[Servercert-wg] Voting begins for Ballot SC45: Wildcard Domain Validation
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Mon May 31 17:32:18 UTC 2021
HARICA votes "yes" to ballot SC45.
On 27/5/2021 10:01 μ.μ., Ryan Sleevi via Servercert-wg wrote:
> This email begins the voting period for Ballot SC45: Wildcard Domain
> Purpose of Ballot:
> This Ballot addresses security issues with the use of methods
> 22.214.171.124.6, 126.96.36.199.18, and 188.8.131.52.19 of the Baseline Requirements to
> authenticate an entire domain namespace. These methods rely on an HTTP
> based demonstration of control, which only demonstrates control over a
> particular host and service, rather than the entire Domain Namespace.
> Effective 2021-12-01, these methods MUST NOT be used to issue Wildcard
> Certificates and MUST NOT be used as Authorization Domain Names for
> subordinate FQDNs of the validated FQDN.
> Although not directly modifying the same section, this Ballot does
> interact with Ballot SC42: 398-day Re-use Period, and so two versions
> are presented, based on whether or not SC42 finishes the IP review
> period without issues. If SC42 is adopted, 184.108.40.206.6 does not need to
> change, because no past validations can be reused to issue new
> certificates after the effective date. However, if SC42 were to fail,
> 220.127.116.11.6 is also modified to keep consistent with .18 and .19.
> The following motion has been proposed by Ryan Sleevi of Google and
> endorsed by Jos Purvis of Cisco and Dimitris Zacharopoulos of HARICA.
> It can be viewed on GitHub as
> -- MOTION BEGINS --
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline
> Requirements”), based on Version 1.7.4.
> If SC42 finishes the IP Review period without issues and is adopted,
> MODIFY the Baseline Requirements as specified in the following Redline:
> If SC42 fails to finish the IP Review period without issues and is not
> adopted, MODIFY the Baseline Requirements as specified in the
> following Redline:
> -- MOTION ENDS --
> This ballot proposes a Final Maintenance Guideline.
> The procedure for approval of this ballot is as follows:
> Discussion (7+ days)
> Start Time: 2021-05-20 19:00:00 UTC
> End Time: 2021-05-27 19:00:00 UTC
> Vote for approval (7 days)
> Start Time: 2021-05-27 19:00:00 UTC
> End Time: 2021-06-03 19:00:00 UTC
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Servercert-wg