[Servercert-wg] Discussion Period Begins on Ballot SC47v2: Sunset subject:organizationalUnitName

Corey Bonnell Corey.Bonnell at digicert.com
Tue Jun 15 17:36:49 UTC 2021


Hi Paul,

Thanks for sending this proposal out. I have two comments on the proposed
language:

 

1.	Although the current proposed wording aligns with how Common Name is
defined, stating "Deprecated" doesn't indicate whether the OU is required or
optional until the prohibition date. I think it is clearer to state
"Optional, but Deprecated" or something to that effect.
2.	There is at least one CA that is still actively issuing DV
certificates with OU, and this inclusion of the OU field was permitted by at
least one Root Program. The current wording of the proposal would implement
an immediate prohibition on this practice once the ballot clears IPR. I
don't feel strongly about the timeline for this prohibition, but did want to
call it out in case this is was unintended.

 

Thanks,

Corey

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Paul
van Brouwershaven via Servercert-wg
Sent: Monday, June 14, 2021 4:43 AM
To: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org>; Paul van Brouwershaven
<Paul.vanBrouwershaven at entrust.com>
Subject: Re: [Servercert-wg] Discussion Period Begins on Ballot SC47v2:
Sunset subject:organizationalUnitName

 

Please note the link to the redline is showing the correct version but is
linking to the previous version.

The correct link as shown: (commit 160f860dc1eccaa273bc8001dadaf07c4bba9dbd)

 

https://github.com/cabforum/servercert/compare/cf4e17a43977dcf7cb9c9e41efd2d
f4be4707e13...160f860dc1eccaa273bc8001dadaf07c4bba9dbd

 

The pull request is also show tot actual changes.

 

  _____  

From: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > on behalf of Paul van
Brouwershaven via Servercert-wg <servercert-wg at cabforum.org
<mailto:servercert-wg at cabforum.org> >
Sent: Monday, June 14, 2021 09:51
To: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: [EXTERNAL] [Servercert-wg] Discussion Period Begins on Ballot
SC47v2: Sunset subject:organizationalUnitName 

 

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the
content is safe.

  _____  

This email begins the discussion period for Ballot SC47v2: Sunset
subject:organizationalUnitName

 

This version updates SC47 to state "issued on or after September 1, 2022"
and makes the EV Guidelines reference the BRs as suggested by Ryan Sleevi
from Google.

 

Purpose of Ballot:

 

This Ballot sets a sunset date for the `subject:organizationalUnitName` as
several earlier attempts to strengthen the validation failed to gain
consensus.

 

The following motion has been proposed by Paul van Brouwershaven of Entrust
and endorsed by Ben Wilson of Mozilla and Chema Lopez of Firmaprofesional.

 

It can be viewed on GitHub as
https://github.com/cabforum/servercert/pull/282
<https://urldefense.com/v3/__https:/github.com/cabforum/servercert/pull/282_
_;!!FJ-Y8qCqXTj2!In1_62JB1hlJhP3yHrH8xFv_eCLNnwhczsBSH4EDm_GfhdDT2YslHfzfkaO
YowuG40l585ghaA$> 

 

===== MOTION BEGINS =====

 

This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
based on Version 1.7.6:

 

MODIFY the Baseline Requirements as specified in the following Redline:

 

 
<https://urldefense.com/v3/__https:/github.com/cabforum/servercert/compare/c
f4e17a43977dcf7cb9c9e41efd2df4be4707e13...a70e85f256ee01fbfc6625f667305b4e3f
b7fee9__;!!FJ-Y8qCqXTj2!In1_62JB1hlJhP3yHrH8xFv_eCLNnwhczsBSH4EDm_GfhdDT2Ysl
HfzfkaOYowuG40neKQZkDA$>
https://github.com/cabforum/servercert/compare/cf4e17a43977dcf7cb9c9e41efd2d
f4be4707e13...160f860dc1eccaa273bc8001dadaf07c4bba9dbd

 

This ballot modifies the "Guidelines for the Issuance and Management of
Extended Validation Certificates" ("EV Guidelines") as follows, based on
Version 1.7.6:

 

MODIFY the EV Guidelines as defined in the following redline:

 

 
<https://urldefense.com/v3/__https:/github.com/cabforum/servercert/compare/c
f4e17a43977dcf7cb9c9e41efd2df4be4707e13...a70e85f256ee01fbfc6625f667305b4e3f
b7fee9__;!!FJ-Y8qCqXTj2!In1_62JB1hlJhP3yHrH8xFv_eCLNnwhczsBSH4EDm_GfhdDT2Ysl
HfzfkaOYowuG40neKQZkDA$>
https://github.com/cabforum/servercert/compare/cf4e17a43977dcf7cb9c9e41efd2d
f4be4707e13...160f860dc1eccaa273bc8001dadaf07c4bba9dbd

 

===== MOTION ENDS =====

 

This ballot proposes a Final Maintenance Guideline.

 

The procedure for approval of this ballot is as follows:

 

Discussion (7+ days)

 

Start Time: 2021-06-14 8:00:00 UTC  

End Time: 2021-06-21 8:00:00 UTC  

 

Vote for approval (7 days)

 

Start Time: TBD  

End Time: TBD 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210615/16881077/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210615/16881077/attachment-0001.p7s>


More information about the Servercert-wg mailing list