[Servercert-wg] Draft Ballot for Cleanups

Jacob Hoffman-Andrews jsha at letsencrypt.org
Thu Oct 17 16:59:00 MST 2019


I'm working my way through the diffs, and overall this looks great. Thanks
for putting it together. I do notice there's one important Effective Date
that's in the past but you haven't removed: 1 July 2012, the overall
effective date of the BRs. Is there any reason not to remove this one as
well?

There are also some effective dates in 6.1.5. Key Sizes, such as "Validity
period ending on or before 31 Dec 2013 / Validity period ending after 31
Dec 2013" (for Subscriber certificates). I think we can get rid of that one
(but not necessarily the ones for Root CA Certificates and Subordinate CA
Certificates, because those can have very long lifetimes).

In the same vein, 4.2.2. Approval or Rejection of Certificate Applications
has a long section that starts with: "CAs SHOULD NOT issue Certificates
containing a new gTLD under consideration by ICANN." I believe this whole
section is irrelevant since 2015, because gTLDs that don't yet exist are
"Internal Names" (i.e. not rooted in the global DNS), and are forbidden for
that reason. We can remove the whole section and replace the first sentence
with a MUST NOT. But this should probably be a separate ballot because it
touches a fair bit of normative language.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/c25d95da/attachment-0001.html>


More information about the Servercert-wg mailing list