[Servercert-wg] Voting Begins: Ballot SC27v3: Version 3 Onion Certificates

Chema Lopez clopez at firmaprofesional.com
Tue Feb 18 10:10:51 MST 2020


Firmaprofesional "abstains"  on Ballot SC27v3.


*Chema López*

Director Área Innovación, Cumplimiento y Tecnología

+34 666 429 224






*Barcelona  *Av. Torre Blanca 57, Edif. Esadecreapolis, Local 3B6 - 08173
Sant Cugat del Vallès | +34 934 774 245

*Madrid  *C/ Velázquez 59, 1º Ctro-Izda. - 28001 Madrid | +34 915 762 181


www.firmaprofesional.com



*El contenido de este correo electrónico y de sus anexos es confidencial.
Si usted recibe este mensaje por error, debe saber que está prohibido hacer
uso, divulgación y/o copia del mismo. En tal caso le agradeceríamos que
advierta de inmediato a su remitente y que proceda a destruir el mensaje.*



*Le informamos que, cumpliendo la normativa en materia de protección de
datos, FIRMAPROFESIONAL tratará sus datos con la finalidad de garantizar
las relaciones con la empresa, entidad u organización a la que usted
representa o en la que trabaja y por el período que dure dicha
relación. Podrá ejercer sus derechos de acceso, rectificación, supresión,
limitación, portabilidad y oposición al tratamiento ante el Responsable:
FIRMAPROFESIONAL, S.A., Av. Torre Blanca, 57, local 3B6 (Edificio
Esadecreapolis), 08173 Sant Cugat del Vallès (Barcelona), o bien mediante
correo electrónico a: rgpd at firmaprofesional.com
<rgpd at firmaprofesional.com>, en cualquier caso adjuntando una copia de su
D.N.I. o documento equivalente. Asimismo, podrá formular reclamaciones ante
la Agencia Española de Protección de Datos. Para más información puede
consultar nuestra política de privacidad
<https://www.firmaprofesional.com/esp/aviso-legal>.*


On Wed, 12 Feb 2020 at 21:00, Wayne Thayer via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> This begins the voting period for Version 3 of ballot SC27: Version 3
> Onion Certificates
>
> Purpose of Ballot:
>
> This ballot will permit CAs to issue DV and OV certificates containing Tor
> onion addresses using the newer version 3 naming format.
>
> In ballot 144, later clarified by ballots 198/201, the Forum created rules
> for issuing EV certificates containing onion addresses. A primary reason
> for requiring EV level validation was that onion addresses were
> cryptographically weak, relying on RSA-1024 and SHA-1. More recently a
> newer "version 3" addressing scheme has removed these weaknesses. For much
> the same reason that EV certificates are not always a viable option for
> website operators (e.g. sites operated by individuals), many onion sites
> would benefit from the availability of DV and OV certificates for version 3
> onion addresses.
>
> The Tor Service Descriptor Hash extension required in the EV Guidelines to
> contain the full hash of the keys related to the .onion address is no
> longer needed as this hash is part of the version 3 address.
>
> Older version 2 onion addresses are still in use, so this ballot does not
> remove the existing EV Guidelines requirements for onion names.
>
> Reference to discussion of EV onion certificates:
> https://cabforum.org/pipermail/public/2014-November/004569.html
>
> Reference to reasons we required EV in the past:
> https://cabforum.org/pipermail/public/2015-November/006213.html
>
> Reference to prior discussion of this topic:
> https://cabforum.org/pipermail/public/2017-November/012451.html
>
>
> The following motion has been proposed by Wayne Thayer of Mozilla and
> endorsed by Roland Shoemaker of Let's Encrypt and Dimitris Zacharopoulos of
> HARICA.
>
>
> -- MOTION BEGINS --
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as follows, based on Version
> 1.6.7, or based on Version 1.6.7 as modified by ballot SC25:
>
> ADD a paragraph to section 3.2.2.4 of the Baseline Requirements as defined
> in the following redline:
> https://github.com/cabforum/documents/compare/16a5a9bb78a193266f8d1465de1ee5a1acf5d184..f7a2dba4a2dd6b7209c71c862ad68dca960b6de9
>
> ADD Appendix C to the Baseline Requirements as defined in the following
> redline:
> https://github.com/cabforum/documents/compare/16a5a9bb78a193266f8d1465de1ee5a1acf5d184..f7a2dba4a2dd6b7209c71c862ad68dca960b6de9
>
>
> This ballot modifies the "Guidelines for the Issuance and Management of
> Extended Validation Certificates" as follows based on version 1.7.1:
>
> MODIFY Appendix F as defined in the following redline:
> https://github.com/cabforum/documents/compare/16a5a9bb78a193266f8d1465de1ee5a1acf5d184..f7a2dba4a2dd6b7209c71c862ad68dca960b6de9
>
> -- MOTION ENDS --
>
>
> This ballot proposes two Final Maintenance Guidelines.
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: 25-January 2020 00:00 UTC
>
> End Time: 12-February 2020 20:00 UTC
>
> Vote for approval (7 days)
>
> Start Time: 12-February 2020 20:00 UTC
>
> End Time:  19-February 2020 20:00 UTC
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200218/8692611a/attachment.html>


More information about the Servercert-wg mailing list