[Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension

Wayne Thayer wthayer at mozilla.com
Wed Aug 29 10:19:22 MST 2018


On Wed, Aug 29, 2018 at 9:05 AM Ryan Sleevi <sleevi at google.com> wrote:

>
>
> On Wed, Aug 29, 2018 at 11:53 AM Wayne Thayer <wthayer at mozilla.com> wrote:
>
>> On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton <
>> Bruce.Morton at entrustdatacard.com> wrote:
>>
>>> Works for me.
>>>
>>> Bruce.
>>>
>>> On Aug 29, 2018, at 10:29 AM, Ryan Sleevi <sleevi at google.com> wrote:
>>>
>>> Just to confirm: Your concern is about the CA feeling that the evidence
>>> does not meet any of the requirements to revoke, and wanting it to be clear
>>> that that is a valid outcome of a problem report, correct?
>>>
>>> The problem with the suggested wording (and perhaps implicit in the
>>> existing wording) is that it suggests that the period to "work with the
>>> Subscriber and any entity" is unbounded, and once a determination is made,
>>> then it must be within the bounds of 4.9.1.1's time period. That is, say,
>>> 24 hours + as much "work with" time as you want. This is because the
>>> modified wording seemingly attaches the "which MUST not" to the date in
>>> which the CA will revoke, rather than the overall process.
>>>
>>> The CA SHALL work with the Subscriber and any entity reporting the
>>> Certificate Problem Report or other revocation-related notice to establish
>>> whether or not the certificate will be revoked, and if so, a date which the
>>> CA will revoke the certificate. The period from report to published
>>> revocation MUST NOT exceed the time frame set forth in Section 4.9.1.1.
>>>
>>> >
>> Does "report" here mean the preliminary report on its findings, or the
>> Certificate Problem Report? I am happy to accept this change once that is
>> clarified.
>>
>
> I was thinking about that on the drive in today :)
>
> "The period from receipt of report or notice to published revocation" ?
>

I made it a bit more specific:
https://github.com/wthayer/documents/commit/570a80cc59cf8beb1b93ff817188f317ac2824c5

The full set of proposed changes is still at
https://github.com/cabforum/documents/compare/master...wthayer:patch-1

Looking to the current v1.9 of the bylaws for guidance, it appears that the
change to the discussion period approved in ballot 216 [1] was never
incorporated. The current bylaws state "The discussion period then shall
take place for at least seven but no more than 14 calendar days before
votes are cast. The proposer of the ballot will designate the length of the
discussion period, and each ballot shall clearly state the start and end
dates and times (including time zone) for both the discussion period and
the voting period." Based on this, I plan to redo this ballot.

I'm assuming that the omission of the ballot 216 language in the new bylaws
was a mistake. I'll plan to submit a ballot to fix that.

[1]
https://cabforum.org/2017/12/21/ballot-216-update-discussion-period-process/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20180829/6a9cd661/attachment-0001.html>


More information about the Servercert-wg mailing list