[cabfpub] Ballot 148 - Issuer Field Correction (rev 1)

Eddy Nigg eddy_nigg at startcom.org
Thu Apr 2 20:44:16 UTC 2015


If I'm not too late already than StartCom joins as well with a YES vote.

On 03/19/2015 07:39 PM, Doug Beattie wrote:
>
> I'm reposting Ballot 148 with new review and voting periods to address 
> recent comments.
>
> Ballot 148 - Issuer Field Correction (Rev 1)
>
> ________________________________________
>
> Reason
>
> ________________________________________
>
> The issuer field language in Section 9.1 of the Baseline Requirements 
> confuses two issues:
>
> 1) the contents of the issuer field in an end entity cert and
>
> 2) how to name root and intermediate CA certificates.
>
> To clarify the issue and ensure proper name chaining, this ballot 
> fixes the issuer field requirements and, to clarify that commonName 
> field is part of the distinguished name, moves all of the Subject 
> Distinguished Name Field requirements under the proper section. The 
> ballot also removes requirements around the domainComponent field as 
> the field is not used by current TLS clients. A subsequent ballot will 
> address naming of roots and intermediates under current Section 9.2.5.
>
> Doug Beattie of GlobalSign made the following motion, which was 
> endorsed by Jeremy Rowley of DigiCert and Richard Wang of WoSign.
>
> ________________________________________
>
> Motion begins
>
> ________________________________________
>
> 1) Replace Section 9.1 with the following:
>
> "9.1 Issuer Information
>
> The content of the Certificate Issuer Distinguished Name field MUST 
> match the Subject DN of the Issuing CA to support Name chaining as 
> specified in RFC 5280, section 4.1.2.4."
>
> 2) Move Section 9.2.2 to 9.2.2(a) and renumber the subsequent sections 
> as b-i.
>
> 3) Delete Section 9.2.3.
>
> 4) Renumber 9.2.4 as 9.2.2.
>
> 5) In section 9.2, edit section reference "9.2.2" to "9.2.2 (a)"
>
> 6) Update section references 9.2.4 (f) to 9.2.2.(g) and 9.2.4 to 9.2.2 
> throughout document.
>
> 7) In Appendix B (Certificate Content and Extensions), Item (1) Root 
> CA Certificates, add
>
> F. Subject Information
>
> The Certificate Subject MUST contain the following
>
> - countryName (OID 2.5.4.6).  This field MUST contain the two-letter 
> ISO 3166-1 country code for the country in which the CA's place of 
> business is located.
>
> - organizationName (OID 2.5.4.10). This field MUST contain the name 
> (or abbreviation thereof), trademark, or other meaningful identifier 
> for the CA, provided that they accurately identify the CA.  The field 
> MUST NOT contain exclusively a generic designation such as "Root 1".
>
> 8) In Appendix B (Certificate Content and Extensions), Item (2) 
> Subordinate CA Certificate, add
>
> H. The Certificate Subject MUST contain the following
>
> - countryName (OID 2.5.4.6).  This field MUST contain the two-letter 
> ISO 3166-1 country code for the country in which the CA's place of 
> business is located.
>
> - organizationName (OID 2.5.4.10). This field MUST contain the name 
> (or abbreviation thereof), trademark, or other meaningful identifier 
> for the CA, provided that they accurately identify the CA.  The field 
> MUST NOT contain exclusively a generic designation such as "CA1".
>
> ________________________________________
>
> Motion Ends
>
> ________________________________________
>
> The review period for this ballot shall commence at 2200 UTC on 19 Mar 
> 2015, and will close at 2200 UTC on 26 Mar 2015. Unless the motion is 
> withdrawn during the review period, the voting period will start 
> immediately thereafter and will close at 2200 UTC on 2 Apr 2015. Votes 
> must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here:
>
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members-- at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-- 
Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150402/00cd094c/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150402/00cd094c/attachment-0001.p7s>


More information about the Public mailing list