[Servercert-wg] Voting period begins: SC-58: require distributionPoint in sharded CRLs

Yoshiro YONEYA yoshiro.yoneya at jprs.co.jp
Mon Nov 7 06:26:57 UTC 2022


JPRS votes YES to Ballot SC-58.

-- 
Yoshiro YONEYA <yoshiro.yoneya at jprs.co.jp>

On Mon, 31 Oct 2022 16:15:37 +0000 Aaron Gable via Servercert-wg <servercert-wg at cabforum.org> wrote:

> Purpose of Ballot
> 
> Recently, several conversations around the necessity of the
> distributionPoint field (and its containing Issuing Distribution Point
> extension) in sharded CRLs have come to the conclusion that, although the
> distributionPoint field serves an important purpose in defending against
> substitution attacks, RFC 5280's language does not actually require its
> presence.
> 
> This ballot augments the Baseline Requirements' CRL Profile to ensure that
> all sharded CRLs contain the distributionPoint field.
> 
> 
> The following motion has been proposed by Aaron Gable of ISRG / Let's
> Encrypt, and endorsed by Clint Wilson of Apple, Corey Bonnell of DigiCert,
> and Dmitris Zacharopoulos of HARICA.
> Motion Begins
> 
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
> based on Version 1.8.4.
> 
> 
> MODIFY the Baseline Requirements as specified in the following Redline:
> 
> https://github.com/cabforum/servercert/compare/bbca71465ed8a8a76383086039f52c750009286a..348756d64e863c19bcab404671abeeec985d6041
> Motion Ends
> 
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
> 
> 
> Discussion (Completed)
> 
> Start time: 2022-10-22 00:00:00 UTC
> 
> End time: Not before 2022-10-29 00:00:00 UTC
> 
> 
> Vote for approval (7 days)
> 
> Start time: 2022-10-31 16:00:00 UTC
> 
> End time: 2022-11-07 16:00:00 UTC


More information about the Servercert-wg mailing list