[cabfpub] Ballot 161 - Notification of incorrect issuance
Moudrick M. Dadashov
md at ssc.lt
Fri Feb 12 11:18:19 UTC 2016
Sorry for the typo, obviously CRLReason...
Thanks,
M.D.
On 2/12/2016 1:02 PM, Moudrick M. Dadashov wrote:
> SSC votes: "Abstain".
>
> In our opinion the intended goal of this ballot can be achieved by
> already existing "monitoring" methods, provided that
>
> "a CA issues a certificate in violation of these requirements" becomes one of the acceptable ReasonFlags (RFC 5280) values.
>
> Thanks,
> M.D.
>
> On 1/29/2016 10:31 AM, Sigbjørn Vik wrote:
>> Ballot 161 - Notification of incorrect issuance
>>
>> Based on extensive discussions in the forum, Sigbjørn Vik from Opera
>> proposes the following ballot, endorsed by Ryan Sleevi from Google and
>> Gervase Markham from Mozilla.
>>
>> -- MOTION BEGINS --
>>
>> The following text is added as a sub-section to section 2.2 of the
>> Baseline Requirements:
>>
>> 2.2.1 Notification of incorrect issuance
>>
>> In the event that a CA issues a certificate in violation of these
>> requirements, the CA SHALL publicly disclose a report within one week of
>> becoming aware of the violation. A link to the report SHALL
>> simultaneously be sent to incidents at cabforum.org.
>>
>> Effective 01-Jul-16, the CA SHALL in its Certificate Policy and/or
>> Certification Practice Statement announce where such reports will be
>> found. The location SHALL be as accessible as the CP/CPS.
>>
>> The report SHALL publicize details about what the error was, what caused
>> the error, time of issuance and discovery, and public certificates for
>> all issuer certificates in the trust chain.
>>
>> The report SHALL publicize the full public certificate, with the
>> following exception: For certificates issued prior to 01-Mar-16 the
>> report MAY truncate Subject Distinguished Name fields and subjectAltName
>> extension values to the registerable domain name.
>>
>> The report SHALL be made available to the CAs Qualified Auditor for the
>> next Audit Report.
>>
>> -- MOTION ENDS --
>>
>> The review period for this ballot shall commence at 2300 UTC on 29
>> January 2016, and will close at 2300 UTC on 5 February 2016. Unless the
>> motion is withdrawn during the review period, the voting period will
>> start immediately thereafter and will close at 2300 UTC on 12 February
>> 2016. Votes must be cast by posting an on-list reply to this thread.
>>
>> A vote in favor of the motion must indicate a clear 'yes' in the
>> response. A vote against must indicate a clear 'no' in the response. A
>> vote to abstain must indicate a clear 'abstain' in the response. Unclear
>> responses will not be counted. The latest vote received from any
>> representative of a voting member before the close of the voting period
>> will be counted. Voting members are listed here:
>> https://cabforum.org/members/
>>
>> In order for the motion to be adopted, two thirds or more of the votes
>> cast by members in the CA category and greater than 50% of the votes
>> cast by members in the browser category must be in favor. Quorum is
>> currently nine (9) members– at least nine members must participate in
>> the ballot, either by voting in favor, voting against, or abstaining.
>>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list