[Servercert-wg] [cabfpub] Microsoft and Baseline OCSP Next Update Requirements

Aaron Gable aaron at letsencrypt.org
Thu Dec 17 22:05:04 UTC 2020

On Thu, Dec 17, 2020 at 11:20 AM Ryan Sleevi <sleevi at google.com> wrote:

> Note: Moving this to servercert-wg@ since this is about the BRs (I'm
> avoiding BCC'ing public so that a reply-all doesn't cause cross-posting)
> On Thu, Dec 17, 2020 at 1:35 PM Aaron Gable via Public <
> public at cabforum.org> wrote:
>> Hi everyone,
>> <snip>
>> However, I have been unable to find any discussion on this list or
>> elsewhere in which that feedback was provided, so the reasoning behind this
>> change is unclear.
> Sorry about that!
> https://github.com/sleevi/cabforum-docs/pull/18 was the original PR from
> Microsoft , which was based on an email sent off-list regarding ongoing
> work to update policy, which captures some of that transition from the
> individual commits. I'm having a GitHub bug linking to the direct
> discussion that captured some of this.

Thanks for linking to this! This does provide some of the missing context.
I didn't think to search for PRs into the PR branch; I'm clearly still too
accustomed to Gerrit.

> This raises two questions for me, which I hope the members of this list
>> will be able to address:
>> 1) What was the reasoning behind the reversal of this piecewise function
>> between the version included in MS§3.C.2 and the version proposed in SC31
>> and incorporated into BR§4.9.10?
> Captured above, but Microsoft's statement they were in the process of
> updating their requirements to what was/is described in SC31 :)
>> 2) Does Microsoft plan to remove its own requirements from MS§3.C.2, now
>> that the baseline requirements have "aligned" on Microsoft's proposal?
Great, I'll wait for Microsoft to chime in with an update on their plans
regarding updating their requirements.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20201217/5935b33e/attachment.html>

More information about the Servercert-wg mailing list