[Servercert-wg] BALLOT SC-57: Election of SCWG Vice-Chair (Jos Purvis)
Peter Miškovič
Peter.Miskovic at disig.sk
Tue Oct 25 13:20:47 UTC 2022
Disig votes "YES" on BALLOT SC-57: Election of SCWG Vice-Chair.
Regards
Peter Miskovic
-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of servercert-wg-request at cabforum.org
Sent: Monday, October 17, 2022 9:54 PM
To: servercert-wg at cabforum.org
Subject: Servercert-wg Digest, Vol 52, Issue 21
Send Servercert-wg mailing list submissions to
servercert-wg at cabforum.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.cabforum.org/mailman/listinfo/servercert-wg
or, via email, send a message with subject or body 'help' to
servercert-wg-request at cabforum.org
You can reach the person managing the list at
servercert-wg-owner at cabforum.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Servercert-wg digest..."
Today's Topics:
1. BALLOT SC-57: Election of SCWG Vice-Chair (Jos Purvis)
2. Re: BALLOT SC-57: Election of SCWG Vice-Chair (Jos Purvis)
3. Re: Ballot proposal: require distributionPoint in sharded
CRLs (Aaron Gable)
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Oct 2022 12:14:15 -0400
From: "Jos Purvis" <jos at melete.org>
To: "CABF Server Cert WG" <servercert-wg at cabforum.org>
Subject: [Servercert-wg] BALLOT SC-57: Election of SCWG Vice-Chair
Message-ID: <465beda5-9aec-4c7a-bfb3-6acb0c6bdd90 at app.fastmail.com>
Content-Type: text/plain; charset="us-ascii"
This email begins the discussion period for ballot SC-57 to elect the Server Certificate Working Group Vice-Chair. Since there has been only one nomination to this position during the (extended) nomination period, this ballot will confirm the election of Kiran Tummala from Microsoft as the Vice-Chair of the Server Certificate Working Group.
*BALLOT TEXT:**
*
* Shall the Server Certificate Working Group confirm the election of Kiran Tummala of Microsoft to the position of Vice-Chair of the Working Group?
A vote of YES on this ballot indicates support for Kiran's election as Vice-Chair; a vote of NO indicates lack of support for this candidate to this post.
*VOTING PROCESS:*
Votes MUST be submitted PRIVATELY BY DIRECT EMAIL to the election committee members:
* Don Sheehy (CPA Canada, WebTrust Task Force);
* Clemens Wanko (ETSI / ACAB'C).
Email addresses for the committee members are the same as were used for the Chair election in ballot SC-55 and all other CABF elections this term; they will also be re-posted to the Management list in case members need them for reference. As with other election ballots, the committee will ignore votes submitted to Working Group mailing lists.
*BALLOT SCHEDULE:**
*
This ballot will follow this schedule for the elections process:
* *Discussion Period:* Begins 17 October at 13:00 Eastern / Ends 24 October at 13:00 Eastern
* *Voting Period:* Begins 24 October at 14:00 Eastern / Ends 31 October at 14:00 Eastern
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20221017/f793934d/attachment-0001.html>
------------------------------
Message: 2
Date: Mon, 17 Oct 2022 12:18:43 -0400
From: "Jos Purvis" <jos at melete.org>
To: "CABF Server Cert WG" <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] BALLOT SC-57: Election of SCWG Vice-Chair
Message-ID: <69c48daf-bca0-4fc0-a20e-ee7f034bbc7c at app.fastmail.com>
Content-Type: text/plain; charset="us-ascii"
One quick amendment, highlighted in italics below...
-----
This email begins the discussion period for ballot SC-57 to elect the Server Certificate Working Group Vice-Chair. Since there has been only one nomination to this position during the (extended) nomination period, this ballot will confirm the election of Kiran Tummala from Microsoft as the Vice-Chair of the Server Certificate Working Group.
*BALLOT TEXT:**
*
Shall the Server Certificate Working Group confirm the election of Kiran Tummala of Microsoft to the position of Vice-Chair of the Working Group *for the term commencing 1 November 2022 and completing 1 November 2024*?
A vote of YES on this ballot indicates support for Kiran's election as Vice-Chair; a vote of NO indicates lack of support for this candidate to this post.
*VOTING PROCESS:**
*
Votes MUST be submitted *PRIVATELY BY DIRECT EMAIL* to the election committee members:
* Don Sheehy (CPA Canada, WebTrust Task Force);
* Clemens Wanko (ETSI / ACAB'C).
Email addresses for the committee members are the same as were used for the Chair election in ballot SC-55 and all other CABF elections this term; they will also be re-posted to the Management list in case members need them for reference. As with other election ballots, the committee will ignore votes submitted to Working Group mailing lists.
*BALLOT SCHEDULE:**
*
This ballot will follow this schedule for the elections process:
*Discussion Period:* Begins 17 October at 13:00 Eastern / Ends 24 October at 13:00 Eastern *Voting Period: *Begins 24 October at 14:00 Eastern / Ends 31 October at 14:00 Eastern
_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20221017/b224b56d/attachment-0001.html>
------------------------------
Message: 3
Date: Mon, 17 Oct 2022 12:53:12 -0700
From: Aaron Gable <aaron at letsencrypt.org>
To: Corey Bonnell <Corey.Bonnell at digicert.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Ballot proposal: require
distributionPoint in sharded CRLs
Message-ID:
<CAEmnErdc55mC__XjEtC8itNoWoetoa_kQK2Fne2UYRpMFE6EWw at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
It looks like we have two additional endorsers (Corey Bonnell and Dimitris Zacharopoulos). I've made two small changes to the GitHub PR:
* changed effective date to Jan 15 for a little breathing room around the holidays, at Tim Hollebeek's suggestion
* added a reminder that the IDP extension must be marked critical, at Wayne Thayer's suggestion.
Since it looks like this will not result in any merge conflicts with the profiles ballot, are there any other comments before we assign this a number and open the official ballot?
Thanks,
Aaron
On Fri, Oct 14, 2022 at 1:16 PM Corey Bonnell <Corey.Bonnell at digicert.com>
wrote:
> > Seems there may still be a residual small risk if a new CRL shard is
> started before CCADB is updated any certificate that should be covered
> in that new shard gets revoked prior to the CCADB update. But maybe
> people perceive that timing issue as too small to be a concern.
>
>
>
> I agree this is a risk and I think this is an area that should be
> clarified, especially since the CCADB and Root Program policies are
> silent on the order in which new sharded CRLs can be populated with
> entries and when those new shards need to be disclosed, or the
> relevant time frame in which such updates must occur. Hopefully CAs
> are updating CCADB with new CRL shard URIs prior to populating them
> with entries but clarifying this would eliminate any risk from
> certificate revocations not being processed due to those shards not being timely disclosed in CCADB.
>
>
>
> Thanks,
>
> Corey
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf
> Of *Wendy Brown - QT3LB-C via Servercert-wg
> *Sent:* Friday, October 14, 2022 3:58 PM
> *To:* Aaron Gable <aaron at letsencrypt.org>
> *Cc:* CA/B Forum Server Certificate WG Public Discussion List <
> servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] Ballot proposal: require
> distributionPoint in sharded CRLs
>
>
>
> So just to be clear, this change proposal is only trying to address
> the ability of a browser relying on CRL disclosures in CCADB to be
> able to ensure they have the complete set of CRLs disclosed there, not
> to address the potential risk to any given revoked certificate not
> being seen as revoked because the RP is looking at a CRL that does not
> have that certificate in scope due to sharding?
>
>
>
> Seems there may still be a residual small risk if a new CRL shard is
> started before CCADB is updated any certificate that should be covered
> in that new shard gets revoked prior to the CCADB update. But maybe
> people perceive that timing issue as too small to be a concern.
>
>
>
> thanks,
>
> Wendy
>
>
>
> Wendy Brown
>
> Supporting GSA
>
> FPKIMA Technical Liaison
>
> Protiviti Government Services
>
> 703-965-2990 (cell)
>
>
>
>
>
> On Fri, Oct 14, 2022 at 3:48 PM Aaron Gable <aaron at letsencrypt.org> wrote:
>
> On Fri, Oct 14, 2022 at 12:34 PM Wendy Brown - QT3LB-C <
> wendy.brown at gsa.gov> wrote:
>
> Just a question -
>
> if a certificate that is being checked for revocation does not contain
> a cDP, how will requiring iDP in the CRL assist in preventing a CRL
> substitution attack? If you don't have the correct cDP for a given
> certificate how will the iDP in that sharded CRL provide assurance
> that the RP is looking at the correct CRL?
>
>
>
> In the case of the CRLs disclosed in CCADB's JSON Array of Partitioned
> CRLs field, the relying party (e.g. Mozilla or Apple) can verify that
> the distributionPoint contained within the CRL matches the URL
> disclosed in CCADB.
>
>
>
> On Fri, Oct 14, 2022 at 11:14 AM Corey Bonnell
> <Corey.Bonnell at digicert.com>
> wrote:
>
> I don?t believe the profiles ballot modifies section 7.2 at all, so
> there should be no conflict in having a separate proposal.
>
>
>
> The current profiles ballot lightly modifies Section 7.2.1 (
> https://github.com/cabforum/servercert/pull/373/files#diff-e0ac1bd1905
> 15a4f2ec09139d395ef6a8c7e9e5b612957c1f5a2dea80c6a6cfeR3118),
> but not in a way that would lead to a merge conflict with this ballot.
>
>
>
> Aaron
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20221017/d087745c/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
------------------------------
End of Servercert-wg Digest, Vol 52, Issue 21
*********************************************
More information about the Servercert-wg
mailing list