[cabfpub] Ballot 217: Sunset RFC 2527
Christopher Kemmerer
chris at ssl.com
Mon Dec 18 18:53:49 UTC 2017
SSL.com votes YES.
csk
On 12/7/2017 10:52 AM, Ryan Sleevi via Public wrote:
> *Ballot 217: Sunset RFC 2527*
>
> Purpose of Ballot: The Baseline Requirements and Extended Validation
> Guidelines require that CA's disclosures of the Certificate Policy
> and/or Certification Practice Statements include all of the material
> required by either RFC 2527 or RFC 3647 and structured in accordance
> with RFC 2527 or RFC 3647.
>
> RFC 2527 is an obsolete RFC, published in 1999, and replaced by RFC
> 3647 in 2003. This sunsets the use of RFC 2527, ensuring that CAs'
> disclosures will follow a consistent pattern across the industry,
> facilitating easier review by Subscribers, Browsers, and the broader
> community. Based upon Member feedback, 6 months is provided for CAs to
> review and update their CP/CPS documents.
>
> This motion aligns the language to be consistent between the BRs and
> the EVGs. For the benefit of minimal changes, this aligns the existing
> language through duplication, rather than attempting to incorporate
> the BRs by reference.
>
> The following motion has been proposed by Ryan Sleevi of Google and
> endorsed by Tim Hollebeek of DigiCert and Dimitris Zacharopoulos of
> HARICA.
>
> *-- MOTION BEGINS --*
>
> This ballot modifies the "Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates" as follows, based upon
> Version 1.5.1:
>
> In Section 2.2, replace the text:
> "The CA SHALL publicly disclose its Certificate Policy and/or
> Certification Practice Statement through an appropriate and readily
> accessible online means that is available on a 24x7 basis. The CA
> SHALL publicly disclose its CA business practices to the extent
> required by the CA's selected audit scheme (see Section 8.1). The
> disclosures MUST include all the material required by RFC 2527 or RFC
> 3647, and MUST be structured in accordance with either RFC 2527 or RFC
> 3647. "
>
> with the following:
> "The CA SHALL publicly disclose its Certificate Policy and/or
> Certification Practice Statement through an appropriate and readily
> accessible online means that is available on a 24x7 basis. The CA
> SHALL publicly disclose its CA business practices to the extent
> required by the CA's selected audit scheme (see Section 8.1).
>
> Effective as of 31 May 2018, the Certificate Policy and/or
> Certification Practice Statement MUST be structured in accordance with
> RFC 3647. Prior to 31 May 2018, the Certificate Policy and/or
> Certification Practice Statement MUST be structured in accordance with
> either RFC 2527 or RFC 3647. The Certificate Policy and/or
> Certification Practice Statement MUST include all material required by
> RFC 3647 or, if structured as such, RFC 2527."
>
>
>
> This ballot modifies the "Guidelines for the Issuance and Management
> of Extended Validation Certificates" as follows, based on Version 1.6.6:
>
> In Section 8.2.2, replace the text:
> "Each CA MUST publicly disclose their EV Policies through an
> appropriate and readily accessible online means that is available on a
> 24x7 basis. The CA is also REQUIRED to publicly disclose its CA
> business practices as required by WebTrust for CAs and ETSI TS 102 042
> and ETSI EN 319 411-1. The disclosures MUST be structured in
> accordance with either RFC 2527 or RFC 3647."
>
> With the following:
> "Each CA MUST publicly disclose its Certificate Policy and/or
> Certification Practice Statement through an appropriate and readily
> accessible online means that is available on a 24x7 basis. The CA
> SHALL publicly disclose its CA business practices to the extent
> required by the CA's selected audit scheme (see Section 17.1).
>
> Effective as of 31 May 2018, the CA's Certificate Policy and/or
> Certification Practice Statement MUST be structured in accordance with
> RFC 3647. Prior to 31 May 2018, the CA's Certificate Policy and/or
> Certification Practice Statement MUST be structured in accordance with
> either RFC 2527 or RFC 3647. The Certificate Policy and/or
> Certification Practice Statement MUST include all material required by
> RFC 3647 or, if structured as such, RFC 2527."
>
> *-- MOTION ENDS --*
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7 to 14 days)
> Start Time: 2017-12-07 22:00:00 UTC
> End Time: 2017-12-14 22:00:00 UTC
>
> Vote for approval (7 days)
> Start Time: 2017-12-14 22:00:00 UTC
> End Time: 2017-12-21 22:00:00 UTC
>
> Votes must be cast by posting an on-list reply to this thread on the
> Public list. A vote in favor of the motion must indicate a clear 'yes'
> in the response. A vote against must indicate a clear 'no' in the
> response. A vote to abstain must indicate a clear 'abstain' in the
> response. Unclear responses will not be counted. The latest vote
> received from any representative of a voting member before the close
> of the voting period will be counted. Voting members are listed here:
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes
> cast by members in the browser category must be in favor. Quorum is
> shown on CA/Browser Forum wiki. Under Bylaw 2.2(g), at least the
> required quorum number must participate in the ballot for the ballot
> to be valid, either by voting in favor, voting against, or abstaining.
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
--
Chris Kemmerer
Manager of Operations
SSL.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ To find the reefs, look~~~~~~~~
~~~~ for the wrecks. ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171218/58d2028e/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3960 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171218/58d2028e/attachment-0003.p7s>
More information about the Public
mailing list