[Servercert-wg] Voting Period Begins - Ballot SC-062 V2: Certificate Profiles Update
Wojciech Trapczyński
wtrapczynski at certum.pl
Wed Mar 15 09:17:43 UTC 2023
Certum votes YES on ballot SC-062 V2.
W dniu 09/03/2023 o 20:00, Ryan Dickson via Servercert-wg pisze:
>
> Purpose of Ballot SC-062 V2
>
>
> Over the past three years, members of the Server Certificate Working
> Group Validation Subcommittee have collaborated on an update to the
> Baseline Requirements for the Issuance and Management of
> Publicly-Trusted Certificatesfocused on improving the clarity of
> Section 7 (“Certificate, CRL, and OCSP Profiles”).
>
>
> The update:
>
> 1.
>
> better aligns certificate content expectations across certificate
> issuers and consumers,
>
> 2.
>
> reduces the opportunity for confusion resulting from the absence
> of a more precise certificate profile specification, and
>
> 3.
>
> promotes more consistent and reliable implementations across the
> ecosystem.
>
>
> While most of the proposed updates focus on Section 7, changes were
> notlimited to only this section.
>
>
> Technical discussion related to the proposed changes, along with
> high-level change summaries have been documented in:
>
> *
>
> open GitHub pull requests (originallyhere
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsleevi%2Fcabforum-docs%2Fpull%2F36&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xGnKPbuT6m7Z1rr5qLa6aWR%2FUotGzJdMPuF5Ei1qK%2BA%3D&reserved=0>,
> and more recentlyhere
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F373&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BY5m6WwsINseypDdIuTb3jheusvwuxxkEvHg5fQUZNM%3D&reserved=0>),
>
> *
>
> several closed GitHub pull requests made against the “profiles
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Ftree%2Fprofiles&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uVn1l5IILEPhBD%2FFnemtqBXl4%2FLqGbrqDt8fsByt8Qs%3D&reserved=0>”
> branch of the servercert GitHub repository (most recentlyhere
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F418&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nbskoX5ir1TWfXvKrJ8lTaW8US6C8gmHYbow%2FemoXqo%3D&reserved=0>),
> and
>
> *
>
> Validation Subcommittee meeting minutes (to include sessions held
> at Face-to-Face meetings).
>
>
> Due to a small number of changes proposed in the ballot that is
> otherwise focused on clarifying existing requirements, an
> “all-encompassing” effective date makes these changes normative
> beginning 2023-09-15.
>
>
> The following motion has been proposed by Ryan Dickson of Google and
> endorsed by Clint Wilson of Apple and Dimitris Zacharopoulos of HARICA.
>
>
>
> — Motion Begins —
>
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline
> Requirements”), based on Version 1.8.6.
>
>
> Notes:
>
> *
>
> Upon beginning discussion for SC-62 V2 on 2/17, Version 1.8.6 was
> the latest approved version of the BRs. During the discussion
> period, the SC-61 V4 vote was approved
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fpipermail%2Fservercert-wg%2F2023-February%2F003600.html&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=feSBwD75LkyGGfK9r6gzBUhuhFSOUuIfKLlwvRUpcws%3D&reserved=0>,
> incrementing the soon to be latest version of the BRs to 1.8.7.
> These changes are in the process of being merged into the main
> Github repository.
>
> *
>
> The changes introduced in SC-62 V2
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2Fe87bc5fcf35f533e58899311e538e6ffe959102e&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PeRYBykMGCGS0scWHEowBdplL2ZCQ4NaKMvcOhfujw0%3D&reserved=0>do
> not conflict with those added in SC-61 V4
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291273613%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0u2JhrNWOHSkoffOkX6QgeMwKqXqvR6hGmr8qVTll2E%3D&reserved=0>.
>
>
> *
>
> As observed with other ballots in the past, minor administrative
> updates must be made to the proposed ballot text before
> publication such that the appropriate Version # and Change History
> are accurately represented (e.g., to indicate these changes will
> be represented in Version 1.8.8).
>
>
> MODIFY the Baseline Requirements as specified in the following
> Redline:
> https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291273613%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0u2JhrNWOHSkoffOkX6QgeMwKqXqvR6hGmr8qVTll2E%3D&reserved=0>
>
>
>
> — Motion Ends —
>
>
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
>
> Discussion (11+ days)
>
> *
>
> Start time: 2023-02-17 19:00:00 UTC
>
> *
>
> End time: 2023-03-09 18:59:00 UTC
>
>
> Vote for approval (7 days)
>
> *
>
> Start time: 2023-03-09 19:00:00 UTC
>
> *
>
> End time: 2023-03-16 19:00:00 UTC
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291273613%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JxRfBOdywrYfTDJpmu%2F5J8icJty6tuGbkCKgnTZJ6z4%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230315/5715e5d7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3706 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230315/5715e5d7/attachment-0001.p7s>
More information about the Servercert-wg
mailing list