[Servercert-wg] Voting period begins: SC-58: require distributionPoint in sharded CRLs

Jacob Hoffman-Andrews jsha at letsencrypt.org
Mon Oct 31 23:10:18 UTC 2022


Let's Encrypt votes yes.

On Mon, Oct 31, 2022 at 9:15 AM Aaron Gable via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Purpose of Ballot
>
> Recently, several conversations around the necessity of the
> distributionPoint field (and its containing Issuing Distribution Point
> extension) in sharded CRLs have come to the conclusion that, although the
> distributionPoint field serves an important purpose in defending against
> substitution attacks, RFC 5280's language does not actually require its
> presence.
>
> This ballot augments the Baseline Requirements' CRL Profile to ensure that
> all sharded CRLs contain the distributionPoint field.
>
>
> The following motion has been proposed by Aaron Gable of ISRG / Let's
> Encrypt, and endorsed by Clint Wilson of Apple, Corey Bonnell of DigiCert,
> and Dmitris Zacharopoulos of HARICA.
> Motion Begins
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
> based on Version 1.8.4.
>
>
> MODIFY the Baseline Requirements as specified in the following Redline:
>
>
> https://github.com/cabforum/servercert/compare/bbca71465ed8a8a76383086039f52c750009286a..348756d64e863c19bcab404671abeeec985d6041
> Motion Ends
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
>
> Discussion (Completed)
>
> Start time: 2022-10-22 00:00:00 UTC
>
> End time: Not before 2022-10-29 00:00:00 UTC
>
>
> Vote for approval (7 days)
>
> Start time: 2022-10-31 16:00:00 UTC
>
> End time: 2022-11-07 16:00:00 UTC
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20221031/7afb3994/attachment.html>


More information about the Servercert-wg mailing list