[Servercert-wg] DigiCert’s OSS pkilint adds support for CABF Ballot SC-62

Corey Bonnell Corey.Bonnell at digicert.com
Wed Aug 23 11:30:36 UTC 2023


DigiCert releases significant update for its open source linting framework,
pkilint, to support linting certificates against the Ballot SC-62 profiles

Building on the successful release earlier this year of pkilint as
open-source software under the permissive MIT license, DigiCert is pleased
to announce that pkilint 0.9.0 has been released today. This release adds
comprehensive support for linting certificates against the certificate
profiles defined in Ballot SC-62 for the CA/Browser Forum's TLS Baseline
Requirements. In particular, support for linting root certificates,
intermediate certificates, end-entity Subscriber certificates, as well as
OCSP delegated responder certificates is now included.

Pkilint can be easily installed as a Python package that is publicly
available on PyPi (https://pypi.org/project/pkilint/). Installation and
usage instructions are available on the PyPi page for pkilint, or on the
Github repository (https://github.com/digicert/pkilint). 

Ballot SC-62 dramatically increased the clarity surrounding requirements for
the profile of publicly trusted certificates, and we greatly encourage
industry participants to leverage pkilint in their transition strategy to
compliant profiles prior to the Ballot SC-62 effective date.

Bugs or other issues can be reported on the Github repository. Additionally,
we welcome contributions to improve the framework.

Near-term plans for enhancements include support for CRL linting against the
Ballot SC-63 profile. Additionally, work is planned to add an embedded REST
API server for all linters included in the framework so that pkilint can be
more readily integrated into CA issuance pipelines and to boost performance.
Finally, Docker images will be published alongside the Python package for
each release to further ease the upgrade process in CA environments.

If you have any questions or comments, please don't hesitate to reach out.

Thanks,

Corey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230823/c628f82c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5257 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230823/c628f82c/attachment.p7s>


More information about the Servercert-wg mailing list