[cabfpub] Ballot 161 - Notification of incorrect issuance
Moudrick M. Dadashov
md at ssc.lt
Fri Feb 12 11:02:16 UTC 2016
SSC votes: "Abstain".
In our opinion the intended goal of this ballot can be achieved by
already existing "monitoring" methods, provided that
"a CA issues a certificate in violation of these requirements" becomes one of the acceptable ReasonFlags (RFC 5280) values.
On 1/29/2016 10:31 AM, Sigbjørn Vik wrote:
> Ballot 161 - Notification of incorrect issuance
> Based on extensive discussions in the forum, Sigbjørn Vik from Opera
> proposes the following ballot, endorsed by Ryan Sleevi from Google and
> Gervase Markham from Mozilla.
> -- MOTION BEGINS --
> The following text is added as a sub-section to section 2.2 of the
> Baseline Requirements:
> 2.2.1 Notification of incorrect issuance
> In the event that a CA issues a certificate in violation of these
> requirements, the CA SHALL publicly disclose a report within one week of
> becoming aware of the violation. A link to the report SHALL
> simultaneously be sent to incidents at cabforum.org.
> Effective 01-Jul-16, the CA SHALL in its Certificate Policy and/or
> Certification Practice Statement announce where such reports will be
> found. The location SHALL be as accessible as the CP/CPS.
> The report SHALL publicize details about what the error was, what caused
> the error, time of issuance and discovery, and public certificates for
> all issuer certificates in the trust chain.
> The report SHALL publicize the full public certificate, with the
> following exception: For certificates issued prior to 01-Mar-16 the
> report MAY truncate Subject Distinguished Name fields and subjectAltName
> extension values to the registerable domain name.
> The report SHALL be made available to the CAs Qualified Auditor for the
> next Audit Report.
> -- MOTION ENDS --
> The review period for this ballot shall commence at 2300 UTC on 29
> January 2016, and will close at 2300 UTC on 5 February 2016. Unless the
> motion is withdrawn during the review period, the voting period will
> start immediately thereafter and will close at 2300 UTC on 12 February
> 2016. Votes must be cast by posting an on-list reply to this thread.
> A vote in favor of the motion must indicate a clear 'yes' in the
> response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response. Unclear
> responses will not be counted. The latest vote received from any
> representative of a voting member before the close of the voting period
> will be counted. Voting members are listed here:
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes
> cast by members in the browser category must be in favor. Quorum is
> currently nine (9) members– at least nine members must participate in
> the ballot, either by voting in favor, voting against, or abstaining.
More information about the Public