[cabfpub] Ballot 217: Sunset RFC 2527

Christopher Kemmerer chris at ssl.com
Mon Dec 18 18:53:49 UTC 2017


SSL.com votes YES.

csk


On 12/7/2017 10:52 AM, Ryan Sleevi via Public wrote:
> *Ballot 217: Sunset RFC 2527*
>
> Purpose of Ballot: The Baseline Requirements and Extended Validation 
> Guidelines require that CA's disclosures of the Certificate Policy 
> and/or Certification Practice Statements include all of the material 
> required by either RFC 2527 or RFC 3647 and structured in accordance 
> with RFC 2527 or RFC 3647.
>
> RFC 2527 is an obsolete RFC, published in 1999, and replaced by RFC 
> 3647 in 2003. This sunsets the use of RFC 2527, ensuring that CAs' 
> disclosures will follow a consistent pattern across the industry, 
> facilitating easier review by Subscribers, Browsers, and the broader 
> community. Based upon Member feedback, 6 months is provided for CAs to 
> review and update their CP/CPS documents.
>
> This motion aligns the language to be consistent between the BRs and 
> the EVGs. For the benefit of minimal changes, this aligns the existing 
> language through duplication, rather than attempting to incorporate 
> the BRs by reference.
>
> The following motion has been proposed by Ryan Sleevi of Google and 
> endorsed by Tim Hollebeek of DigiCert and Dimitris Zacharopoulos of 
> HARICA.
>
> *-- MOTION BEGINS --*
>
> This ballot modifies the "Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates" as follows, based upon 
> Version 1.5.1:
>
> In Section 2.2, replace the text:
> "The CA SHALL publicly disclose its Certificate Policy and/or 
> Certification Practice Statement through an appropriate and readily 
> accessible online means that is available on a 24x7 basis. The CA 
> SHALL publicly disclose its CA business practices to the extent 
> required by the CA's selected audit scheme (see Section 8.1). The 
> disclosures MUST include all the material required by RFC 2527 or RFC 
> 3647, and MUST be structured in accordance with either RFC 2527 or RFC 
> 3647. "
>
> with the following:
> "The CA SHALL publicly disclose its Certificate Policy and/or 
> Certification Practice Statement through an appropriate and readily 
> accessible online means that is available on a 24x7 basis. The CA 
> SHALL publicly disclose its CA business practices to the extent 
> required by the CA's selected audit scheme (see Section 8.1).
>
> Effective as of 31 May 2018, the Certificate Policy and/or 
> Certification Practice Statement MUST be structured in accordance with 
> RFC 3647. Prior to 31 May 2018, the Certificate Policy and/or 
> Certification Practice Statement MUST be structured in accordance with 
> either RFC 2527 or RFC 3647. The Certificate Policy and/or 
> Certification Practice Statement MUST include all material required by 
> RFC 3647 or, if structured as such, RFC 2527."
>
>
>
> This ballot modifies the "Guidelines for the Issuance and Management 
> of Extended Validation Certificates" as follows, based on Version 1.6.6:
>
> In Section 8.2.2, replace the text:
> "Each CA MUST publicly disclose their EV Policies through an 
> appropriate and readily accessible online means that is available on a 
> 24x7 basis.  The CA is also REQUIRED to publicly disclose its CA 
> business practices as required by WebTrust for CAs and ETSI TS 102 042 
> and ETSI EN 319 411-1. The disclosures MUST be structured in 
> accordance with either RFC 2527 or RFC 3647."
>
> With the following:
> "Each CA MUST publicly disclose its Certificate Policy and/or 
> Certification Practice Statement through an appropriate and readily 
> accessible online means that is available on a 24x7 basis. The CA 
> SHALL publicly disclose its CA business practices to the extent 
> required by the CA's selected audit scheme (see Section 17.1).
>
> Effective as of 31 May 2018, the CA's Certificate Policy and/or 
> Certification Practice Statement MUST be structured in accordance with 
> RFC 3647. Prior to 31 May 2018, the CA's Certificate Policy and/or 
> Certification Practice Statement MUST be structured in accordance with 
> either RFC 2527 or RFC 3647. The Certificate Policy and/or 
> Certification Practice Statement MUST include all material required by 
> RFC 3647 or, if structured as such, RFC 2527."
>
> *-- MOTION ENDS --*
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7 to 14 days)
> Start Time: 2017-12-07 22:00:00 UTC
> End Time: 2017-12-14 22:00:00 UTC
>
> Vote for approval (7 days)
> Start Time: 2017-12-14 22:00:00 UTC
> End Time: 2017-12-21 22:00:00 UTC
>
> Votes must be cast by posting an on-list reply to this thread on the 
> Public list. A vote in favor of the motion must indicate a clear 'yes' 
> in the response. A vote against must indicate a clear 'no' in the 
> response. A vote to abstain must indicate a clear 'abstain' in the 
> response. Unclear responses will not be counted. The latest vote 
> received from any representative of a voting member before the close 
> of the voting period will be counted. Voting members are listed here: 
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> shown on CA/Browser Forum wiki. Under Bylaw 2.2(g), at least the 
> required quorum number must participate in the ballot for the ballot 
> to be valid, either by voting in favor, voting against, or abstaining.
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-- 
Chris Kemmerer
Manager of Operations
SSL.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ To find the reefs, look~~~~~~~~
~~~~     for the wrecks.    ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171218/58d2028e/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3960 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171218/58d2028e/attachment-0003.p7s>


More information about the Public mailing list