[Servercert-wg] Discussion Period Begins: Ballot SC-061v3: New CRL Entries must have a Revocation Reason Code

Mon Jan 30 16:58:04 UTC 2023

The current redline appears to undo the recent renumbering of section
4.9.1.1, causing it to have two different instances of paragraphs 1 through
5. These were renumbered in Ballot SC-56 Cleanup[1]. Can we please preserve
the new numbering?

Additional notes:
- In 4.1.1.1 (1), perhaps "without specifying a CRLReason", rather than
"without giving a reason"? A Subscriber might state "Please revoke this
because I accidentally deleted the keys", in which case they are giving a
reason, but the best revocation reason is still 0 (Unspecified). One might
believe that Superseded is applicable in this case, but that revocation
request does not necessarily indicate that the Subscriber has also replaced
the certificate.
- A very minor comment, but there's inconsistent phrasing between the five
revocation reasons in Section 7.2.2: the first begins "Indicates that..."
while the others begin "It is intended to be used...". Can we give all five
of these entries the same structure/phrasing?

Aaron

[1]
https://github.com/cabforum/servercert/pull/401/files#diff-e0ac1bd190515a4f2ec09139d395ef6a8c7e9e5b612957c1f5a2dea80c6a6cfeR1214-R1224

On Thu, Jan 19, 2023 at 1:55 PM Ben Wilson via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> All,
>
> This is version 3 of Ballot SC-061. I've moved some of the language down
> into section 7.2.2, and I've added back in two paragraphs that have been in
> the original Mozilla Root Store Policy regarding changing the reason code
> and revocation date for key compromise.  I also changed the compliance date
> to July 15, 2023. (The compliance date for CAs in Mozilla's program was
> Oct. 1, 2022.)
>
> *Purpose of Ballot SC-061 v.3*
>
> The purpose of this ballot is to modify sections 4.9.1.1 and 7.2.2 of the
> Baseline Requirements to incorporate the CRL reason codes that Mozilla has
> adopted in section 6.1.1 of the Mozilla Root Store Policy.
>
> *Motion*
>
>
> The following motion has been proposed by Ben Wilson of Mozilla and
> endorsed by David Kluge of Google Trust Services and Kiran Tummala of
> Microsoft.
>
> *—–Motion Begins—–*
>
> This ballot modifies sections 4.9.1.1 and 7.2.2 of the “Baseline
> Requirements for the Issuance and Management of Publicly-Trusted
> Certificates” as defined in the following redline, based on Version 1.8.6:
>
>
> https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..b1a3d9b491c9744a50a0e194678d76c639d6076b
>
>
>  *—–Motion Ends—–*
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time:  January 19, 2023 22:00 UTC
>
> End Time: January 26, 2023 22:00 UTC
>
>
>
> Vote for approval (7 days)
>
> Start Time:  January 26, 2023 TBD
>
> End Time: February 2, 2023 TBD
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230130/95a53cde/attachment-0001.html>