[Servercert-wg] SC-59 Weak Key Guidance - Move to Vote

Christophe Bonjean christophe.bonjean at globalsign.com
Mon Jun 26 17:06:58 UTC 2023

Hi Tom


I agree with Bruce that the discussion feedback does not appear to be
sufficiently addressed in this version of the ballot.




From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Tom
Zermeno via Servercert-wg
Sent: Monday, June 26, 2023 6:02 PM
To: Bruce Morton <Bruce.Morton at entrust.com>; CA/B Forum Server Certificate
WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] SC-59 Weak Key Guidance - Move to Vote




Thank you for noticing the issues with the submitted ballot.  I see now that
I did not properly follow the Forum process and will submit the updated
version for a second discussion period prior to the actual vote.  






From: Bruce Morton <Bruce.Morton at entrust.com> 
Sent: Friday, June 23, 2023 2:01 PM
To: Tom Zermeno <tom at ssl.com>; CA/B Forum Server Certificate WG Public
Discussion List <servercert-wg at cabforum.org>
Subject: RE: SC-59 Weak Key Guidance - Move to Vote


You don't often get email from bruce.morton at entrust.com
<mailto:bruce.morton at entrust.com> . Learn why this is important


I am not sure if this a VOTING PERIOD time for the ballot. The ballot does
not appear to be updated based on discussion feedback. I also do not see who
has proposed the ballot (assume Tom), nor do I see the endorsers (assume Ben
and Martijn), but it would be good to clearly state, so we know everyone
proposing is still on board. 

If this is the voting period, then Entrust votes No to ballot SC-59.



Thanks, Bruce.


From: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Tom Zermeno via
Sent: Wednesday, June 21, 2023 12:33 PM
To: Infrastructure Bot via Servercert-wg <servercert-wg at cabforum.org
<mailto:servercert-wg at cabforum.org> >
Subject: [EXTERNAL] [Servercert-wg] SC-59 Weak Key Guidance - Move to Vote


WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the
content is safe.


After consideration and consultation via the SCWG mailing list, we have
decided to move forward with the Weak Keys Guidance Ballot (SC-59) as is,
save for the effective date.   

We believe that the requested date of November 15, 2023, will allow enough
time for Certificate Authorities to enact any changes to their systems to
ensure that they perform the weak key checks on all CSRs submitted for TLS
certificates. As such, we would like to move the ballot to the voting stage.

- Motion Begins -  

This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
based on Version 2.0.0. 

Notes: Upon beginning discussion for SC-59, the then-current version of the
BRs was 1.8.4; since that time several ballots have been approved, leading
to the increment of the version to 1.8.7 and eventually 2.0.0, which is the
latest approved version of the BRs.  The changes introduced in SC-59 do not
conflict with any of the recent ballots. As observed with other ballots in
the past, minor administrative updates must be made to the proposed ballot
text before publication such that the appropriate Version # and Change
History are accurately represented (e.g., to indicate these changes will be
represented in Version 2.0.1).  


MODIFY the Baseline Requirements as specified in the following Redline:

- Motion Ends - 

Vote for approval (7 days) 

    Start Time:  2023-06-22 18:00 UTC  

    End Time:   2023-06-29 18:00 UTC 


Any email and files/attachments transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If this message has been sent to you in error, you must not copy,
distribute or disclose of the information it contains. Please notify Entrust
immediately and delete the message from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230626/77a24646/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8436 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230626/77a24646/attachment-0001.p7s>

More information about the Servercert-wg mailing list