[Servercert-wg] Draft Ballot for Cleanups
Ryan Sleevi
sleevi at google.com
Thu Oct 17 17:10:22 MST 2019
On Thu, Oct 17, 2019 at 5:45 PM Wayne Thayer via Servercert-wg <
servercert-wg at cabforum.org> wrote:
>
>> - Removed the term Test Certificate, as it is no longer used in the
>> BRs
>> - I'm a little mixed on this change. It's a term no longer used by
>> the BRs, and so it makes sense to delete from the BRs. However, I worry
>> that it might lead CAs to inventing their own definition of what a "test
>> certificate" is (under the premise of Default-Allow vs Default-Deny).
>> - An alternative, which if we want to pursue I suspect would be a
>> separate ballot that aligns the BRs with existing Root Program requirements
>> (which I'll be sharing shortly), is to remove (i) which is forbidden by
>> Mozilla since 2016, and only leave the definition (ii) in.
>>
>>
> I prefer the alternative of leaving (ii) so that Test Certificate is
> defined as "A Certificate which is issued under a CA where there are no
> certificate paths/chains to a root certificate subject to these
> Requirements." I'd prefer to add "...a root certificate that is or will
> someday be subject to these Requirements.", but I feel that would also go
> beyond the scope of a "cleanup" ballot.
>
https://github.com/sleevi/cabforum-docs/commit/4c7ea8675244632df0e449b5db4c0dabde244dbe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/c289d804/attachment.html>
More information about the Servercert-wg
mailing list