira at izenpe.net i-barreira at izenpe.net
Thu May 23 23:36:49 MST 2013 

All, I think I said this several times but we´re still falling in the same situation. Why? We tend to put "effective date" when later on we have to change for any reason, whatever. Why august 2013 is not ok and will be august 2014? Are you sure of this? What will happen if Corestreet (this name has been mentioned) is not ready in august 2014 for any reason? Another extension?
If we want to get or to be credible we are supposed to accomplish these dates, because supposedly we have agreed them for some reason, and this is not happening at any time. 
We, Izenpe, are a very small CSP but trying (and doing) to meet all these requirements, but it´s not fair that I can or have to do it since others can´t make it.

Anyway, I´m agree with Yngve, it´s disappointed and I´m afraid that if we don´t change this "effective date" method I´ll have to vote NO for this time (but well, it´s just one vote)

Regards


Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net
945067705


ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

-----Mensaje original-----
De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Yngve N. Pettersen
Enviado el: jueves, 23 de mayo de 2013 22:51
Para: public at cabforum.org
Asunto: Re: [cabfpub] Ballot 100: Extend Deadline - OCSP Good Response

Hello all,

Needless to say, I am disappointed to see such a ballot.

As part of the discussion of this ballot, may I suggest that the known vendors and products that can't meet the original deadline and the affected CAs be listed? (just use alphabetic listing, no need to connect the names from each category with each other.) I think knowing the extent of the problem is necessary for the discussion. It might also be an idea to consider if the vendors should be allowed to be part of the discussion.

Also, I would suggest that the original "SHOULD NOT" deadline of February 1, 2013 be kept, unless there are good reasons to move it to August.


On Thu, 23 May 2013 22:19:44 +0200, Ben Wilson <ben at digicert.com> wrote:

> Ballot 100 - Extend Deadline - OCSP Good Response
>
>
> Motion:
>
>
> Joe Kaluzny made the following motion, and Stephen Davidson and Steve 
> Roylance endorsed it:
>
> ---
>
>
> Motion begins
>
> ---
>
>
> EFFECTIVE IMMEDIATELY, in order to allow third party vendors of OCSP 
> responders to enable their software to support the requirement, we 
> propose extending the compliance deadline for section 13.2.6 with the 
> following
> erratum:
>
> ---
>
>
> Erratum begins
>
>
> ---
>
>
> In Section 13.2.6 of the Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates, DELETE:
>
>
> 13.2.6 Response for non-issued certificates
>
>
> If the OCSP responder receives a request for status of a certificate 
> that has not been issued, then the responder SHOULD NOT respond with a "good"
> status. The CA SHOULD monitor the responder for such requests as part 
> of its security response procedures.
>
>
> Effective 1 August 2013, OCSP responders MUST NOT respond with a "good"
> status for such certificates.
>
>
> And INSERT:
>
>
> 13.2.6 Response for non-issued certificates
>
>
> If the OCSP responder receives a request for status of a certificate that
> has not been issued, then the responder SHOULD NOT respond with a "good"
> status. The CA SHOULD monitor the responder for such requests as part of  
> its
> security response procedures.
>
>
> Effective 1 August 2013, OCSP responders SHOULD NOT respond with a "good"
> status for such certificates.
>
>
> Effective 1 August 2014, OCSP responders MUST NOT respond with a "good"
> status for such certificates.
>
>
> ---
>
>
> Erratum ends
>
>
> ---
>
> The ballot review period comes into effect at 2100 UTC on 23 May 2013 and
> will close at 2100 UTC on 30 May 2013. Unless the motion is withdrawn  
> during
> the review period, the voting period will start immediately thereafter  
> and
> will close at 2100 UTC on 6 June 2013.
>
> Votes must be cast by an on-list reply to this thread.
>
>
> A vote in favor of the motion must indicate a clear 'yes' in the  
> response. A
> vote against must indicate a clear 'no' in the response. A vote to  
> abstain
> must indicate a clear 'abstain' in the response. Unclear responses will  
> not
> be counted.
>
>
> The latest vote received from any representative of a voting member  
> before
> the close of the voting period will be counted.
>
> ---
>
>
> Motion ends
>
> ---
>
>
> Voting members are listed here: http://www.cabforum.org/forum.html
>
>
> In order for the motion to be adopted, two thirds or more of the votes  
> cast
> by members in the CA category and one half or more of the votes cast by
> members in the browser category must be in favor. The current quorum  
> number
> is seven. Therefore, at least seven members must participate in the  
> ballot,
> either by voting in favor, voting against, or indicating their  
> abstention.
>
>


-- 
Sincerely,
Yngve N. Pettersen

Using Opera's mail client: http://www.opera.com/mail/
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list