[Servercert-wg] Discussion Period Begins: Ballot SC-062: Certificate Profiles Update

Inigo Barreira Inigo.Barreira at sectigo.com
Tue Jan 31 15:43:45 UTC 2023


Ryan, can you double-check the discussion period? I think the starting and
end time have a different format. 

 

Regards

 

De: Servercert-wg <servercert-wg-bounces at cabforum.org> En nombre de Ryan
Dickson via Servercert-wg
Enviado el: martes, 31 de enero de 2023 16:01
Para: ServerCert CA/BF <servercert-wg at cabforum.org>
Asunto: [Servercert-wg] Discussion Period Begins: Ballot SC-062: Certificate
Profiles Update

 

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.

 

Purpose of Ballot

 

Over the past three years, members of the Server Certificate Working Group
Validation Subcommittee have collaborated on an update to the Baseline
Requirements for the Issuance and Management of Publicly-Trusted
Certificates focused on improving the clarity of Section 7 ("Certificate,
CRL, and OCSP Profiles"). 

 

The update: 

1.      

2.      

3.     better aligns certificate content expectations across certificate
issuers and consumers, 

4.      

5.      

6.      

7.     reduces the opportunity for confusion resulting from the absence of a
more precise certificate profile specification,

8.      and 

9.      

10.   

11.   

12.  promotes more consistent and reliable implementations across the
ecosystem.

13.   

 

While most of the proposed updates focus on Section 7, changes were not
limited to only this section. 

 

Technical discussion related to the proposed changes, along with high-level
change summaries have been documented in:

*   

*   

*  open GitHub pull requests (originally
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fsleevi%2Fcabforum-docs%2Fpull%2F36&data=05%7C01%7Cinigo.barreira%40secti
go.com%7C1086fd19b4a84505946b08db039c0922%7C0e9c48946caa465d96604b6968b49fb7
%7C0%7C0%7C638107740945758711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9SVkcktU5
F5TkndRqUqJR5SDiTE9O4ythZXFItimRaY%3D&reserved=0> 

 
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fsleevi%2Fcabforum-docs%2Fpull%2F36&data=05%7C01%7Cinigo.barreira%40secti
go.com%7C1086fd19b4a84505946b08db039c0922%7C0e9c48946caa465d96604b6968b49fb7
%7C0%7C0%7C638107740945758711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9SVkcktU5
F5TkndRqUqJR5SDiTE9O4ythZXFItimRaY%3D&reserved=0> *  here,

*   and more recently
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fpull%2F373&data=05%7C01%7Cinigo.barreira%40secti
go.com%7C1086fd19b4a84505946b08db039c0922%7C0e9c48946caa465d96604b6968b49fb7
%7C0%7C0%7C638107740945758711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=q0jFwXxtb
OU77%2Bhhe4Ccab5mVov92iZtfsariKGt1bE%3D&reserved=0> 

 
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fpull%2F373&data=05%7C01%7Cinigo.barreira%40secti
go.com%7C1086fd19b4a84505946b08db039c0922%7C0e9c48946caa465d96604b6968b49fb7
%7C0%7C0%7C638107740945758711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=q0jFwXxtb
OU77%2Bhhe4Ccab5mVov92iZtfsariKGt1bE%3D&reserved=0> *  here),

*   

*   

*   

*  several closed GitHub pull requests made against the "
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Ftree%2Fprofiles&data=05%7C01%7Cinigo.barreira%40
sectigo.com%7C1086fd19b4a84505946b08db039c0922%7C0e9c48946caa465d96604b6968b
49fb7%7C0%7C0%7C638107740945758711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uf8D
u%2BhEXJ8G4YWx0VsLeFzwC2tL4OVLNLagU%2FGVAiQ%3D&reserved=0> profiles"

*   branch of the servercert GitHub repository, and

*   

*   

*   

*  Validation Subcommittee meeting minutes (to include sessions held at
Face-to-Face meetings). 

*   

 

Due to a small number of changes proposed in the ballot that is otherwise
focused on clarifying existing requirements, an "all-encompassing" effective
date makes these changes normative beginning 2023-09-15.

 

The following motion has been proposed by Ryan Dickson of Google and
endorsed by Clint Wilson of Apple and Dimitris Zacharopoulos of HARICA.

 

- Motion Begins -

 

This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
based on Version 1.8.6.

 

MODIFY the Baseline Requirements as specified in the following Redline:
https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb5
7e0fcc5dd5b..0689ba59dbad9f5d2a5269051e5e0d0d1a25f3f6 

 

- Motion Ends -

 

This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:

 

Discussion (7+ days)

*	 
*	 
*	Start time: 2023-31-01 15:00:00 UTC
*	 
*	 
*	 
*	End time: Not before 2023-02-07 15:00:00 UTC
*	 

 

Vote for approval (7 days)

*	 
*	 
*	Start time: TBD
*	 
*	 
*	 
*	End time: TBD
*	 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230131/1c8d3cdc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6853 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230131/1c8d3cdc/attachment-0001.p7s>


More information about the Servercert-wg mailing list