[Servercert-wg] [EXTERNAL] Discussion Period Begins: Ballot SC-061: New CRL Entries must have a Revocation Reason Code

Wed Jan 18 21:41:13 UTC 2023

Hi Ben,

The reference should work as it will tie the CRL extension section to the revocation reason section; however, it would still seem odd that one section prohibits 2 reason codes and another section approves reason codes. It would seem to be better form to state all the CRL extension requirements in the CRL extension section.

Bruce.

From: Ben Wilson <bwilson at mozilla.com>
Sent: Tuesday, January 17, 2023 3:48 PM
To: Bruce Morton <Bruce.Morton at entrust.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [EXTERNAL] [Servercert-wg] Discussion Period Begins: Ballot SC-061: New CRL Entries must have a Revocation Reason Code

Hi Bruce,

What if this line from section 7.2.2 were modified " If a `reasonCode` CRL entry extension is present, the `CRLReason` MUST indicate the most appropriate reason for revocation of the certificate, as defined by the CA within its CP/CPS."?

It could say, "For Subscriber Certificates, if a `reasonCode` CRL entry extension is present, the `CRLReason` MUST indicate the most appropriate reason for revocation of the certificate, as set forth in section 4.9.1.1 defined by the CA within its CP/CPS."?

Ben

On Mon, Jan 16, 2023 at 9:16 AM Bruce Morton <Bruce.Morton at entrust.com<mailto:Bruce.Morton at entrust.com>> wrote:
Hi Ben,

I think it would be best if the text regarding “Only the following CRLReasons MAY be present in the CRL `reasonCode` extension” be in section “7.2.2 CRL and CRL entry extensions”. This is the section which I would check and already discusses reasonCodes and prohibits reasons 0 and 6.

Thanks, Bruce.

From: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Ben Wilson via Servercert-wg
Sent: Friday, January 13, 2023 12:02 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Subject: [EXTERNAL] [Servercert-wg] Discussion Period Begins: Ballot SC-061: New CRL Entries must have a Revocation Reason Code

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Resending:

Purpose of Ballot SC-061
The purpose of this ballot is to modify section 4.9.1.1 of the Baseline Requirements to incorporate the CRL reason codes that Mozilla has adopted in section 6.1.1. of its root store policy.

Motion
The following motion has been proposed by Ben Wilson of Mozilla and endorsed by David Kluge of Google Trust Services and Kiran Tummala of Microsoft.
—–Motion Begins—–
This ballot modifies section 4.9.1.1 of the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as defined in the following redline, based on Version 1.8.6:
https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..3b034ede43a5bfd34baac80cfeb87ebe6db20be1<https://urldefense.com/v3/__https:/github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..3b034ede43a5bfd34baac80cfeb87ebe6db20be1__;!!FJ-Y8qCqXTj2!fGdvJtoNqEzSMTpSy3evCo7PWF0P0D-SZhFyqhk55IdbBsh92ZCFdV6kU0552Hp7bgGWJij8JKOERQcha4dflcRoAWhnGQ$>

 —–Motion Ends—–

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time:  January 13, 2023 17:00 UTC
End Time: January 20, 2023 17:00 UTC

Vote for approval (7 days)
Start Time:  January 20, 2023 17:00 UTC
End Time: January 27, 2023 17:00 UTC

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230118/436c5ffe/attachment-0001.html>