[cabfpub] Ballot 173 - Removal of requirement to cease use of private key due to incorrect certificate info
Ben Wilson
ben.wilson at digicert.com
Tue Jul 26 17:10:12 UTC 2016
DigiCert votes "yes".
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Dean Coclin
Sent: Friday, July 22, 2016 6:28 PM
To: Josh Aas <josh at letsencrypt.org>; CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of private key due to incorrect certificate info
Thanks Josh. So for clarification for others voting, the revised ballot includes the 45 day effective date.
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Josh Aas
Sent: Friday, July 22, 2016 7:49 PM
To: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of private key due to incorrect certificate info
To clarify, my YES vote includes the 45-day waiting period before the changes take effect.
All votes from this point on should be for the ballot as originally proposed but with a 45 day waiting period before the changes take effect. Thanks.
On Fri, Jul 22, 2016 at 4:30 PM, Josh Aas <josh at letsencrypt.org> wrote:
> Let's Encrypt votes YES
>
> On Thu, Jul 14, 2016 at 9:17 AM, Josh Aas <josh at letsencrypt.org> wrote:
>> Ballot 173 - Removal of requirement to cease use of private key due
>> to incorrect certificate info
>>
>> The following motion has been proposed by Josh Aas of ISRG / Let's
>> Encrypt. Ben Wilson of Digicert and Chris Bailey of Entrust endorse.
>>
>> Background:
>>
>> BR Section 9.6.3 point 5 says:
>>
>> "Reporting and Revocation: An obligation and warranty to promptly
>> cease using a Certificate and its associated Private Key, and
>> promptly request the CA to revoke the Certificate, in the event that:
>> (a) any information in the Certificate is, or becomes, incorrect or
>> inaccurate, or (b) there is any actual or suspected misuse or
>> compromise of the Subscriber’s Private Key associated with the Public
>> Key included in the Certificate;"
>>
>> There is a problem here, which is that this requires a subscriber to
>> stop using a private key just because information in a certificate is
>> inaccurate or incorrect. People should stop using a cert with
>> inaccurate or incorrect information, but they shouldn't be required
>> to stop using a key pair unless there is known or suspected compromise.
>>
>> This is particularly problematic for HPKP.
>>
>> --Motion Begins--
>>
>> Effective upon the date of passage, the following modifications are
>> made to the Baseline Requirements:
>>
>> Change the following text in Section 9.6.3:
>> =======================
>> Reporting and Revocation: An obligation and warranty to promptly
>> cease using a Certificate and its associated Private Key, and
>> promptly request the CA to revoke the Certificate, in the event that:
>> (a) any information in the Certificate is, or becomes, incorrect or
>> inaccurate, or (b) there is any actual or suspected misuse or
>> compromise of the Subscriber’s Private Key associated with the Public
>> Key included in the Certificate; =======================
>>
>> To:
>> =======================
>> Reporting and Revocation: An obligation and warranty to: (a) promptly
>> request revocation of the Certificate, and cease using it and its
>> associated Private Key, if there is any actual or suspected misuse or
>> compromise of the Subscriber’s Private Key associated with the Public
>> Key included in the Certificate; and (b) promptly request revocation
>> of the Certificate, and cease using it, if any information in the
>> Certificate is or becomes incorrect or inaccurate.
>> =======================
>>
>> --Motion Ends--
>>
>> The review period for this ballot shall commence at 2200 UTC on 14
>> July 2016, and will close at 2200 UTC on 21 July 2016. Unless the
>> motion is withdrawn during the review period, the voting period will
>> start immediately thereafter and will close at 2200 UTC on 28 July
>> 2016. Votes must be cast by posting an on-list reply to this thread.
>>
>> A vote in favor of the motion must indicate a clear 'yes' in the
>> response. A vote against must indicate a clear 'no' in the response.
>> A vote to abstain must indicate a clear 'abstain' in the response.
>> Unclear responses will not be counted. The latest vote received from
>> any representative of a voting member before the close of the voting
>> period will be counted. Voting members are listed here:
>> https://cabforum.org/members/
>>
>> In order for the motion to be adopted, two thirds or more of the
>> votes cast by members in the CA category and greater than 50% of the
>> votes cast by members in the browser category must be in favor.
>> Quorum is currently ten (10) members– at least ten members must
>> participate in the ballot, either by voting in favor, voting against, or abstaining.
>>
>> --
>> Josh Aas
>> Executive Director
>> Internet Security Research Group
>> Let's Encrypt: A Free, Automated, and Open CA
>
>
>
> --
> Josh Aas
> Executive Director
> Internet Security Research Group
> Let's Encrypt: A Free, Automated, and Open CA
--
Josh Aas
Executive Director
Internet Security Research Group
Let's Encrypt: A Free, Automated, and Open CA _______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160726/0690f751/attachment-0001.p7s>
More information about the Public
mailing list