[Servercert-wg] Discussion Period Begins: Ballot SC-062 V2: Certificate Profiles Update [Discussion Round #2]
Ryan Dickson
ryandickson at google.com
Fri Feb 17 19:00:00 UTC 2023
Purpose of Ballot SC-062 V2
Over the past three years, members of the Server Certificate Working Group
Validation Subcommittee have collaborated on an update to the Baseline
Requirements for the Issuance and Management of Publicly-Trusted
Certificates focused on improving the clarity of Section 7 (“Certificate,
CRL, and OCSP Profiles”).
The update:
1.
better aligns certificate content expectations across certificate
issuers and consumers,
2.
reduces the opportunity for confusion resulting from the absence of a
more precise certificate profile specification, and
3.
promotes more consistent and reliable implementations across the
ecosystem.
While most of the proposed updates focus on Section 7, changes were not
limited to only this section.
Technical discussion related to the proposed changes, along with high-level
change summaries have been documented in:
-
open GitHub pull requests (originally here
<https://github.com/sleevi/cabforum-docs/pull/36>, and more recently here
<https://github.com/cabforum/servercert/pull/373>),
-
several closed GitHub pull requests made against the “profiles
<https://github.com/cabforum/servercert/tree/profiles>” branch of the
servercert GitHub repository (most recently here
<https://github.com/cabforum/servercert/pull/418>), and
-
Validation Subcommittee meeting minutes (to include sessions held at
Face-to-Face meetings).
Due to a small number of changes proposed in the ballot that is otherwise
focused on clarifying existing requirements, an “all-encompassing”
effective date makes these changes normative beginning 2023-09-15.
*Updates included in "Version 2" (compared to the changes
<https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..0689ba59dbad9f5d2a5269051e5e0d0d1a25f3f6>
presented in "Version 1")*
- PR #418 <https://github.com/cabforum/servercert/pull/418> (various
editorial and content nits, increased specificity related to
cross-certificate EKU expectations)
The following motion has been proposed by Ryan Dickson of Google and
endorsed by Clint Wilson of Apple and Dimitris Zacharopoulos of HARICA.
— Motion Begins —
This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
based on Version 1.8.6.
MODIFY the Baseline Requirements as specified in the following Redline:
https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..profiles
— Motion Ends —
This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:
Discussion (11+ days)
-
Start time: 2023-02-17 19:00:00 UTC
-
End time: Not before 2023-03-03 15:00:00 UTC
Vote for approval (7 days)
-
Start time: TBD
-
End time: TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230217/dcabb12b/attachment-0001.html>
More information about the Servercert-wg
mailing list