[Servercert-wg] . Voting Begins: Ballot SC24 V2: Fall Cleanup (Wayne Thayer)

Peter Miškovič Peter.Miskovic at disig.sk
Thu Nov 7 10:02:16 MST 2019 

Disig votes "Yes" on Ballot SC24 V2: Fall Cleanup.

Regards
Peter


-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of servercert-wg-request at cabforum.org
Sent: Tuesday, November 5, 2019 7:12 AM
To: servercert-wg at cabforum.org
Subject: Servercert-wg Digest, Vol 17, Issue 4

Send Servercert-wg mailing list submissions to
	servercert-wg at cabforum.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://cabforum.org/mailman/listinfo/servercert-wg
or, via email, send a message with subject or body 'help' to
	servercert-wg-request at cabforum.org

You can reach the person managing the list at
	servercert-wg-owner at cabforum.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of Servercert-wg digest..."


Today's Topics:

   1. Voting Begins: Ballot SC24 V2: Fall Cleanup (Wayne Thayer)
   2. Re: Voting Begins: Ballot SC24 V2: Fall Cleanup (Tim Hollebeek)


----------------------------------------------------------------------

Message: 1
Date: Mon, 4 Nov 2019 22:01:04 -0700
From: Wayne Thayer <wthayer at mozilla.com>
To: "CA/B Forum Server Certificate WG Public Discussion List"
	<servercert-wg at cabforum.org>
Subject: [Servercert-wg] Voting Begins: Ballot SC24 V2: Fall Cleanup
Message-ID:
	<CAJE6Z6d6TmkCFVvBoLjCgpx9T48-PmJu2j+w5yRJ-ER1SLCmEA at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Ballot SC24: Fall Cleanup v2

Purpose of Ballot:

This ballot proposes to correct a number of minor errata that have been discovered in the BRs and EVGLs. The specific list of changes and motivations is as follows:

To the BRs:

   -

   Remove overall ?1 July 2012? effective date for the BRs
   -

   Correct the authorized port descriptive label (http -> https)
   -

   Correct a few typos (contract -> contact, assigns -> assignees)
   -

   Clarify the Request Token should be documented in the CP/CPS (or a
   document referenced from the CP/CPS)
   -

   Move the construction examples of a Request Token to the definition of a
   Request Token
   -

   Remove the definition of Test Certificate, as it is no longer used in
   the BRs
   -

   Correct some of our acronyms
   -

   Remove effective dates that are in the past
   -

   Remove validation methods that are no longer permitted
   -

      Note: This also involves typographical changes to section 3.2.2.4;
      the sections were inconsistent in their use of boiler plate, and so this
      simply aligned the formatting and line spacing, since this ballot is for
      changes that are non-normative in impact
      -

   Correct some unnecessarily gendered language to be gender-neutral
   -

   Clarify that the usable OIDs in a certificatePolicies are what the CA
   documents, and not simply restricted to a CA's own OID arc.
   -

      This is to make it clear that it's fine to use the CABF-defined OIDs
      for DV/OV/IV/EV
      -

   Add the OID for organizationalUnitName, matching the rest of the
   Subscriber DN documentation
   -

   Clean up the algorithm requirements
   -

      Section 6.1.5 is rewritten to reflect what is permitted. This is
      especially important to clarify the requirements are about when it's
      issued, and not simply the validity period expressed in the certificate.
      -

      Section 7.1.3 is partially rewritten. The MUST NOT is still kept,
      even though Section 6.1.5 clearly omits it, in order to avoid any ambiguity.
      -

      It also removes the now-expired grandfathering for OCSP responders.
      -

   Referring to ?RFC5280? vs ?RFC 5280?

To the EVGs:

   -

   Unify the references to BRs to consistently say Baseline Requirements



The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Ryan Sleevi of Google and Jacob Hoffman-Andrews of Let?s Encrypt.


-- MOTION BEGINS --

This ballot modifies the ?Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates? as defined in the following redline, based on Version 1.6.6:

https://github.com/cabforum/documents/compare/master@%7B10-25-19%7D...sleevi:2019-07-Cleanups@%7B10-25-19%7D

This ballot modifies the ?Guidelines for the Issuance and Management of Extended Validation Certificates? as defined in the following redline, based on Version 1.7.0:

https://github.com/cabforum/documents/compare/master@%7B10-25-19%7D...sleevi:2019-07-Cleanups@%7B10-25-19%7D

-- MOTION ENDS --

This ballot proposes Final Maintenance Guidelines.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 21-October 2019 18:00 UTC

End Time: 05-November 2019 05:00 UTC


Vote for approval (7 days)

Start Time: 05-November 2019 05:00 UTC

End Time: 12-November 2019 05:00 UTC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191104/eb270aaa/attachment-0001.html>

------------------------------

Message: 2
Date: Tue, 5 Nov 2019 06:12:18 +0000
From: Tim Hollebeek <tim.hollebeek at digicert.com>
To: Wayne Thayer <wthayer at mozilla.com>, CA/B Forum Server Certificate
	WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Voting Begins: Ballot SC24 V2: Fall
	Cleanup
Message-ID:
	<MWHPR14MB1456C74190FD1C5A599FD56D837E0 at MWHPR14MB1456.namprd14.prod.outlook.com>
	
Content-Type: text/plain; charset="utf-8"

DigiCert votes YES on Ballot SC24 version 2.

 

Thanks to those who helped put this together.

 

-Tim

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Wayne Thayer via Servercert-wg
Sent: Tuesday, November 5, 2019 1:01 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Voting Begins: Ballot SC24 V2: Fall Cleanup

 

Ballot SC24: Fall Cleanup v2

 

Purpose of Ballot:

 

This ballot proposes to correct a number of minor errata that have been discovered in the BRs and EVGLs. The specific list of changes and motivations is as follows:

 

To the BRs:

*	Remove overall ?1 July 2012? effective date for the BRs
*	Correct the authorized port descriptive label (http -> https)
*	Correct a few typos (contract -> contact, assigns -> assignees)
*	Clarify the Request Token should be documented in the CP/CPS (or a document referenced from the CP/CPS)
*	Move the construction examples of a Request Token to the definition of a Request Token
*	Remove the definition of Test Certificate, as it is no longer used in the BRs
*	Correct some of our acronyms
*	Remove effective dates that are in the past
*	Remove validation methods that are no longer permitted

*	Note: This also involves typographical changes to section 3.2.2.4; the sections were inconsistent in their use of boiler plate, and so this simply aligned the formatting and line spacing, since this ballot is for changes that are non-normative in impact

*	Correct some unnecessarily gendered language to be gender-neutral
*	Clarify that the usable OIDs in a certificatePolicies are what the CA documents, and not simply restricted to a CA's own OID arc.

*	This is to make it clear that it's fine to use the CABF-defined OIDs for DV/OV/IV/EV

*	Add the OID for organizationalUnitName, matching the rest of the Subscriber DN documentation
*	Clean up the algorithm requirements

*	Section 6.1.5 is rewritten to reflect what is permitted. This is especially important to clarify the requirements are about when it's issued, and not simply the validity period expressed in the certificate.
*	Section 7.1.3 is partially rewritten. The MUST NOT is still kept, even though Section 6.1.5 clearly omits it, in order to avoid any ambiguity.
*	It also removes the now-expired grandfathering for OCSP responders.

*	Referring to ?RFC5280? vs ?RFC 5280?

To the EVGs:

*	Unify the references to BRs to consistently say Baseline Requirements

 

The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Ryan Sleevi of Google and Jacob Hoffman-Andrews of Let?s Encrypt.

 

-- MOTION BEGINS --

 

This ballot modifies the ?Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates? as defined in the following redline, based on Version 1.6.6:

 

https://github.com/cabforum/documents/compare/master@%7B10-25-19%7D...sleevi:2019-07-Cleanups@%7B10-25-19%7D

 

This ballot modifies the ?Guidelines for the Issuance and Management of Extended Validation Certificates? as defined in the following redline, based on Version 1.7.0:

 

https://github.com/cabforum/documents/compare/master@%7B10-25-19%7D...sleevi:2019-07-Cleanups@%7B10-25-19%7D

 

-- MOTION ENDS --

 

This ballot proposes Final Maintenance Guidelines.

 

The procedure for approval of this ballot is as follows:

 

Discussion (7+ days)

 

Start Time: 21-October 2019 18:00 UTC

 

End Time: 05-November 2019 05:00 UTC

 

Vote for approval (7 days)

 

Start Time: 05-November 2019 05:00 UTC

 

End Time: 12-November 2019 05:00 UTC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191105/310ba065/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191105/310ba065/attachment.p7s>

------------------------------

Subject: Digest Footer

_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
http://cabforum.org/mailman/listinfo/servercert-wg


------------------------------

End of Servercert-wg Digest, Vol 17, Issue 4
********************************************

More information about the Servercert-wg mailing list