[Servercert-wg] [EXTERNAL] Discussion Period Begins: Ballot SC-061: New CRL Entries must have a Revocation Reason Code

Ben Wilson bwilson at mozilla.com
Tue Jan 17 20:47:37 UTC 2023


Hi Bruce,

What if this line from section 7.2.2 were modified " If a `reasonCode` CRL
entry extension is present, the `CRLReason` MUST indicate the most
appropriate reason for revocation of the certificate, as defined by the CA
within its CP/CPS."?

It could say, "*For Subscriber Certificates, *if a `reasonCode` CRL entry
extension is present, the `CRLReason` MUST indicate the most appropriate
reason for revocation of the certificate, as *set forth in section
4.9.1.1* defined
by the CA within its CP/CPS."?

Ben

On Mon, Jan 16, 2023 at 9:16 AM Bruce Morton <Bruce.Morton at entrust.com>
wrote:

> Hi Ben,
>
>
>
> I think it would be best if the text regarding “Only the following
> CRLReasons MAY be present in the CRL `reasonCode` extension” be in section
> “7.2.2 CRL and CRL entry extensions”. This is the section which I would
> check and already discusses reasonCodes and prohibits reasons 0 and 6.
>
>
>
>
>
> Thanks, Bruce.
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf Of *Ben
> Wilson via Servercert-wg
> *Sent:* Friday, January 13, 2023 12:02 PM
> *To:* CA/B Forum Server Certificate WG Public Discussion List <
> servercert-wg at cabforum.org>
> *Subject:* [EXTERNAL] [Servercert-wg] Discussion Period Begins: Ballot
> SC-061: New CRL Entries must have a Revocation Reason Code
>
>
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the
> content is safe.
> ------------------------------
>
> Resending:
>
>
>
> *Purpose of Ballot SC-061*
>
> The purpose of this ballot is to modify section 4.9.1.1 of the Baseline
> Requirements to incorporate the CRL reason codes that Mozilla has adopted
> in section 6.1.1. of its root store policy.
>
>
>
> *Motion*
>
> The following motion has been proposed by Ben Wilson of Mozilla and
> endorsed by David Kluge of Google Trust Services and Kiran Tummala of
> Microsoft.
>
> *—–Motion Begins—–*
>
> This ballot modifies section 4.9.1.1 of the “Baseline Requirements for the
> Issuance and Management of Publicly-Trusted Certificates” as defined in the
> following redline, based on Version 1.8.6:
>
>
> https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..3b034ede43a5bfd34baac80cfeb87ebe6db20be1
> <https://urldefense.com/v3/__https:/github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..3b034ede43a5bfd34baac80cfeb87ebe6db20be1__;!!FJ-Y8qCqXTj2!fGdvJtoNqEzSMTpSy3evCo7PWF0P0D-SZhFyqhk55IdbBsh92ZCFdV6kU0552Hp7bgGWJij8JKOERQcha4dflcRoAWhnGQ$>
>
>
>
>  *—–Motion Ends—–*
>
>
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time:  January 13, 2023 17:00 UTC
>
> End Time: January 20, 2023 17:00 UTC
>
>
>
> Vote for approval (7 days)
>
> Start Time:  January 20, 2023 17:00 UTC
>
> End Time: January 27, 2023 17:00 UTC
>
>
>
>
> *Any email and files/attachments transmitted with it are confidential and
> are intended solely for the use of the individual or entity to whom they
> are addressed. If this message has been sent to you in error, you must not
> copy, distribute or disclose of the information it contains. Please notify
> Entrust immediately and delete the message from your system.*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230117/e1f31c48/attachment.html>


More information about the Servercert-wg mailing list