[Servercert-wg] Voting Period Begins - Ballot SC-062 V2: Certificate Profiles Update

Adrian Mueller adrian.mueller at swisssign.com
Wed Mar 15 06:44:54 UTC 2023 

SwissSign votes Yes on Ballot SC-062 V2.

 

 

Best regards

 

Adrian

 

 

Adrian M. Mueller

Product Manager Certificate Services

 

+41 43 811 05 97

 <mailto:adrian.mueller at swisssign.com> adrian.mueller at swisssign.com

 

Von: Servercert-wg <servercert-wg-bounces at cabforum.org> Im Auftrag von Ryan
Dickson via Servercert-wg
Gesendet: Donnerstag, 9. März 2023 20:00
An: ServerCert CA/BF <servercert-wg at cabforum.org>
Betreff: [Servercert-wg] Voting Period Begins - Ballot SC-062 V2:
Certificate Profiles Update

 

Purpose of Ballot SC-062 V2

 

Over the past three years, members of the Server Certificate Working Group
Validation Subcommittee have collaborated on an update to the Baseline
Requirements for the Issuance and Management of Publicly-Trusted
Certificates focused on improving the clarity of Section 7 (“Certificate,
CRL, and OCSP Profiles”). 

 

The update: 

1.    better aligns certificate content expectations across certificate
issuers and consumers, 

2.    reduces the opportunity for confusion resulting from the absence of a
more precise certificate profile specification, and 

3.    promotes more consistent and reliable implementations across the
ecosystem.

 

While most of the proposed updates focus on Section 7, changes were not
limited to only this section. 

 

Technical discussion related to the proposed changes, along with high-level
change summaries have been documented in:

*  open GitHub pull requests (originally
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fsleevi%2Fcabforum-docs%2Fpull%2F36&data=05%7C01%7Cadrian.mueller%40swiss
sign.com%7Cd5e813825e724b88ea7108db20d08a05%7C21322582607f404c82d950ddb1eca5
c9%7C1%7C0%7C638139852268434307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uRId01O
tlHhXtlUirQJbyY3%2FLvVCSAMWdHSlF1BRnmk%3D&reserved=0>  here, and more
recently
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fpull%2F373&data=05%7C01%7Cadrian.mueller%40swiss
sign.com%7Cd5e813825e724b88ea7108db20d08a05%7C21322582607f404c82d950ddb1eca5
c9%7C1%7C0%7C638139852268434307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8Bh1YyH
t4odgRNNOzFCmmMxuQTuoe%2B2mLqNOxQJQEtg%3D&reserved=0>  here),

*  several closed GitHub pull requests made against the “
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Ftree%2Fprofiles&data=05%7C01%7Cadrian.mueller%40
swisssign.com%7Cd5e813825e724b88ea7108db20d08a05%7C21322582607f404c82d950ddb
1eca5c9%7C1%7C0%7C638139852268434307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=B5
NqouMU8DI3lkBent09%2BBSx%2BBDsNZk%2FMl5HY0kPDZY%3D&reserved=0> profiles”
branch of the servercert GitHub repository (most recently
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fpull%2F418&data=05%7C01%7Cadrian.mueller%40swiss
sign.com%7Cd5e813825e724b88ea7108db20d08a05%7C21322582607f404c82d950ddb1eca5
c9%7C1%7C0%7C638139852268434307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=IPPxJq5
Lfw%2BlIVCyXGcar0ra3fTzvjP0sNh2E%2FhzIc8%3D&reserved=0>  here), and

*  Validation Subcommittee meeting minutes (to include sessions held at
Face-to-Face meetings). 

 

Due to a small number of changes proposed in the ballot that is otherwise
focused on clarifying existing requirements, an “all-encompassing” effective
date makes these changes normative beginning 2023-09-15.

 

The following motion has been proposed by Ryan Dickson of Google and
endorsed by Clint Wilson of Apple and Dimitris Zacharopoulos of HARICA.

 

— Motion Begins —

 

This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
based on Version 1.8.6.

 

Notes: 

*	Upon beginning discussion for SC-62 V2 on 2/17, Version 1.8.6 was
the latest approved version of the BRs. During the discussion period, the
SC-61 V4 vote was approved
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cab
forum.org%2Fpipermail%2Fservercert-wg%2F2023-February%2F003600.html&data=05%
7C01%7Cadrian.mueller%40swisssign.com%7Cd5e813825e724b88ea7108db20d08a05%7C2
1322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638139852268434307%7CUnknown%7CTWF
pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%
7C3000%7C%7C%7C&sdata=YGwtfE0gvD2o0xLxB4LHzCBpmIZze6s%2BnIqZtewc3YU%3D&reser
ved=0> , incrementing the soon to be latest version of the BRs to 1.8.7.
These changes are in the process of being merged into the main Github
repository.
*	The changes introduced in SC-62 V2
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fcompare%2Fe87bc5fcf35f533e58899311e538e6ffe95910
2e&data=05%7C01%7Cadrian.mueller%40swisssign.com%7Cd5e813825e724b88ea7108db2
0d08a05%7C21322582607f404c82d950ddb1eca5c9%7C1%7C0%7C638139852268434307%7CUn
known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
VCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hS%2Bx3cjdOewe6EungxzxlGpWPo4XQNgiU%2FOAea4
ZdY8%3D&reserved=0>  do not conflict with those added in SC-61 V4. 
*	As observed with other ballots in the past, minor administrative
updates must be made to the proposed ballot text before publication such
that the appropriate Version # and Change History are accurately represented
(e.g., to indicate these changes will be represented in Version 1.8.8).

 

MODIFY the Baseline Requirements as specified in the following Redline:
https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb5
7e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018 

 

— Motion Ends —

 

This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:

 

Discussion (11+ days)

*  Start time: 2023-02-17 19:00:00 UTC

*  End time: 2023-03-09 18:59:00 UTC

 

Vote for approval (7 days)

*  Start time: 2023-03-09 19:00:00 UTC

*  End time: 2023-03-16 19:00:00 UTC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230315/37df63dc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7790 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230315/37df63dc/attachment-0001.p7s>

More information about the Servercert-wg mailing list