[cabfpub] Ballot 159 - Amend Section 4 of Baseline Requirements

Ben Wilson ben.wilson at digicert.com
Tue Jan 5 16:02:32 UTC 2016


It should have said:

"3) In Section 4.5.1 of the Baseline Requirements, add "Subscribers SHALL comply with subsections 2. and 4.  of Section 9.6.3."

Those two subsections are in the Subscriber Agreement requirements.  Subsection 2.  says, "Protection of Private Key:  An obligation and warranty by the Applicant to take all reasonable measures to maintain sole control of, keep confidential, and properly protect at all times the Private Key that corresponds to the Public Key to be included in the requested Certificate(s) (and any associated activation data or device, e.g. password or token);"  Subsection 4. says, "Use of  Certificate:  An obligation and warranty to install the Certificate only on servers that are accessible at the subjectAltName(s) listed in the Certificate, and to use the Certificate solely in compliance with all applicable laws and solely in accordance with the Subscriber or Terms of Use Agreement;"




From: Rick Andrews [mailto:Rick_Andrews at symantec.com]
Sent: Monday, January 4, 2016 6:45 PM
To: Ben Wilson <ben.wilson at digicert.com>; CABFPub <public at cabforum.org>
Subject: RE: Ballot 159 - Amend Section 4 of Baseline Requirements

Ben,

"3) In Section 4.5.1 of the Baseline Requirements, add "Subscribers SHALL comply with Sections 4.9.3(2) and 4.9.3(4)."" I don't see (2) and (4) in 4.9.3. Is that the right Section number?

-Rick

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Monday, January 04, 2016 8:04 AM
To: CABFPub
Subject: [cabfpub] Ballot 159 - Amend Section 4 of Baseline Requirements

Ballot 159 - Amend Section 4 of Baseline Requirements

The Policy Review Working Group has reviewed Section 4 of the Baseline Requirements and, as a result, suggests that certain changes be made.  Based on the lack of urgency for these changes and other considerations, the Working Group recommends that, if any compliance is required, Certification Authorities be given until January 1, 2017 before they are required to comply.  Therefore, the following motion has been proposed by Ben Wilson of DigiCert and endorsed by  Tim Hollebeek of Trustwave and Kirk Hall of TrendMicro:

-- MOTION BEGINS --

Effective immediately

1) In Sections 4.2.3, 4.3.2, 4.4.1, 4.4.2, 4.4.3, 4.5.2, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.6.7., 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.8.7, 4.9.4, 4.9.8,  4.10.3, 4.11, and 4.12.1 of the Baseline Requirements, add "No stipulation."

2) In Sections 4.9.14, 4.9.15, 4.9.16, and 4.12.2 of the Baseline Requirements, add "Not applicable."

3) In Section 4.5.1 of the Baseline Requirements, add "Subscribers SHALL comply with Sections 4.9.3(2) and 4.9.3(4)."

4) In Section 4.9.2 of the Baseline Requirements, add "The Subscriber can initiate revocation. Other parties who can request revocation include: the general public,
the press/news media, or an Application Software Provider.
See also Section 3.4."

5) In Section 4.9.6 of the Baseline Requirements, add "No stipulation.
(Note: Following certificate issuance, a certificate may be revoked for reasons stated in Section 4.9.1.
Therefore, relying parties should check the revocation status of all certificates that contain a CDP or OCSP
pointer.)"

To review these proposed changes in the Baseline Requirements, see the attached PDF document titled, "Ballot- 159 Redlining of Section 4 of BRs" .

-- MOTION ENDS --

The review period for this ballot shall commence at 2200 UTC on 4 January 2016, and will close at 2200 UTC on 11 January 2016. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on 18 January 2016. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members- at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160105/d9c7cf88/attachment-0003.html>


More information about the Public mailing list