[Servercert-wg] Discussion Period Begins: Ballot SC-061v4: New CRL Entries must have a Revocation Reason Code

Ben Wilson bwilson at mozilla.com
Wed Feb 8 03:06:04 UTC 2023


All,

This is version 4 of Ballot SC-061. This version uses the following
language in section 7.2.2 “superseded (RFC 5280 CRLReason #4): Indicates
that the Certificate is being replaced because: the Subscriber has
requested a new Certificate, the CA has reasonable evidence that the
validation of domain authorization or control for any fully‐qualified
domain name or IP address in the Certificate should not be relied upon, or
the CA has revoked the Certificate for compliance reasons such as the
Certificate does not comply with these Baseline Requirements or the CA's CP
or CPS;”

*Purpose of Ballot SC-061 v.4*

The purpose of this ballot is to modify sections 4.9.1.1 and 7.2.2 of the
Baseline Requirements to incorporate the CRL reason codes that Mozilla has
adopted in section 6.1.1 of the Mozilla Root Store Policy.

*Motion*

The following motion has been proposed by Ben Wilson of Mozilla and
endorsed by David Kluge of Google Trust Services and Kiran Tummala of
Microsoft.

*—–Motion Begins—–*

This ballot modifies sections 4.9.1.1 and 7.2.2 of the “Baseline
Requirements for the Issuance and Management of Publicly-Trusted
Certificates” as defined in the following redline, based on Version 1.8.6:

https://github.com/cabforum/servercert/compare/e87bc5fcf35f533e58899311e538e6ffe959102e


 *—–Motion Ends—– *



This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:

Discussion (7+ days)

Start Time:  February 8, 2023 03:00 UTC

End Time: Not before February 15, 2023 03:00 UTC



Vote for approval (7 days)

Start Time:  TBD

End Time:  TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230207/53223112/attachment.html>


More information about the Servercert-wg mailing list