[Servercert-wg] [EXTERNAL] Ballot SC23: Precertificates

Ryan Sleevi sleevi at google.com
Fri Oct 18 08:59:23 MST 2019


On Fri, Oct 18, 2019 at 11:50 AM Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:

> I forgot to add that although I don’t understand why we need to separate
> the issues, I’d still support the language you proposed.  Would we still
> remove the language about a pre-cert not being a cert?
>

Not in the "targeted" cleanup. The targeted cleanup still keeps a "Precert
is not a cert", and only touches 4.9.10. This would allow CAs to provide
OCSP information for Certificates (as required) OR for
Precertificates (prior to || if they did not) issue a matching a
Certificate, if required by root policy.

Problem 2 would cleanup the "Precert is not a cert" by formalizing all of
the expectations of what "Precert is not a cert" means, and the practical
impact (e.g. on CRLs, on OCSP, on signature algorithms, etc). That's
formalizing the precedent.

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191018/b67f940a/attachment.html>


More information about the Servercert-wg mailing list