[Servercert-wg] VOTING BEGINS: Ballot SC31v3: Browser Alignment
Mads Egil Henriksveen
Mads.Henriksveen at buypass.no
Thu Jul 16 03:19:08 MST 2020
Buypass votes YES to Ballot SC31v3.
We vote YES because we support the idea of having one set of common requirements to ensure that we, as a CA, are compliant across several Root Programs.
We find the additional requirements introduced in this ballot to be well known and recognized and also consider them to be in the best interests of the TLS ecosystem.
However, we have concerns as this ballot includes the recently rejected SC22 Ballot and we find this way of forcing controversial changes problematic.
Regards
Mads
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Ryan Sleevi via Servercert-wg
Sent: torsdag 9. juli 2020 19:00
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [Servercert-wg] VOTING BEGINS: Ballot SC31v3: Browser Alignment
This begins the voting period for Ballot SC31v3: Browser Alignment
Purpose of Ballot:
As a regular part of Root Program maintenance, and reflecting the independent nature of each Root Programs' needs and requirements, Root Programs have introduced a number of requirements above and beyond those captured in the Baseline Requirements. For Root Programs, this approach results in a lack of certainty, as the requirements are not independently audited and assessed, unless otherwise provided for. For CAs, this introduces confusion when applying to have the same CA certificate trusted by multiple Root Programs, as the effective requirements that the CA and certificates need to comply with are the union of the most-restrictive policies.
The following ballot attempts to resolve this uncertainty for Root Programs, and ambiguity for CAs, by incorporating Root Program-specific requirements that are either effective or will, in the future, be effective.
This was originally drafted in https://github.com/sleevi/cabforum-docs/pull/10<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsleevi%2Fcabforum-docs%2Fpull%2F10&data=02%7C01%7C%7C743430d5eee44ac754a508d82429c199%7C57919b2e6d5b40b9a34a55bddb02dfee%7C0%7C0%7C637299109068072643&sdata=tkZN5%2BAulgjX4wkoAtze6sr1rk%2Fkl2LQyLPA1dhnrwM%3D&reserved=0> , and as a pull request is available at https://github.com/cabforum/documents/pull/195<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fpull%2F195&data=02%7C01%7C%7C743430d5eee44ac754a508d82429c199%7C57919b2e6d5b40b9a34a55bddb02dfee%7C0%7C0%7C637299109068082600&sdata=5aApKxho9KlFxHBpEBvMUXXXfC166feRFBvtsFm%2FJzg%3D&reserved=0>
The full description, and motivation, of each change, along with the effective dates, are available at the above pull request.
The following motion has been proposed by Ryan Sleevi of Google and endorsed by Clint Wilson of Apple and Mike Reilly of Microsoft.
The changes between SC31v1 and SC31v2 can be viewed at https://github.com/cabforum/documents/compare/90a7dfe95d32ae8c76a4fa55c7b038d4928872c6...1bb3be897213b21d15b837befa885b0ba34bfd3d<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2F90a7dfe95d32ae8c76a4fa55c7b038d4928872c6...1bb3be897213b21d15b837befa885b0ba34bfd3d&data=02%7C01%7C%7C743430d5eee44ac754a508d82429c199%7C57919b2e6d5b40b9a34a55bddb02dfee%7C0%7C0%7C637299109068082600&sdata=Wed3S7K8jVIcvVMGziKog5Mlze53UdqVBH8T9ezgmUs%3D&reserved=0> . This corrects "Not applicable" to "No stipulation", updates the formatting/markup for Pandoc and provides additional example text to the effective date table for the Chair or Vice-Chair.
The changes between SC31v2 and SC31v3 can be viewed at
https://github.com/cabforum/documents/compare/1bb3be897213b21d15b837befa885b0ba34bfd3d...a9a7814da2328c3d3d54d8355eff6fe398354af8<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2F1bb3be897213b21d15b837befa885b0ba34bfd3d...a9a7814da2328c3d3d54d8355eff6fe398354af8&data=02%7C01%7C%7C743430d5eee44ac754a508d82429c199%7C57919b2e6d5b40b9a34a55bddb02dfee%7C0%7C0%7C637299109068082600&sdata=lho2vGDV1JHOB2Pz%2BVC7U1CpjLe3cKtT1gIVEZs0twQ%3D&reserved=0> . This addresses an issue with certificate suspension for pre-existing, non-TLS certificates from TLS-capable subordinate CAs, and attempts to clarify the expectations around the use of CRL reason codes by requiring they be documented in the CA's CP/CPS. This also shuffles a requirement already present in the BRs and the RFCs, regarding Delegated Responders being conflated with TLS-capable CAs, into the "Cleanup and Clarification" ballot.
--- MOTION BEGINS ---
This ballot modifies "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" ("Baseline Requirements") as follows, based on Version 1.7.0
MODIFY the Baseline Requirements as defined in the following redline:
https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2Fd5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8&data=02%7C01%7C%7C743430d5eee44ac754a508d82429c199%7C57919b2e6d5b40b9a34a55bddb02dfee%7C0%7C0%7C637299109068092560&sdata=XXwAFf26NRIRO4Zy9lpEpihoQPv8bYEQceeM3QI7y5k%3D&reserved=0>
This ballot modifies the “Guidelines for the Issuance and Management of Extended Validation Certificates” (“EV Guidelines”) as follows, based on version 1.7.2:
MODIFY the EV Guidelines as defined in the following redline:
https://github.com/cabforum/documents/compare/d5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2Fd5067bbbfb46906c65e476ef3d55dd3b2c505a09...a9a7814da2328c3d3d54d8355eff6fe398354af8&data=02%7C01%7C%7C743430d5eee44ac754a508d82429c199%7C57919b2e6d5b40b9a34a55bddb02dfee%7C0%7C0%7C637299109068092560&sdata=XXwAFf26NRIRO4Zy9lpEpihoQPv8bYEQceeM3QI7y5k%3D&reserved=0>
The Chair or Vice-Chair is permitted to update the Relevant Dates of the Baseline Requirements and the EV Guidelines to reflect these changes.
--- MOTION ENDS ---
This ballot proposes two Final Maintenance Guidelines.
The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time: 2-July 2020 00:00 UTC
End Time: after 9-July 2020 00:00 UTC
Vote for approval (7 days)
Start Time: 9-July 2020 17:00 UTC
End Time: 16-July 2020 17:00 UTC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200716/25481501/attachment-0001.html>
More information about the Servercert-wg
mailing list