[cabfpub] Short-Lived Certificate Ballot

TUĞBA ÖZCAN tugba.ozcan at kamusm.gov.tr
Thu Nov 5 13:52:17 UTC 2015

Hi all,


Kamu Sertifikasyon Merkezi Votes “No”.




From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg
Sent: Thursday, November 5, 2015 12:52 PM
To: Dean Coclin
Cc: public at cabforum.org
Subject: Re: [cabfpub] Short-Lived Certificate Ballot


StartCom Abstains

On 10/26/2015 11:38 PM, Jeremy Rowley wrote:

Here’s the official Short-Lived Cert Ballot. The review period starts tomorrow. With the ballot starting on Nov 3.  

Ballot 153 – Short-Lived Certificates

The following motion has been proposed by Jeremy Rowley of DigiCert and endorsed by Ryan Sleevi of Google and Gervase Markham of Mozilla.


1) Add/revise the following definitions:

Issuance Time: The time at which a Certificate’s digital signature is calculated.

Short-Lived Certificate: A Certificate with a Validity Period less than 96 hours and a notBefore time no earlier than 24 hours before the Issuance Time and a notAfter time no later than 72 hours after the Issuance Time.

Validity Period: The period of time measured from notBefore through notAfter, inclusive. the date when the Certificate is issued until the Expiry Date.

2) Modify Section 4.9.10 as follows:

4.9.10. On‐line Revocation Checking Requirements

Effective 1 January 2013, the CA SHALL support an OCSP capability using the GET method for Certificates issued in accordance with these Requirements.

For the status of Subscriber Certificates other than a Short-Lived Certificate containing a cRLDistributionPoints extension: The CA SHALL update information provided via an Online Certificate Status Protocol at least every four days. OCSP responses from this service MUST have a maximum expiration time of ten days.

3) Modify Section as follows: Subscriber Certificate …

b. cRLDistributionPoints This extension MUST be present for Short-Lived Certificates that lack an authorityInformationAccess extension and MAY be present for all other certificates. If present, it MUST NOT be marked critical, and it MUST contain the HTTP URL of the CA’s CRL service. See Section 13.2.1 for details.

c. authorityInformationAccess With the exception of stapling and Short-Lived Certificates, which is noted below, this extension MUST be present. It MUST NOT be marked critical, and it MUST contain the HTTP URL of the Issuing CA’s OCSP responder (accessMethod = It SHOULD also contain the HTTP URL of the Issuing CA’s certificate (accessMethod =

The HTTP URL of the Issuing CA’s OCSP responder MAY be omitted for Short-Lived Certificates containing a cRLDistributionPoints extension or if Subscriber “staples” OCSP responses for the Certificate in its TLS handshakes [RFC4366].


The review period for this ballot shall commence at 27 October 2015, and will close at 3 November 2015. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 10 November 2015. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here:  <https://cabforum.org/members/> https://cabforum.org/members/

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.


Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 






Eddy Nigg, COO/CTO


StartCom Ltd. <http://www.startcom.org> 


startcom at startcom.org <xmpp:startcom at startcom.org> 


Join the Revolution! <http://blog.startcom.org> 


Follow Me <http://twitter.com/eddy_nigg> 



Sorumluluk Reddi

Bu e-posta mesaji ve onunla iletilen tum ekler gonderildigi kisi ya da kuruma ozel olup, gizli imtiyazli, ozel bilgiler icerebilecegi gibi gizlilik yukumlulugu de tasiyor olabilir. Bu mesajda ve ekindeki dosyalarda bulunan tum fikir ve gorusler sadece adres yazarina ait olup, TUBITAK / Kamu SM?nin resmi gorusunu yansitmaz. TUBITAK / Kamu SM bu e-posta icerigindeki bilgilerin kullanilmasi nedeniyle hic kimseye karsi sorumlu tutulamaz. Mesajin yetkili alicisi veya alicisina iletmekten sorumlu kisi degilseniz, mesaj icerigini ya da eklerini kullanmayiniz, kopyalamayiniz, yaymayiniz, baska kisilere yonlendirmeyiniz ve mesaji gonderen kisiyi derhal e-posta yoluyla haberdar ederek bu mesaji ve eklerini herhangi bir kopyasini muhafaza etmeksizin siliniz. Kurumumuz size, mesajin ve bilgilerinin degisiklige ugramamasi, butunlugunun ve gizliligin korunmasi konusunda garanti vermemekte olup, e-posta icerigine yetkisiz olarak yapilan mudahale, virus icermesi ve/veya bilgisayar sisteminiz
 e verebilecegi herhangi bir zarardan da sorumlu degildir. 



This e-mail message, including any attachments, is intended only for the use of the individual or entity to whom it is addressed and may contain confidential, privileged, private information as well as the exemption from disclosure. The information and views set out in this email are those of the author and do not necessarily reflect the official position of TUBITAK / Kamu SM. TUBITAK / Kamu SM shall have no liability to any person with regard to the use of the information contained in this message. If you are not the intended addressee(s) or responsible person to inform the addressee(s), you are hereby notified that; any use, dissemination, distribution, or copying of this message and attached files is strictly prohibited. Please notify the sender immediately by e-mail and delete this message and any attachments without retaining a copy. TUBITAK / Kamu SM do not warrant for the accuracy, completeness of the contents of this email and/or the preservation of confidentiality, a
 nd shall not be liable for the unauthorized changes made to this message, viruses and/or any damages caused in any way to your computer system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151105/a6859bb6/attachment-0003.html>

More information about the Public mailing list