[cabfpub] Short-Lived Certificate Ballot

Enric Castillo enric.castillo at anf.es
Wed Nov 4 18:51:46 UTC 2015 

ANF AC votes no.

ANF Autoridad de Certificación

*Enric Castillo*
Director Técnico
+34 626818285
Gran Via de Les Corts Catalanes 996, Barcelona
+593 0 996483798
12 de Octubre y Cordero, World Trade Center, Torre A, 1102, Quito
ANF Autoridad de Certificación
www.anf.es <https://www.anf.es>

*Aviso*

Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial y/o datos de carácter personal, 
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y 
la Ley de Servicios de la Sociedad de la Información. Si usted no es el 
destinatario indicado (o el responsable de la entrega al mismo), no debe 
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha 
recibido este mensaje por error o lo ha conseguido por otros medios, le 
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda 
a su eliminación irreversible. Las opiniones, conclusiones y demás 
informaciones incluidas en este mensaje que no estén relacionadas con 
asuntos profesionales de ANF Autoridad de Certificación no están 
respaldadas por la empresa.

El 26/10/2015 a las 16:38, Jeremy Rowley escribió:
>
> Here’s the official Short-Lived Cert Ballot. The review period starts 
> tomorrow. With the ballot starting on Nov 3.
>
> *Ballot 153 – Short-Lived Certificates*
>
> The following motion has been proposed by Jeremy Rowley ofDigiCertand 
> endorsed by Ryan Sleevi of Google and Gervase Markham of Mozilla.
>
> -- MOTION BEGINS --
>
> 1) Add/revise the following definitions:
>
> _Issuance Time: The time at which a Certificate’s digital signature is 
> calculated._
>
> _Short-Lived Certificate: A Certificate with a Validity Period less 
> than 96 hours and a notBefore time no earlier than 24 hours before the 
> Issuance Time and a notAfter time no later than 72 hours after the 
> Issuance Time._
>
> Validity Period: The period of timemeasuredfrom_notBefore through 
> notAfter, inclusive_.the date when the Certificate is issued until the 
> Expiry Date.
>
> 2) Modify Section 4.9.10 as follows:
>
> 4.9.10. On‐line Revocation Checking Requirements
>
> Effective 1 January 2013, the CA SHALL support an OCSP capability 
> using the GET method for Certificates issued in accordance with these 
> Requirements.
>
> For the status of Subscriber Certificates_other than a Short-Lived 
> Certificate containing a cRLDistributionPoints extension_: The CA 
> SHALL update information provided via an Online Certificate Status 
> Protocol at least every four days. OCSP responses from this service 
> MUST have a maximum expiration time of ten days.
>
> 3) Modify Section 7.1.2.3 as follows:
>
> 7.1.2.3. Subscriber Certificate…
>
> b. cRLDistributionPoints This extension_MUST be present for 
> Short-Lived Certificates that lack an authorityInformationAccess 
> extension and_MAY be present for all other certificates. If present, 
> it MUST NOT be marked critical, and it MUST contain the HTTP URL of 
> the CA’s CRL service. See Section 13.2.1 for details.
>
> c. authorityInformationAccess With the exception of stapling_and 
> Short-Lived Certificates_,which is noted below, this extension MUST be 
> present. It MUST NOT be marked critical, and it MUST contain the HTTP 
> URL of the Issuing CA’s OCSP responder (accessMethod = 
> 1.3.6.1.5.5.7.48.1). It SHOULD also contain the HTTP URL of the 
> Issuing CA’s certificate (accessMethod = 1.3.6.1.5.5.7.48.2).
>
> The HTTP URL of the Issuing CA’s OCSP responder MAY be omitted_for 
> Short-Lived Certificates containing a cRLDistributionPoints extension 
> or if_Subscriber “staples” OCSP responses for the Certificate in its 
> TLS handshakes [RFC4366].
>
> -- MOTION ENDS --
>
> The review period for this ballot shall commence at 27 October 2015, 
> and will close at 3 November 2015. Unless the motion is withdrawn 
> during the review period, the voting period will start immediately 
> thereafter and will close at 10 November 2015. Votes must be cast by 
> posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed 
> here:https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151104/a06d1660/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-anf.png
Type: image/png
Size: 4746 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151104/a06d1660/attachment-0003.png>

More information about the Public mailing list