[Servercert-wg] Draft Ballot for Cleanups
Jacob Hoffman-Andrews
jsha at letsencrypt.org
Thu Oct 17 17:18:16 MST 2019
On Thu, Oct 17, 2019 at 5:14 PM Ryan Sleevi via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> On Thu, Oct 17, 2019 at 7:59 PM Jacob Hoffman-Andrews via Servercert-wg <
> servercert-wg at cabforum.org> wrote:
>
>> I'm working my way through the diffs, and overall this looks great.
>> Thanks for putting it together. I do notice there's one important Effective
>> Date that's in the past but you haven't removed: 1 July 2012, the overall
>> effective date of the BRs. Is there any reason not to remove this one as
>> well?
>>
>
> Nope! No strong view.
>
I'll work on a PR.
>
>
>> There are also some effective dates in 6.1.5. Key Sizes, such as
>> "Validity period ending on or before 31 Dec 2013 / Validity period ending
>> after 31 Dec 2013" (for Subscriber certificates). I think we can get rid of
>> that one (but not necessarily the ones for Root CA Certificates and
>> Subordinate CA Certificates, because those can have very long lifetimes).
>>
>
> Er, I'm looking at
> https://github.com/cabforum/documents/compare/master...sleevi:2019-07-Cleanups
> and 6.1.5 and not seeing that. That is,
> https://github.com/cabforum/documents/commit/89f738b02545b63febbc89e5fbfb4a7ac5cf20ed tried
> to comprehensively fix that (minus a little formatting snafu the next one
> fixed)
>
>
>>
>> In the same vein, 4.2.2. Approval or Rejection of Certificate
>> Applications has a long section that starts with: "CAs SHOULD NOT issue
>> Certificates containing a new gTLD under consideration by ICANN." I believe
>> this whole section is irrelevant since 2015, because gTLDs that don't yet
>> exist are "Internal Names" (i.e. not rooted in the global DNS), and are
>> forbidden for that reason. We can remove the whole section and replace the
>> first sentence with a MUST NOT. But this should probably be a separate
>> ballot because it touches a fair bit of normative language.
>>
>
> Same question - wrong branch?
> https://github.com/cabforum/documents/commit/5ec37f13dc5783549c8ddfbb52658c3d2190999c should
> have covered that?
>
Yep, on both of these I must have just missed the diff last time I looked.
Thanks for the pointers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/7fd59a85/attachment.html>
More information about the Servercert-wg
mailing list