[Servercert-wg] Voting Period Begins - Ballot SC-062 V2: Certificate Profiles Update

Clint Wilson clintw at apple.com
Tue Mar 14 16:57:56 UTC 2023


Apple votes Yes on Ballot SC-062 V2.

> On Mar 9, 2023, at 11:00 AM, Ryan Dickson via Servercert-wg <servercert-wg at cabforum.org> wrote:
> 
> Purpose of Ballot SC-062 V2
> 
> Over the past three years, members of the Server Certificate Working Group Validation Subcommittee have collaborated on an update to the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates focused on improving the clarity of Section 7 (“Certificate, CRL, and OCSP Profiles”). 
> 
> The update: 
> better aligns certificate content expectations across certificate issuers and consumers, 
> reduces the opportunity for confusion resulting from the absence of a more precise certificate profile specification, and 
> promotes more consistent and reliable implementations across the ecosystem.
> 
> While most of the proposed updates focus on Section 7, changes were not limited to only this section. 
> 
> Technical discussion related to the proposed changes, along with high-level change summaries have been documented in:
> open GitHub pull requests (originally here <https://github.com/sleevi/cabforum-docs/pull/36>, and more recently here <https://github.com/cabforum/servercert/pull/373>),
> several closed GitHub pull requests made against the “profiles <https://github.com/cabforum/servercert/tree/profiles>” branch of the servercert GitHub repository (most recently here <https://github.com/cabforum/servercert/pull/418>), and
> Validation Subcommittee meeting minutes (to include sessions held at Face-to-Face meetings). 
> 
> Due to a small number of changes proposed in the ballot that is otherwise focused on clarifying existing requirements, an “all-encompassing” effective date makes these changes normative beginning 2023-09-15.
> 
> The following motion has been proposed by Ryan Dickson of Google and endorsed by Clint Wilson of Apple and Dimitris Zacharopoulos of HARICA.
> 
> 
> — Motion Begins —
> 
> This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version 1.8.6.
> 
> Notes: 
> Upon beginning discussion for SC-62 V2 on 2/17, Version 1.8.6 was the latest approved version of the BRs. During the discussion period, the SC-61 V4 vote was approved <https://lists.cabforum.org/pipermail/servercert-wg/2023-February/003600.html>, incrementing the soon to be latest version of the BRs to 1.8.7.  These changes are in the process of being merged into the main Github repository.
> The changes introduced in SC-62 V2 <https://github.com/cabforum/servercert/compare/e87bc5fcf35f533e58899311e538e6ffe959102e> do not conflict with those added in SC-61 V4 <https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018>. 
> As observed with other ballots in the past, minor administrative updates must be made to the proposed ballot text before publication such that the appropriate Version # and Change History are accurately represented (e.g., to indicate these changes will be represented in Version 1.8.8).
> 
> MODIFY the Baseline Requirements as specified in the following Redline: https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018 
> 
> 
> — Motion Ends —
> 
> 
> This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
> 
> Discussion (11+ days)
> Start time: 2023-02-17 19:00:00 UTC
> End time: 2023-03-09 18:59:00 UTC
> 
> Vote for approval (7 days)
> Start time: 2023-03-09 19:00:00 UTC
> End time: 2023-03-16 19:00:00 UTC
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230314/41af4ca6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230314/41af4ca6/attachment-0001.p7s>


More information about the Servercert-wg mailing list