[Servercert-wg] Discussion Period Begins: SC-52: Specify CRL Validity Intervals in Seconds
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Fri Nov 19 19:40:47 UTC 2021
I thought there was rough consensus NOT to extend the "1 sec accuracy"
to time duration requirements other than the CRL and OCSP.
For example, measuring 24 hours or 5 days to revoke a certificate
doesn't need the accuracy of a second.
It's not easy to programmatically measure this level of accuracy for
every CA process. When the requirements identify this level of accuracy
(e.g. RFC 5280), it makes sense to programmatically enforce them,
otherwise it is too painful to implement for every time measurement and
produces very little -if any- security improvements to the ecosystem.
HARICA does not support the current proposal to extend the accuracy to
the entirety of the BRs (and by extension to NetSec and EV Guidelines).
On 18/11/2021 5:43 μ.μ., Tim Hollebeek via Servercert-wg wrote:
> Ballot SC-52: Specify CRL Validity Intervals in Seconds
> Purpose of Ballot: Similar to Ballot SC-31 which modified the
> specification of
> OCSP validity periods to be in seconds, this ballot modifies the
> of CRL validity periods to be in seconds to avoid confusion about
> exactly which
> periods are valid and which are not. The ballot also specifies that
> other time
> periods should be handled the same way, which has broader impacts
> the document.
> The following motion has been proposed by Tim Hollebeek of DigiCert
> and endorsed
> by Trevoli Ponds-White of Amazon and Kati Davids of GoDaddy.
> ---MOTION BEGINS---
> This ballot modifies the “Baseline Requirements for the Issuance and
> of Publicly-Trusted Certificates” (“Baseline Requirements”), based on
> Version 1.8.0:
> MODIFY the Baseline Requirements as specified in the following Redline:
> ---MOTION ENDS---
> This ballot proposes a Final Maintenance Guideline.
> The procedure for approval of this ballot is as follows:
> Discussion (7+ days)
> Start Time: November 18, 2021 10:30am Eastern
> End Time: No earlier than November 25, 2021 10:30 am Eastern
> Vote for approval (7 days)
> Start Time: TBD
> End Time: TBD
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Servercert-wg