[Servercert-wg] . Vote Results on Ballot SC24 - Fall Cleanup V2 (Wayne Thayer)
Peter Miškovič
Peter.Miskovic at disig.sk
Wed Nov 13 01:08:16 MST 2019
Hi Wayne,
Disig also voted for the Ballot SC24 on November 7, 2019 (Servercert-wg Digest, Vol 17, Issue 29, Message 2), but I do not see our vote in the voting results.
Regards
Peter
-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of servercert-wg-request at cabforum.org
Sent: Wednesday, November 13, 2019 4:19 AM
To: servercert-wg at cabforum.org
Subject: Servercert-wg Digest, Vol 17, Issue 48
Send Servercert-wg mailing list submissions to
servercert-wg at cabforum.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cabforum.org/mailman/listinfo/servercert-wg
or, via email, send a message with subject or body 'help' to
servercert-wg-request at cabforum.org
You can reach the person managing the list at
servercert-wg-owner at cabforum.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Servercert-wg digest..."
Today's Topics:
1. Re: Voting Begins: Ballot SC23 V3: Precertificates
(Jacob Hoffman-Andrews)
2
3. ??: Voting Begins: Ballot SC23 V3: Precertificates (???)
----------------------------------------------------------------------
Message: 1
Date: Tue, 12 Nov 2019 11:11:38 -0800
From: Jacob Hoffman-Andrews <jsha at letsencrypt.org>
To: Wayne Thayer <wthayer at mozilla.com>, "CA/B Forum Server
Certificate WG Public Discussion List" <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Voting Begins: Ballot SC23 V3:
Precertificates
Message-ID:
<CAN3x4QnBoa1SNrNHQdpZ8+CUHOqCPawpi9cr4-UzwRuhnYQezg at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Let's Encrypt votes YES on ballot SC23 V3.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191112/69c24bf4/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 12 Nov 2019 17:10:22 -0700
From: Wayne Thayer <wthayer at mozilla.com>
To: "CA/B Forum Server Certificate WG Public Discussion List"
<servercert-wg at cabforum.org>
Subject: [Servercert-wg] Vote Results on Ballot SC24 - Fall Cleanup V2
Message-ID:
<CAJE6Z6cVL2TU0Lh21LR6h5oRf0B1_9C3Si-9d9BzHN8PsLTmPw at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
The voting period for Ballot SC24 has ended and the *Ballot has Passed*.
Here are the results:
*Voting by Certificate Issuers ? 22 votes total including abstentions*
- *22 Yes votes:* Actalis, Amazon, Buypass, Camerfirma, Certum (Asseco),
Chunghwa Telecom, D-TRUST, DarkMatter, DigiCert, Entrust Datacard,
Firmaprofesional, GDCA, GlobalSign, GoDaddy, HARICA, Izenpe, Kamu SM, Let's
Encrypt, SSL.com, TrustCor, SecureTrust (former Trustwave), TurkTrust
- *0 No votes:*
- *0 Abstain:*
100% of voting Certificate Issuers voted in favor.
*Voting by Certificate Consumers ? 4 votes total including abstentions*
- *4 Yes votes:* Apple, Cisco, Microsoft, Mozilla
- *0 No votes:*
- *0 Abstain: *
100% of voting Certificate Consumers voted in favor
*Relevant Bylaw references *
Bylaw 2.3(6) requires:
a "yes" vote by two-thirds of Certificate Issuer votes and 50%-plus-one Certificate Consumer votes for approval. Votes to abstain are not counted for this purpose. This requirement was met for both Certificate Issuers and Certificate Consumers.
at least one Certificate Issuer and one Certificate Consumer Member must vote in favor of a ballot for the ballot to be adopted. This requirement was also met.
Under Bylaw 2.3(7), "a ballot result will be considered valid only when more than half of the number of currently active Members has participated".
Votes to abstain are counted in determining a quorum.
20 member companies attended the last teleconference, and quorum was updated accordingly. Half of currently active Members as of the start of voting was *10*, so quorum was* 11 votes* ?* quorum was met*.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191112/d40614c8/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 13 Nov 2019 11:18:55 +0800
From: ??? <bixinlong at cfca.com.cn>
To: "'Wayne Thayer'" <wthayer at mozilla.com>, "'CA/B Forum Server
Certificate WG Public Discussion List'" <servercert-wg at cabforum.org>
Subject: [Servercert-wg] ??: Voting Begins: Ballot SC23 V3:
Precertificates
Message-ID: <000b01d599d1$14f31ff0$3ed95fd0$@cfca.com.cn>
Content-Type: text/plain; charset="utf-8"
CFCA votes YES on Ballot SC23 V3
Thanks,
Oliver Bi
???: servercert-wg-bounces at cabforum.org [mailto:servercert-wg-bounces at cabforum.org] ?? Wayne Thayer via Servercert-wg
????: 2019?11?7? 11:02
???: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
??: [Servercert-wg] Voting Begins: Ballot SC23 V3: Precertificates
Purpose of Ballot:
This ballot intends to clarify requirements placed on Precertificates in BR section 4.9.10.
During a lengthy discussion on the mozilla.dev.security.policy forum [1], it was discovered that BR section 4.9.10 combined with BR section 7.1.2.5 prevents a CA from responding ?good? for a precertificate. This is a problem because there is no guarantee that a certificate corresponding to a Precertificate has not been issued, resulting in root store policies such as [2] that require CAs to treat the existence of a Precertificate as a presumption that a corresponding certificate has been issued and thus that a valid OCSP response is required.
This ballot intends to resolve the problem by clarifying in the BRs that a CA may provide revocation information for the serial number contained in a Precertificate.
[1] <https://groups.google.com/d/msg/mozilla.dev.security.policy/LC_y8yPDI9Q/NbOmVB77AQAJ> https://groups.google.com/d/msg/mozilla.dev.security.policy/LC_y8yPDI9Q/NbOmVB77AQAJ
[2] <https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Precertificates> https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Precertificates
The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Jeremy Rowley of DigiCert and Rob Stradling of Sectigo.
-- MOTION BEGINS --
This ballot modifies the ?Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates? as follows, based on Version 1.6.6, or based on Version 1.6.6 as modified by ballot SC24:
ADD a reference to section 1.6.3 of the Baseline Requirements as defined in the following redline:
https://github.com/cabforum/documents/compare/master@%7B10-23-19%7D...sleevi:2019-10-OCSP
REPLACE section 4.9.10 of the Baseline Requirements in its entirety as defined in the following redline:
https://github.com/cabforum/documents/compare/master@%7B10-23-19%7D...sleevi:2019-10-OCSP
-- MOTION ENDS --
This ballot proposes a Final Maintenance Guideline.
The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time: 3-October 2019 18:00 UTC
End Time: 07-November 2019 03:00 UTC
Vote for approval (7 days)
Start Time: 07-November 2019 03:00 UTC
End Time: 14-November 2019 03:00 UTC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191113/cdcdf804/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
http://cabforum.org/mailman/listinfo/servercert-wg
------------------------------
End of Servercert-wg Digest, Vol 17, Issue 48
*********************************************
More information about the Servercert-wg
mailing list