[cabfpub] Short-Lived Certificate Ballot 153

Chema Lopez clopez at firmaprofesional.com
Thu Nov 5 16:27:20 UTC 2015 

Firmaprofesional votes NO.

[image: AC Firmaprofesional S.A.] <http://www.firmaprofesional.com/>




*Chema López GonzálezDirector Área de Proyectos AC Firmaprofesional S.A.*


Av. Torre Blanca, 57.
Edificio ESADECREAPOLIS - 1B13

08173 Sant Cugat del Vallès. Barcelona.
Tel: 93.477.42.45 / 666.429.224

El contenido de este mensaje y de sus anexos es confidencial. Si no es el
destinatario, le hacemos saber que está prohibido utilizarlo, divulgarlo
y/o copiarlo sin tener la autorización correspondiente. Si ha recibido este
mensaje por error, le agradeceríamos que lo haga saber inmediatamente al
remitente y que proceda a destruir el mensaje.

On 5 November 2015 at 06:05, Dimitris Zacharopoulos <jimmy at it.auth.gr>
wrote:

>
> HARICA abstains.
>
> Dimitris Zacharopoulos.
>
>
> On 26/10/2015 11:38 μμ, Jeremy Rowley wrote:
>
> Here’s the official Short-Lived Cert Ballot. The review period starts
> tomorrow. With the ballot starting on Nov 3.
>
> *Ballot 153 – Short-Lived Certificates*
>
> The following motion has been proposed by Jeremy Rowley of DigiCert and
> endorsed by Ryan Sleevi of Google and Gervase Markham of Mozilla.
>
> -- MOTION BEGINS --
>
> 1) Add/revise the following definitions:
>
> *Issuance Time: The time at which a Certificate’s digital signature is
> calculated.*
>
> *Short-Lived Certificate: A Certificate with a Validity Period less than
> 96 hours and a notBefore time no earlier than 24 hours before the Issuance
> Time and a notAfter time no later than 72 hours after the Issuance Time.*
>
> Validity Period: The period of time measured from *notBefore through
> notAfter, inclusive*. the date when the Certificate is issued until the
> Expiry Date.
>
> 2) Modify Section 4.9.10 as follows:
>
> 4.9.10. On‐line Revocation Checking Requirements
>
> Effective 1 January 2013, the CA SHALL support an OCSP capability using
> the GET method for Certificates issued in accordance with these
> Requirements.
>
> For the status of Subscriber Certificates *other than a Short-Lived
> Certificate containing a cRLDistributionPoints extension*: The CA SHALL
> update information provided via an Online Certificate Status Protocol at
> least every four days. OCSP responses from this service MUST have a maximum
> expiration time of ten days.
>
> 3) Modify Section 7.1.2.3 as follows:
>
> 7.1.2.3. Subscriber Certificate …
>
> b. cRLDistributionPoints This extension *MUST be present for Short-Lived
> Certificates that lack an authorityInformationAccess extension and* MAY
> be present for all other certificates. If present, it MUST NOT be marked
> critical, and it MUST contain the HTTP URL of the CA’s CRL service. See
> Section 13.2.1 for details.
>
> c. authorityInformationAccess With the exception of stapling *and
> Short-Lived Certificates*, which is noted below, this extension MUST be
> present. It MUST NOT be marked critical, and it MUST contain the HTTP URL
> of the Issuing CA’s OCSP responder (accessMethod = 1.3.6.1.5.5.7.48.1). It
> SHOULD also contain the HTTP URL of the Issuing CA’s certificate
> (accessMethod = 1.3.6.1.5.5.7.48.2).
>
> The HTTP URL of the Issuing CA’s OCSP responder MAY be omitted *for
> Short-Lived Certificates containing a cRLDistributionPoints extension or if*
>  Subscriber “staples” OCSP responses for the Certificate in its TLS
> handshakes [RFC4366].
>
> -- MOTION ENDS --
>
> The review period for this ballot shall commence at 27 October 2015, and
> will close at 3 November 2015. Unless the motion is withdrawn during the
> review period, the voting period will start immediately thereafter and will
> close at 10 November 2015. Votes must be cast by posting an on-list reply
> to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the response.
> A vote against must indicate a clear 'no' in the response. A vote to
> abstain must indicate a clear 'abstain' in the response. Unclear responses
> will not be counted. The latest vote received from any representative of a
> voting member before the close of the voting period will be counted. Voting
> members are listed here:  <https://cabforum.org/members/>
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes cast
> by members in the browser category must be in favor. Quorum is currently
> nine (9) members– at least nine members must participate in the ballot,
> either by voting in favor, voting against, or abstaining.
>
>
>
>
> _______________________________________________
> Public mailing listPublic at cabforum.orghttps://cabforum.org/mailman/listinfo/public
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151105/01f30b2e/attachment-0003.html>

More information about the Public mailing list