[Servercert-wg] Discussion period begins: SC-57: require distributionPoint in sharded CRLs
Aaron Gable
aaron at letsencrypt.org
Thu Oct 20 23:01:23 UTC 2022
Minor correction (does not affect ballot or motion text; does not restart
discussion period): This motion is endorsed by Clint Wilson of Apple, et al.
Apologies,
Aaron
On Thu, Oct 20, 2022 at 3:56 PM Aaron Gable via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> Purpose of Ballot
>
> Recently, several conversations around the necessity of the
> distributionPoint field (and its containing Issuing Distribution Point
> extension) in sharded CRLs have come to the conclusion that, although the
> distributionPoint field serves an important purpose in defending against
> substitution attacks, RFC 5280's language does not actually require its
> presence.
>
> This ballot augments the Baseline Requirements' CRL Profile to ensure that
> all sharded CRLs contain the distributionPoint field.
>
> The following motion has been proposed by Aaron Gable of ISRG / Let's
> Encrypt, and endorsed by Clint Wilson of Mozilla, Corey Bonnell of
> DigiCert, and Dmitris Zacharopoulos of HARICA.
> Motion Begins
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
> based on Version 1.8.4.
>
>
> MODIFY the Baseline Requirements as specified in the following Redline:
>
>
> https://github.com/cabforum/servercert/compare/bbca71465ed8a8a76383086039f52c750009286a..348756d64e863c19bcab404671abeeec985d6041
> Motion Ends
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
> Discussion (7+ days)
>
> Start time: 2022-10-20 23:00:00 UTC
>
> End time: Not before 2022-10-27 23:00:00 UTC
> Vote for approval (7 days)
>
> Start time: TBD
>
> End time: TBD
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20221020/7a3f08a4/attachment.html>
More information about the Servercert-wg
mailing list