[Servercert-wg] Proposal to Incorporate Mozilla's CRL Revocation Reason Code Requirements into the BRs

Dimitris Zacharopoulos dzacharo at harica.gr
Mon Jan 9 17:29:21 UTC 2023 

I'm fine with any date. As Ben said, CAs should probably already be implementing these practices so the sooner the better? Are there any objections to using March 15 as the effective date provided we run the ballot this month?


Thanks,

DZ.


Jan 9, 2023 17:42:26 Tim Hollebeek <tim.hollebeek at digicert.com>:

> I like March 15, September 15, and July 15 because they align with our growing consensus to use the 15th day of odd months for deadlines, reducing the number of possible deadlines from 366 to 6, a >60x reduction in complexity for those of us trying to track and manage these things.
> 
> -Tim
> 
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf Of *Ben Wilson via Servercert-wg
> *Sent:* Friday, January 6, 2023 6:08 PM
> *To:* Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Cc:* CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] Proposal to Incorporate Mozilla's CRL Revocation Reason Code Requirements into the BRs
> 
> I am preparing the ballot, but I think that the effective dates should be included in your GitHub version. (Currently at https://github.com/cabforum/servercert/compare/0a07e046326101ef3b57572daebd3cf45ff4840f[https://avanan.url-protection.com/v1/url?o=https%3A//github.com/cabforum/servercert/compare/0a07e046326101ef3b57572daebd3cf45ff4840f&g=ZWJmMjY3Njc2YjRiNjg0Yw==&h=OWFjMmE2ZWM0Nzg4NzIzMjc2ZGYxMjkzMTEyNDI1ODgxZWY3YmI4MjQ4NDUzMmZjMWM4NTQ1ZjA1M2ZiZGRlOA==&p=YXAzOmRpZ2ljZXJ0OmE6bzplMzA1NzFmNGVjYTM2N2I1ODcyYTM2M2ZjODdiOGM0ZTp2MTpoOkY=].)  CAs in Mozilla's program should have already been including reason codes in CRLs.  Elsewhere, others have suggested March 15 and September 15 as potential effective dates for other ballots, but I'd be willing to say July 1st or July 15th. What are everyone's thoughts?
> 
> Ben
> 
> On Thu, Jan 5, 2023 at 10:44 AM Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr> wrote:
> 
> Language updated in https://github.com/cabforum/servercert/pull/405/commits/0a07e046326101ef3b57572daebd3cf45ff4840f[https://avanan.url-protection.com/v1/url?o=https%3A//github.com/cabforum/servercert/pull/405/commits/0a07e046326101ef3b57572daebd3cf45ff4840f&g=NTk0NmQ2YjZlYWI3NzVjNA==&h=ZmUxMmU5NWQzYzg3ZDBjZThkNmNkYzFjYWU2NDRmZTllYzkxY2Q3NmEzNDUzNTRhYmVkYTIwMTQ0MmU0MmJhMw==&p=YXAzOmRpZ2ljZXJ0OmE6bzplMzA1NzFmNGVjYTM2N2I1ODcyYTM2M2ZjODdiOGM0ZTp2MTpoOkY=].
> 
> I don't see any other unresolved comments. Ben, please do one last review in case I missed something.
> 
> 
> Thanks,
> Dimitris.
> 
> 
> 
> On 5/1/2023 7:24 μ.μ., Ben Wilson wrote:
> 
> Great - thanks.
> 
> On Thu, Jan 5, 2023 at 10:06 AM Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr> wrote:
> 
> Hi Ben,
> 
> I saw your comments with proposed language, and here are my thoughts, in-line:
> 
> 
> On 4/1/2023 8:50 μ.μ., Ben Wilson wrote:
> 
> Hi Dimitris,
> 
> I have submitted two comments that I think need to be resolved.
> 
> I think the first "1" should be written as:
> 
> The Subscriber requests in writing, */without giving a reason required to be specified by this section 4.9.1.1,/* that the CA revoke the ..."
> 
> 
> I prefer your earlier comment[https://avanan.url-protection.com/v1/url?o=https%3A//github.com/cabforum/servercert/pull/405/files%23r1061778056&g=ZGU3MzkyM2ZlZjY3YmRkYw==&h=Y2I2MWI5ZTA3ZGZiMWQyNThjMTQ1MmU0OGNhY2NlNjk5OTMzNTFhOWI4NGU1MTdlNjRkMjA1ZDY4ZWRiZWU5ZQ==&p=YXAzOmRpZ2ljZXJ0OmE6bzplMzA1NzFmNGVjYTM2N2I1ODcyYTM2M2ZjODdiOGM0ZTp2MTpoOkY=] which says
> 
> "1. The Subscriber requests in writing, */without giving a reason,/* that the CA revoke the ..."
> 
> I believe this language is simpler as long as this option is available to Subscribers that just want to revoke a certificate and don't want to suggest a specific reason. I assume this is still allowed.
> 
> 
> 
> Number 10 in the second list should be written as:
> 
> "10. Revocation is required by the CA's Certificate Policy and/or Certification Practice Statement */for a reason that is not otherwise required to be specified by this section 4.9.1.1/* ..."
> 
> 
> +1
> 
> If you are ok with the first option, I will update the PR.
> 
> Thanks!
> Dimitris.
> 
> 
> Ben
> 
> On Tue, Nov 22, 2022 at 1:12 AM Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr> wrote:
> 
>-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230109/8d2707d2/attachment.html>

More information about the Servercert-wg mailing list