[Servercert-wg] Voting Begins: Ballot SC24 V2: Fall Cleanup

Tamer ERGUN tamer.ergun at kamusm.gov.tr
Mon Nov 11 23:42:55 MST 2019


Kamu SM votes YES on Ballot SC24 v2.




Dr. Tamer ERGUN

Head of E-Signature Technologies Department 



Çamlıca Mahallesi 408. Cadde No: 136

C Blok 5. Kat Yenimahalle/Ankara


www.tubitak.gov.tr <http://www.tubitak.gov.tr/> 

 <mailto:tamer.ergun at kamusm.gov.tr> tamer.ergun at kamusm.gov.tr




From: Servercert-wg <servercert-wg-bounces at cabforum.org <mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Wayne Thayer via Servercert-wg
Sent: tirsdag 5. november 2019 06:01
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: [Servercert-wg] Voting Begins: Ballot SC24 V2: Fall Cleanup


Ballot SC24: Fall Cleanup v2


Purpose of Ballot:


This ballot proposes to correct a number of minor errata that have been discovered in the BRs and EVGLs. The specific list of changes and motivations is as follows:


To the BRs:

*         Remove overall ‘1 July 2012’ effective date for the BRs

*         Correct the authorized port descriptive label (http -> https)

*         Correct a few typos (contract -> contact, assigns -> assignees)

*         Clarify the Request Token should be documented in the CP/CPS (or a document referenced from the CP/CPS)

*         Move the construction examples of a Request Token to the definition of a Request Token

*         Remove the definition of Test Certificate, as it is no longer used in the BRs

*         Correct some of our acronyms

*         Remove effective dates that are in the past

*         Remove validation methods that are no longer permitted

o    Note: This also involves typographical changes to section; the sections were inconsistent in their use of boiler plate, and so this simply aligned the formatting and line spacing, since this ballot is for changes that are non-normative in impact

*         Correct some unnecessarily gendered language to be gender-neutral

*         Clarify that the usable OIDs in a certificatePolicies are what the CA documents, and not simply restricted to a CA's own OID arc.

o    This is to make it clear that it's fine to use the CABF-defined OIDs for DV/OV/IV/EV

*         Add the OID for organizationalUnitName, matching the rest of the Subscriber DN documentation

*         Clean up the algorithm requirements

o    Section 6.1.5 is rewritten to reflect what is permitted. This is especially important to clarify the requirements are about when it's issued, and not simply the validity period expressed in the certificate.

o    Section 7.1.3 is partially rewritten. The MUST NOT is still kept, even though Section 6.1.5 clearly omits it, in order to avoid any ambiguity.

o    It also removes the now-expired grandfathering for OCSP responders.

*         Referring to “RFC5280” vs “RFC 5280”

To the EVGs:

*         Unify the references to BRs to consistently say Baseline Requirements


The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Ryan Sleevi of Google and Jacob Hoffman-Andrews of Let’s Encrypt.




This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as defined in the following redline, based on Version 1.6.6:




This ballot modifies the “Guidelines for the Issuance and Management of Extended Validation Certificates” as defined in the following redline, based on Version 1.7.0:






This ballot proposes Final Maintenance Guidelines.


The procedure for approval of this ballot is as follows:


Discussion (7+ days)


Start Time: 21-October 2019 18:00 UTC


End Time: 05-November 2019 05:00 UTC


Vote for approval (7 days)


Start Time: 05-November 2019 05:00 UTC


End Time: 12-November 2019 05:00 UTC

Sorumluluk Reddi

Bu e-posta mesaji ve onunla iletilen tum ekler gonderildigi kisi ya da kuruma ozel olup, gizli imtiyazli, ozel bilgiler icerebilecegi gibi gizlilik yukumlulugu de tasiyor olabilir. Bu mesajda ve ekindeki dosyalarda bulunan tum fikir ve gorusler sadece adres yazarina ait olup, TUBITAK / Kamu SM?nin resmi gorusunu yansitmaz. TUBITAK / Kamu SM bu e-posta icerigindeki bilgilerin kullanilmasi nedeniyle hic kimseye karsi sorumlu tutulamaz. Mesajin yetkili alicisi veya alicisina iletmekten sorumlu kisi degilseniz, mesaj icerigini ya da eklerini kullanmayiniz, kopyalamayiniz, yaymayiniz, baska kisilere yonlendirmeyiniz ve mesaji gonderen kisiyi derhal e-posta yoluyla haberdar ederek bu mesaji ve eklerini herhangi bir kopyasini muhafaza etmeksizin siliniz. Kurumumuz size, mesajin ve bilgilerinin degisiklige ugramamasi, butunlugunun ve gizliligin korunmasi konusunda garanti vermemekte olup, e-posta icerigine yetkisiz olarak yapilan mudahale, virus icermesi ve/veya bilgisayar sisteminize verebilecegi herhangi bir zarardan da sorumlu degildir. 


This e-mail message, including any attachments, is intended only for the use of the individual or entity to whom it is addressed and may contain confidential, privileged, private information as well as the exemption from disclosure. The information and views set out in this email are those of the author and do not necessarily reflect the official position of TUBITAK / Kamu SM. TUBITAK / Kamu SM shall have no liability to any person with regard to the use of the information contained in this message. If you are not the intended addressee(s) or responsible person to inform the addressee(s), you are hereby notified that; any use, dissemination, distribution, or copying of this message and attached files is strictly prohibited. Please notify the sender immediately by e-mail and delete this message and any attachments without retaining a copy. TUBITAK / Kamu SM do not warrant for the accuracy, completeness of the contents of this email and/or the preservation of confidentiality, and shall not be liable for the unauthorized changes made to this message, viruses and/or any damages caused in any way to your computer system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191112/87166839/attachment-0001.html>

More information about the Servercert-wg mailing list