[Servercert-wg] Initial Vote Results on Ballot SC22: Reduce Certificate Lifetimes (v2)
Doug Beattie
doug.beattie at globalsign.com
Mon Sep 16 07:06:29 MST 2019
Jeremy: This email is interesting because the day after you sent this, your company posted a blog that said “DigiCert has no choice but to oppose these changes.”
https://www.digicert.com/blog/how-reduced-tls-ssl-certificate-lifetimes-to-one-year-would-affect-you/
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Jeremy Rowley via Servercert-wg
Sent: Wednesday, September 11, 2019 7:51 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Initial Vote Results on Ballot SC22: Reduce Certificate Lifetimes (v2)
I know we missed voting on Ballot SC22, and that was my fault. We’re trying to navigate decision making that takes into consideration both our customers and our browser counterparts. After receiving direct feedback from our customers, we were stuck between a rock and a hard place as to making a yes/no vote. Although a plurality of internal opinions are in favor of 1-year certificates, we found it hard to make a final statement on a topic that our customers directly disagree with as the proposed ballot doesn’t give them enough time for change management. By the time we came to a decision the ballot was already defeated. In retrospect, we would we had voted yes during the ballot period.
I’m posting here because I want it on record, if not in vote, that DigiCert is in favor of 1-year certs. Previously, I posted the challenges associated with moving to 1-year certs, but overall, we know this change will benefit the ecosystem. If we could vote now, we would vote in favor of Ballot SC22.
I know 1-year certs cause concerns for our customers, but we believe it’s the right view in light of security. And, we’re working on tools to support customers as they make the switch, now or later, to 1-year certs.
We apologize again for missing the vote.
Jeremy
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Wayne Thayer via Servercert-wg
Sent: Monday, September 9, 2019 7:30 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [Servercert-wg] Initial Vote Results on Ballot SC22: Reduce Certificate Lifetimes (v2)
The voting period for Ballot SC22 has ended and the Ballot has Failed. Here are the results:
Voting by Certificate Issuers – 32 votes total including abstentions
* 11 Yes votes: Amazon, Buypass, Certigna (DHIMYOTIS), certSIGN, Sectigo (former Comodo CA), eMudhra, Kamu SM, Let's Encrypt, Logius PKIoverheid, SHECA, SSL.com
* 19 No votes: Camerfirma, Certum (Asseco), CFCA, Chunghwa Telecom, Comsign, D-TRUST, DarkMatter, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, Izenpe, Network Solutions, OATI, SECOM, TWCA, TrustCor, SecureTrust (former Trustwave)
* 2 Abstain: HARICA, TurkTrust
37% of voting Certificate Issuers voted in favor.
Voting by Certificate Consumers – 7 votes total including abstentions
* 7 Yes votes: Apple, Cisco, Google, Microsoft, Mozilla, Opera, 360
* 0 No votes:
* 0 Abstain:
100% of voting Certificate Consumers voted in favor
Relevant Bylaw references
Bylaw 2.3(f) requires:
a "yes" vote by two-thirds of Certificate Issuer votes and 50%-plus-one Certificate Consumer votes for approval. Votes to abstain are not counted for this purpose. This requirement was met for both Certificate Issuers and Certificate Consumers.
at least one Certificate Issuer and one Certificate Consumer Member must vote in favor of a ballot for the ballot to be adopted. This requirement was also met.
Under Bylaw 2.3(g), "a ballot result will be considered valid only when more than half of the number of currently active Members has participated". Votes to abstain are counted in determining a quorum.
18 member companies attended the last teleconference, and quorum was updated accordingly. Half of currently active Members as of the start of voting was 9, so quorum was 10 votes – quorum was met.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190916/1a5a56c6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5701 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190916/1a5a56c6/attachment-0001.p7s>
More information about the Servercert-wg
mailing list