[Servercert-wg] Discussion Period Begins: Ballot SC-061v3: New CRL Entries must have a Revocation Reason Code

Wed Feb 1 00:08:22 UTC 2023

Thanks, Aaron - the numbering change was unintentional, so I fixed that,
and I made other changes as requested.  See
https://github.com/BenWilson-Mozilla/servercert/commit/f1ed2357c6c9fe9bcedaec040582f872e0f519de
<https://github.com/BenWilson-Mozilla/servercert/commit/f1ed2357c6c9fe9bcedaec040582f872e0f519de>
Before I re-announce the discussion period, does anyone else have other
changes that they would like to see?
Thanks,
Ben

On Mon, Jan 30, 2023 at 9:58 AM Aaron Gable <aaron at letsencrypt.org> wrote:

> The current redline appears to undo the recent renumbering of section
> 4.9.1.1, causing it to have two different instances of paragraphs 1 through
> 5. These were renumbered in Ballot SC-56 Cleanup[1]. Can we please preserve
> the new numbering?
>
> Additional notes:
> - In 4.1.1.1 (1), perhaps "without specifying a CRLReason", rather than
> "without giving a reason"? A Subscriber might state "Please revoke this
> because I accidentally deleted the keys", in which case they are giving a
> reason, but the best revocation reason is still 0 (Unspecified). One might
> believe that Superseded is applicable in this case, but that revocation
> request does not necessarily indicate that the Subscriber has also replaced
> the certificate.
> - A very minor comment, but there's inconsistent phrasing between the five
> revocation reasons in Section 7.2.2: the first begins "Indicates that..."
> while the others begin "It is intended to be used...". Can we give all five
> of these entries the same structure/phrasing?
>
> Aaron
>
> [1]
> https://github.com/cabforum/servercert/pull/401/files#diff-e0ac1bd190515a4f2ec09139d395ef6a8c7e9e5b612957c1f5a2dea80c6a6cfeR1214-R1224
>
> On Thu, Jan 19, 2023 at 1:55 PM Ben Wilson via Servercert-wg <
> servercert-wg at cabforum.org> wrote:
>
>> All,
>>
>> This is version 3 of Ballot SC-061. I've moved some of the language down
>> into section 7.2.2, and I've added back in two paragraphs that have been in
>> the original Mozilla Root Store Policy regarding changing the reason code
>> and revocation date for key compromise.  I also changed the compliance date
>> to July 15, 2023. (The compliance date for CAs in Mozilla's program was
>> Oct. 1, 2022.)
>>
>> *Purpose of Ballot SC-061 v.3*
>>
>> The purpose of this ballot is to modify sections 4.9.1.1 and 7.2.2 of the
>> Baseline Requirements to incorporate the CRL reason codes that Mozilla has
>> adopted in section 6.1.1 of the Mozilla Root Store Policy.
>>
>> *Motion*
>>
>>
>> The following motion has been proposed by Ben Wilson of Mozilla and
>> endorsed by David Kluge of Google Trust Services and Kiran Tummala of
>> Microsoft.
>>
>> *—–Motion Begins—–*
>>
>> This ballot modifies sections 4.9.1.1 and 7.2.2 of the “Baseline
>> Requirements for the Issuance and Management of Publicly-Trusted
>> Certificates” as defined in the following redline, based on Version 1.8.6:
>>
>>
>> https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..b1a3d9b491c9744a50a0e194678d76c639d6076b
>>
>>
>>  *—–Motion Ends—–*
>>
>> This ballot proposes a Final Maintenance Guideline. The procedure for
>> approval of this ballot is as follows:
>>
>> Discussion (7+ days)
>>
>> Start Time:  January 19, 2023 22:00 UTC
>>
>> End Time: January 26, 2023 22:00 UTC
>>
>>
>>
>> Vote for approval (7 days)
>>
>> Start Time:  January 26, 2023 TBD
>>
>> End Time: February 2, 2023 TBD
>> _______________________________________________
>> Servercert-wg mailing list
>> Servercert-wg at cabforum.org
>> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230131/2575eaf7/attachment.html>