[cabfpub] Ballot 134 - Application of RFC 5280 to Precertificates
Jeremy.Rowley
jeremy.rowley at digicert.com
Fri Oct 10 08:03:44 MST 2014
DigiCert votes "Yes"
On 10/10/2014 1:49 AM, Adriano Santoni wrote:
> Actalis votes YES
>
> Il 02/10/2014 21:31, Ben Wilson ha scritto:
>>
>> *Ballot 134 - Application of RFC 5280 to Precertificates*
>>
>> Kirk Hall of Trend Micro made the following motion, and Ben Wilson of
>> Digicert and Ryan Sleevi from Google have endorsed it.
>>
>> *Reason for Ballot*
>>
>> CAs are implementing Certificate Transparency (CT) based on RFC 6962,
>> which contains the concept of pre-certificates. The current Baseline
>> Requirements require all certificates to comply with RFC 5280. (See
>> Definition of "Valid Certificate" and references to RFC 5280 in
>> Appendix B.) For some implementations, there is a potential dilemma
>> if the pre-certificate and the production certificate are issued from
>> the same sub-CA and both have the same Serial Number, not permitted
>> under RFC 5280. Given that CAs will likely be implementing CT before
>> potential technical differences can be worked out, the purpose of
>> this ballot is to allow CAs to meet CT deadlines without violating
>> the Baseline Requirements requiring compliance with RFC 5280.
>>
>> *-- Motion Begins -- *
>>
>> Effective immediately, the title to Appendix B of the Baseline
>> Requirements shall be amended as follows:
>>
>> * Appendix B – Certificate _Content and_ Extensions; _Application
>> of RFC 5280_ (Normative)
>> * This appendix specifies the _additional requirements_ for
>> Certificate _content and_ extensions for Certificates generated
>> after the Effective Date.
>>
>> and a new subsection (5) will be added as follows:
>>
>> _(5) Application of RFC 5280 _
>>
>> _For purposes of clarification, a Precertificate as described in RFC
>> 6962 – Certificate Transparency shall not be considered to be a
>> “certificate” subject to the requirements of RFC 5280 - Internet
>> X.509 Public Key Infrastructure Certificate and Certificate
>> Revocation List (CRL) Profile under these Baseline Requirements. _
>>
>> *-- Motion Ends -- *
>>
>> The review period for this ballot shall commence at 2200 UTC on
>> Thursday, 2 October 2014, and will close at 2200 UTC on Thursday, 9
>> October 2014. Unless the motion is withdrawn during the review
>> period, the voting period will start immediately thereafter and will
>> close at 2200 UTC on Thursday, 16 October 2014. Votes must be cast by
>> posting an on-list reply to this thread.
>>
>> A vote in favor of the motion must indicate a clear 'yes' in the
>> response. A vote against must indicate a clear 'no' in the response.
>> A vote to abstain must indicate a clear 'abstain' in the response.
>> Unclear responses will not be counted. The latest vote received from
>> any representative of a voting member before the close of the voting
>> period will be counted. Voting members are listed here:
>> https://cabforum.org/members/
>>
>> In order for the motion to be adopted, two thirds or more of the
>> votes cast by members in the CA category and greater than 50% of the
>> votes cast by members in the browser category must be in favor.
>> Quorum is currently nine (9) members– at least nine members must
>> participate in the ballot, either by voting in favor, voting against,
>> or abstaining.
>>
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>
> --
> /Adriano Santoni/
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141010/a4efccc6/attachment.html
More information about the Public
mailing list