[Servercert-wg] Notice of Review Period: Ballot SC63 - Make OCSP optional, require CRLs and Incentivize Automation

Fri Jul 28 19:37:30 UTC 2023

Agreed.

Bruce.

From: Tim Hollebeek <tim.hollebeek at digicert.com>
Sent: Friday, July 28, 2023 3:33 PM
To: Bruce Morton <Bruce.Morton at entrust.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>; Inigo Barreira <Inigo.Barreira at sectigo.com>
Subject: [EXTERNAL] RE: Notice of Review Period: Ballot SC63 - Make OCSP optional, require CRLs and Incentivize Automation

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Just a helpful reminder to everyone trying to comply with this ballot to also check the Microsoft Root Program and its requirements around OCSP, which haven't changed.

I don't want anyone accidentally running afoul of those program requirements because they read the BRs in isolation.

-Tim

From: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Bruce Morton via Servercert-wg
Sent: Friday, July 28, 2023 9:32 AM
To: Inigo Barreira <Inigo.Barreira at sectigo.com<mailto:Inigo.Barreira at sectigo.com>>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Subject: Re: [Servercert-wg] Notice of Review Period: Ballot SC63 - Make OCSP optional, require CRLs and Incentivize Automation

Was just doing an implementation review of this ballot and the "optional" date for not supporting OCSP is confusing. Section 4.10.2 states "The CA SHALL operate and maintain its CRL and optional OCSP capability with resources sufficient to provide a response time of ten seconds or less under normal operating conditions." There are no conditions. I will interpret that the ballot's intent is that effective 15 March 2024, OCSP is optional and CRL is mandatory.

Please advise, if I missed a condition for removal of OCSP in another section.

Thanks, Bruce.

From: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Inigo Barreira via Servercert-wg
Sent: Monday, July 17, 2023 6:32 AM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Subject: [EXTERNAL] [Servercert-wg] Notice of Review Period: Ballot SC63 - Make OCSP optional, require CRLs and Incentivize Automation

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
NOTICE OF REVIEW PERIOD
This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email, both in red-line and changes-accepted draft format, in Word and PDF versions.

Summary of Review
Ballot for Review: Ballot SC-063 v4: Make OCSP Optional, Require CRLs, and Incentivize Automation - CAB Forum<https://urldefense.com/v3/__https:/url.avanan.click/v2/___https:/cabforum.org/2023/07/14/ballot-sc-063-v4make-ocsp-optional-require-crls-and-incentivize-automation/___.YXAzOmRpZ2ljZXJ0OmE6bzo1MzJjODcwNzcwNDkxMDdmNDA3ZWY5NzAwMzFmYTQ4Nzo2OjQ4M2E6Zjg1NmVhNjEzNzBiNjM1ZjU2MjliNGJiOWM5Y2NjYzQ3MjkwOTZhYWZkNDE0ZWExY2MxNWU2YjY2MzFkZmRiYjpoOkY__;!!FJ-Y8qCqXTj2!aQNsILvFywxilb1UCK0gielDofnYv72PFhLWnK187fgBTQUpfH_GmAusrLy3A1IJot99ANFTiXJfxmVeWH2yt7P4RI2f$>

Start of Review Period: 17 July 2023 at 17:00 Eastern Time
End of Review Period: 17 August 2023 at 17:00 Eastern Time

Members with any Essential Claim(s) to exclude must forward a written Notice to Exclude Essential Claims to the Working Group Chair (email to Iñigo Barreira <inigo.barreira at sectigo.com<mailto:inigo.barreira at sectigo.com>>) and also submit a copy to the CA/B Forum public mailing list (email to public at cabforum.org<mailto:public at cabforum.org<mailto:public%20at%20cabforum.org>>) before the end of the Review Period.
For details, please see the current version of the CA/Browser Forum Intellectual Property Rights Policy<https://urldefense.com/v3/__https:/url.avanan.click/v2/___https:/cabforum.org/wp-content/uploads/CABF-IPR-Policy-v.1.3_4APR18.pdf___.YXAzOmRpZ2ljZXJ0OmE6bzo1MzJjODcwNzcwNDkxMDdmNDA3ZWY5NzAwMzFmYTQ4Nzo2OmM5YzA6OTQ3Y2U4YzBjOGI4NWVjNmMxYmZmMjM4ZDQxMmE2ZWY1MTZkODNmOWM2MTIzZTYyNDU5ZjM4MjE4OTgyZjg3NDpoOkY__;!!FJ-Y8qCqXTj2!aQNsILvFywxilb1UCK0gielDofnYv72PFhLWnK187fgBTQUpfH_GmAusrLy3A1IJot99ANFTiXJfxmVeWH2ytx9L45tx$>.
(An optional template for submitting an Exclusion Notice is available at https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf<https://urldefense.com/v3/__https:/url.avanan.click/v2/___https:/cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf___.YXAzOmRpZ2ljZXJ0OmE6bzo1MzJjODcwNzcwNDkxMDdmNDA3ZWY5NzAwMzFmYTQ4Nzo2OmQwODM6NTkxOTlhYTFkYWE0MjJiYzJkNThhOGEzZjk4ZDM1YWE1N2U0MGZkOTBjYWIwMDA3Njk4MTM1N2QwNjgxMGQ1NjpoOkY__;!!FJ-Y8qCqXTj2!aQNsILvFywxilb1UCK0gielDofnYv72PFhLWnK187fgBTQUpfH_GmAusrLy3A1IJot99ANFTiXJfxmVeWH2yty87Wwg2$>)
Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230728/e8a8da94/attachment.html>