[Servercert-wg] Draft Ballot for Cleanups

Ryan Sleevi sleevi at google.com
Thu Oct 17 17:10:22 MST 2019

On Thu, Oct 17, 2019 at 5:45 PM Wayne Thayer via Servercert-wg <
servercert-wg at cabforum.org> wrote:

>>    - Removed the term Test Certificate, as it is no longer used in the
>>    BRs
>>       - I'm a little mixed on this change. It's a term no longer used by
>>       the BRs, and so it makes sense to delete from the BRs. However, I worry
>>       that it might lead CAs to inventing their own definition of what a "test
>>       certificate" is (under the premise of Default-Allow vs Default-Deny).
>>       - An alternative, which if we want to pursue I suspect would be a
>>       separate ballot that aligns the BRs with existing Root Program requirements
>>       (which I'll be sharing shortly), is to remove (i) which is forbidden by
>>       Mozilla since 2016, and only leave the definition (ii) in.
> I prefer the alternative of leaving (ii) so that Test Certificate is
> defined as "A Certificate which is issued under a CA where there are no
> certificate paths/chains to a root certificate subject to these
> Requirements." I'd prefer to add "...a root certificate that is or will
> someday be subject to these Requirements.", but I feel that would also go
> beyond the scope of a "cleanup" ballot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/c289d804/attachment.html>

More information about the Servercert-wg mailing list