[Servercert-wg] Ballot SC23: Precertificates

Jeremy Rowley jeremy.rowley at digicert.com
Tue Oct 22 23:18:13 MST 2019

The amendment sounds good to me, and I like the original proposal more than Dimitris language.

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Wayne Thayer via Servercert-wg
Sent: Tuesday, October 22, 2019 7:12 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Ballot SC23: Precertificates

On Tue, Oct 22, 2019 at 6:00 PM Kirk Hall <Kirk.Hall at entrustdatacard.com<mailto:Kirk.Hall at entrustdatacard.com>> wrote:
Wayne – I failed to look closely at your proposed text on Ballot SC23, and now realize you reverted to some earlier language that is easier to understand – sorry I didn’t notice that.

I'd still like to know if there is a preference for Dimitris' language, but this leads me to think that I should go ahead with the existing ballot.

There are no ballot provisions setting an Effective Date for the ballot – does that mean the requirement that all CAs must provide OCSP responses for pre-certificates will take effect 30 days after the end of the voting period?  That would be problematic.

Bruce previously asked for the ballot to include an Effective Date that is six months after completion of the IP review period so that CAs can plan for and modify their systems.  Would you be willing to add that to the ballot to make it more widely supported?  We’ve all been doing CT for many years with many CAs not providing OCSP responses on pre-certificates, and there does not seem to be a crisis requiring the new provision to be applied in 30 days.

Thanks for pointing that out. I intended to propose an effective date of 1-March 2020, if Jeremy and Rob as endorsers will accept this amendment?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191023/c1e9f530/attachment.html>

More information about the Servercert-wg mailing list