[cabfpub] Ballot 148 - Issuer Field Correction (rev 1)
Dean Coclin
Dean_Coclin at symantec.com
Fri Apr 3 16:16:47 UTC 2015
I'm sorry, this vote was received after the ballot closed and will not be
counted.
Dean
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rijt, R.A. van de (Robert) - Logius
Sent: Friday, April 03, 2015 3:40 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Ballot 148 - Issuer Field Correction (rev 1)
Logius PKIoverheid votes "yes"
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Doug Beattie
Sent: Thursday, April 02, 2015 11:14 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Ballot 148 - Issuer Field Correction (rev 1)
Voting closes today, please vote!
From: Doug Beattie
Sent: Thursday, March 19, 2015 1:40 PM
To: public at cabforum.org
Subject: Ballot 148 - Issuer Field Correction (rev 1)
I'm reposting Ballot 148 with new review and voting periods to address
recent comments.
Ballot 148 - Issuer Field Correction (Rev 1)
________________________________________
Reason
________________________________________
The issuer field language in Section 9.1 of the Baseline Requirements
confuses two issues:
1) the contents of the issuer field in an end entity cert and
2) how to name root and intermediate CA certificates.
To clarify the issue and ensure proper name chaining, this ballot fixes the
issuer field requirements and, to clarify that commonName field is part of
the distinguished name, moves all of the Subject Distinguished Name Field
requirements under the proper section. The ballot also removes requirements
around the domainComponent field as the field is not used by current TLS
clients. A subsequent ballot will address naming of roots and intermediates
under current Section 9.2.5.
Doug Beattie of GlobalSign made the following motion, which was endorsed by
Jeremy Rowley of DigiCert and Richard Wang of WoSign.
________________________________________
Motion begins
________________________________________
1) Replace Section 9.1 with the following:
"9.1 Issuer Information
The content of the Certificate Issuer Distinguished Name field MUST match
the Subject DN of the Issuing CA to support Name chaining as specified in
RFC 5280, section 4.1.2.4."
2) Move Section 9.2.2 to 9.2.2(a) and renumber the subsequent sections as
b-i.
3) Delete Section 9.2.3.
4) Renumber 9.2.4 as 9.2.2.
5) In section 9.2, edit section reference "9.2.2" to "9.2.2 (a)"
6) Update section references 9.2.4 (f) to 9.2.2.(g) and 9.2.4 to 9.2.2
throughout document.
7) In Appendix B (Certificate Content and Extensions), Item (1) Root CA
Certificates, add
F. Subject Information
The Certificate Subject MUST contain the following
- countryName (OID 2.5.4.6). This field MUST contain the two-letter ISO
3166-1 country code for the country in which the CA's place of business is
located.
- organizationName (OID 2.5.4.10). This field MUST contain the name (or
abbreviation thereof), trademark, or other meaningful identifier for the CA,
provided that they accurately identify the CA. The field MUST NOT contain
exclusively a generic designation such as "Root 1".
8) In Appendix B (Certificate Content and Extensions), Item (2) Subordinate
CA Certificate, add
H. The Certificate Subject MUST contain the following
- countryName (OID 2.5.4.6). This field MUST contain the two-letter ISO
3166-1 country code for the country in which the CA's place of business is
located.
- organizationName (OID 2.5.4.10). This field MUST contain the name (or
abbreviation thereof), trademark, or other meaningful identifier for the CA,
provided that they accurately identify the CA. The field MUST NOT contain
exclusively a generic designation such as "CA1".
________________________________________
Motion Ends
________________________________________
The review period for this ballot shall commence at 2200 UTC on 19 Mar 2015,
and will close at 2200 UTC on 26 Mar 2015. Unless the motion is withdrawn
during the review period, the voting period will start immediately
thereafter and will close at 2200 UTC on 2 Apr 2015. Votes must be cast by
posting an on-list reply to this thread.
A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here:
https://cabforum.org/members/
<http://scanmail.trustwave.com/?c=4062&d=5-qd1ZDguQwcv4zUuUckscUDGYONHs9ZZcs
cq55IaQ&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmembers%2f>
In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Quorum is currently nine
(9) members- at least nine members must participate in the ballot, either by
voting in favor, voting against, or abstaining.
_____
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is strictly prohibited. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
_____
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u
niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden,
wordt u verzocht dat aan de afzender te melden en het bericht te
verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van
welke aard ook, die verband houdt met risico's verbonden aan het
elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you
are not the addressee or if this message was sent to you by mistake, you are
requested to inform the sender and delete the message. The State accepts no
liability for damage of any kind resulting from the risks inherent in the
electronic transmission of messages. .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150403/2d19264f/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6130 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150403/2d19264f/attachment-0001.p7s>
More information about the Public
mailing list