[Servercert-wg] [EXTERNAL] Re: Ballot SC31: Browser Alignment

Mike Reilly (GRC) Mike.Reilly at microsoft.com
Thu Jun 18 16:08:40 MST 2020

Ryan and Rich, “no stipulation” in the pull 27 looks fine from my perspective.  Thanks, Mike

From: Ryan Sleevi <sleevi at google.com>
Sent: Thursday, June 18, 2020 12:42 PM
To: Richard Smith <rich at sectigo.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>; Clint Wilson <clintw at apple.com>; Mike Reilly (GRC) <Mike.Reilly at microsoft.com>
Subject: [EXTERNAL] Re: [Servercert-wg] Ballot SC31: Browser Alignment

Thanks, I've put together https://github.com/sleevi/cabforum-docs/pull/27/files<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsleevi%2Fcabforum-docs%2Fpull%2F27%2Ffiles&data=02%7C01%7CMike.Reilly%40microsoft.com%7C0325308bcf414bacd10a08d813bfd29f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637281061884038658&sdata=AxIUuI5HP9dTS07ET%2FJ8lhEL%2BNwKOIug6L73oO0mceo%3D&reserved=0> based on the feedback so far, and if Clint and Mike are good with the edits, I can merge. This also corrected the effective dates (although the chair would have been able to modify that table at will) and fixes up for the Pandoc markdown to make sure it generates ok :)

I can also wait for more discussion/feedback to come in today, to avoid having to create multiple versions, and I can see about restarting discussion tomorrow with a v2.

If it seems like I'm keen to get to the voting phase, it's because I want to make sure CAs have as much leadtime as possible before 2020-09-30, considering this has been bouncing around for several months now :)

On Thu, Jun 18, 2020 at 12:26 PM Ryan Sleevi <sleevi at google.com<mailto:sleevi at google.com>> wrote:
Good point! I'd borrowed the language from 4.9.14, but while that actually is "Not applicable" (because you cannot suspend), you're quite right, it doesn't make sense here.

I'm inclined to lean on "No Stipulation" to indicate we've actively considered and aren't making any requirements, but if folks would prefer blank and chime in within the next few hours, I can live with that :)

On Thu, Jun 18, 2020 at 11:56 AM Richard Smith <rich at sectigo.com<mailto:rich at sectigo.com>> wrote:
Should the text in BR 4.9.11 be “No stipulation” rather than “Not applicable”?  Or be simply left blank as is the current custom for sections of the BR to which the Forum has not elected to state a requirement?


From: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Ryan Sleevi via Servercert-wg
Sent: Tuesday, June 16, 2020 5:29 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Subject: [Servercert-wg] Ballot SC31: Browser Alignment

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

This begins the discussion period for Ballot SC31: Browser Alignment.

Purpose of Ballot:

As a regular part of Root Program maintenance, and reflecting the independent nature of each Root Programs' needs and requirements, Root Programs have introduced a number of requirements above and beyond those captured in the Baseline Requirements. For Root Programs, this approach results in a lack of certainty, as the requirements are not independently audited and assessed, unless otherwise provided for. For CAs, this introduces confusion when applying to have the same CA certificate trusted by multiple Root Programs, as the effective requirements that the CA and certificates need to comply with are the union of the most-restrictive policies.

The following ballot attempts to resolve this uncertainty for Root Programs, and ambiguity for CAs, by incorporating Root Program-specific requirements that are either effective or will, in the future, be effective.

This was originally drafted in https://github.com/sleevi/cabforum-docs/pull/10<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsleevi%2Fcabforum-docs%2Fpull%2F10&data=02%7C01%7CMike.Reilly%40microsoft.com%7C0325308bcf414bacd10a08d813bfd29f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637281061884048652&sdata=PJzXM%2Beq2gWsNouDdxt0W%2FQbJJTFc%2FF0qapI8Qw8TuY%3D&reserved=0> , and as a pull request is available at https://github.com/cabforum/documents/pull/195<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fpull%2F195&data=02%7C01%7CMike.Reilly%40microsoft.com%7C0325308bcf414bacd10a08d813bfd29f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637281061884048652&sdata=QQtI2XqPo%2Fk%2B73wT%2Be7Qa9pKXAAn1Q5LlZiKcqrV54g%3D&reserved=0>

The full description, and motivation, of each change, along with the effective dates, are available at the above pull request.

The following motion has been proposed by Ryan Sleevi of Google and endorsed by Clint Wilson of Apple and Mike Reilly of Microsoft.


This ballot modifies "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" ("Baseline Requirements") as follows, based on Version 1.7.0

MODIFY the Baseline Requirements as defined in the following redline:

This ballot modifies the “Guidelines for the Issuance and Management of Extended Validation Certificates” (“EV Guidelines”) as follows, based on version 1.7.2:

MODIFY the EV Guidelines as defined in the following redline:

The Chair or Vice-Chair is permitted to update the Relevant Dates of the Baseline Requirements and the EV Guidelines to reflect these changes.


This ballot proposes two Final Maintenance Guidelines.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)
Start Time: 17-June 2020 01:00 UTC
End Time: 24-June 2020 10:00 UTC

Vote for approval (7 days)
Start Time: TBD
End Time: TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200618/3a3cfd0b/attachment-0001.html>

More information about the Servercert-wg mailing list