[Servercert-wg] Draft Ballot for Cleanups

Jacob Hoffman-Andrews jsha at letsencrypt.org
Thu Oct 17 17:18:16 MST 2019

On Thu, Oct 17, 2019 at 5:14 PM Ryan Sleevi via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> On Thu, Oct 17, 2019 at 7:59 PM Jacob Hoffman-Andrews via Servercert-wg <
> servercert-wg at cabforum.org> wrote:
>> I'm working my way through the diffs, and overall this looks great.
>> Thanks for putting it together. I do notice there's one important Effective
>> Date that's in the past but you haven't removed: 1 July 2012, the overall
>> effective date of the BRs. Is there any reason not to remove this one as
>> well?
> Nope! No strong view.

I'll work on a PR.

>> There are also some effective dates in 6.1.5. Key Sizes, such as
>> "Validity period ending on or before 31 Dec 2013 / Validity period ending
>> after 31 Dec 2013" (for Subscriber certificates). I think we can get rid of
>> that one (but not necessarily the ones for Root CA Certificates and
>> Subordinate CA Certificates, because those can have very long lifetimes).
> Er, I'm looking at
> https://github.com/cabforum/documents/compare/master...sleevi:2019-07-Cleanups
> and 6.1.5 and not seeing that. That is,
> https://github.com/cabforum/documents/commit/89f738b02545b63febbc89e5fbfb4a7ac5cf20ed tried
> to comprehensively fix that (minus a little formatting snafu the next one
> fixed)
>> In the same vein, 4.2.2. Approval or Rejection of Certificate
>> Applications has a long section that starts with: "CAs SHOULD NOT issue
>> Certificates containing a new gTLD under consideration by ICANN." I believe
>> this whole section is irrelevant since 2015, because gTLDs that don't yet
>> exist are "Internal Names" (i.e. not rooted in the global DNS), and are
>> forbidden for that reason. We can remove the whole section and replace the
>> first sentence with a MUST NOT. But this should probably be a separate
>> ballot because it touches a fair bit of normative language.
> Same question - wrong branch?
> https://github.com/cabforum/documents/commit/5ec37f13dc5783549c8ddfbb52658c3d2190999c should
> have covered that?

Yep, on both of these I must have just missed the diff last time I looked.
Thanks for the pointers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/7fd59a85/attachment.html>

More information about the Servercert-wg mailing list