[Servercert-wg] SC-59 Weak Key Guidance - Move to Vote

Tom Zermeno tom at ssl.com
Mon Jun 26 18:52:51 UTC 2023 

Thank you, Christophe.  

 

I will work to address all feedback.

 

Tom

 

From: Christophe Bonjean <christophe.bonjean at globalsign.com> 
Sent: Monday, June 26, 2023 12:07 PM
To: Tom Zermeno <tom at ssl.com>; CA/B Forum Server Certificate WG Public
Discussion List <servercert-wg at cabforum.org>; Bruce Morton
<Bruce.Morton at entrust.com>
Subject: RE: SC-59 Weak Key Guidance - Move to Vote

 

Hi Tom

 

I agree with Bruce that the discussion feedback does not appear to be
sufficiently addressed in this version of the ballot.

 

Christophe

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Tom Zermeno via
Servercert-wg
Sent: Monday, June 26, 2023 6:02 PM
To: Bruce Morton <Bruce.Morton at entrust.com <mailto:Bruce.Morton at entrust.com>
>; CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: Re: [Servercert-wg] SC-59 Weak Key Guidance - Move to Vote

 

Bruce,

 

Thank you for noticing the issues with the submitted ballot.  I see now that
I did not properly follow the Forum process and will submit the updated
version for a second discussion period prior to the actual vote.  

 

Regards,

 

Tom

 

From: Bruce Morton <Bruce.Morton at entrust.com
<mailto:Bruce.Morton at entrust.com> > 
Sent: Friday, June 23, 2023 2:01 PM
To: Tom Zermeno <tom at ssl.com <mailto:tom at ssl.com> >; CA/B Forum Server
Certificate WG Public Discussion List <servercert-wg at cabforum.org
<mailto:servercert-wg at cabforum.org> >
Subject: RE: SC-59 Weak Key Guidance - Move to Vote

 

	
You don't often get email from bruce.morton at entrust.com
<mailto:bruce.morton at entrust.com> . Learn why this is important
<https://aka.ms/LearnAboutSenderIdentification> 

	

I am not sure if this a VOTING PERIOD time for the ballot. The ballot does
not appear to be updated based on discussion feedback. I also do not see who
has proposed the ballot (assume Tom), nor do I see the endorsers (assume Ben
and Martijn), but it would be good to clearly state, so we know everyone
proposing is still on board. 

If this is the voting period, then Entrust votes No to ballot SC-59.

 

 

Thanks, Bruce.

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Tom Zermeno via
Servercert-wg
Sent: Wednesday, June 21, 2023 12:33 PM
To: Infrastructure Bot via Servercert-wg <servercert-wg at cabforum.org
<mailto:servercert-wg at cabforum.org> >
Subject: [EXTERNAL] [Servercert-wg] SC-59 Weak Key Guidance - Move to Vote

 

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the
content is safe.

  _____  

After consideration and consultation via the SCWG mailing list, we have
decided to move forward with the Weak Keys Guidance Ballot (SC-59) as is,
save for the effective date.   

We believe that the requested date of November 15, 2023, will allow enough
time for Certificate Authorities to enact any changes to their systems to
ensure that they perform the weak key checks on all CSRs submitted for TLS
certificates. As such, we would like to move the ballot to the voting stage.


- Motion Begins -  

This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
based on Version 2.0.0. 

Notes: Upon beginning discussion for SC-59, the then-current version of the
BRs was 1.8.4; since that time several ballots have been approved, leading
to the increment of the version to 1.8.7 and eventually 2.0.0, which is the
latest approved version of the BRs.  The changes introduced in SC-59 do not
conflict with any of the recent ballots. As observed with other ballots in
the past, minor administrative updates must be made to the proposed ballot
text before publication such that the appropriate Version # and Change
History are accurately represented (e.g., to indicate these changes will be
represented in Version 2.0.1).  

  

MODIFY the Baseline Requirements as specified in the following Redline:
<https://github.com/cabforum/servercert/compare/a0360b61e73476959220dc328e3b
68d0224fa0b3...SSLcom:servercert:958e6ccac857b826fead6e4bd06d58f4fdd7fa7a>
https://github.com/cabforum/servercert/compare/a0360b61e73476959220dc328e3b6
8d0224fa0b3...SSLcom:servercert:958e6ccac857b826fead6e4bd06d58f4fdd7fa7a  

- Motion Ends - 

Vote for approval (7 days) 

    Start Time:  2023-06-22 18:00 UTC  

    End Time:   2023-06-29 18:00 UTC 

 

Any email and files/attachments transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If this message has been sent to you in error, you must not copy,
distribute or disclose of the information it contains. Please notify Entrust
immediately and delete the message from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230626/a5d27bad/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6868 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230626/a5d27bad/attachment-0001.p7s>

More information about the Servercert-wg mailing list