[Servercert-wg] Voting Period Begins - Ballot SC-062 V2: Certificate Profiles Update

Wojciech Trapczyński wtrapczynski at certum.pl
Wed Mar 15 09:17:43 UTC 2023


Certum votes YES on ballot SC-062 V2.

W dniu 09/03/2023 o 20:00, Ryan Dickson via Servercert-wg pisze:
>
> Purpose of Ballot SC-062 V2
>
>
> Over the past three years, members of the Server Certificate Working 
> Group Validation Subcommittee have collaborated on an update to the 
> Baseline Requirements for the Issuance and Management of 
> Publicly-Trusted Certificatesfocused on improving the clarity of 
> Section 7 (“Certificate, CRL, and OCSP Profiles”).
>
>
> The update:
>
> 1.
>
>     better aligns certificate content expectations across certificate
>     issuers and consumers,
>
> 2.
>
>     reduces the opportunity for confusion resulting from the absence
>     of a more precise certificate profile specification, and
>
> 3.
>
>     promotes more consistent and reliable implementations across the
>     ecosystem.
>
>
> While most of the proposed updates focus on Section 7, changes were 
> notlimited to only this section.
>
>
> Technical discussion related to the proposed changes, along with 
> high-level change summaries have been documented in:
>
>  *
>
>     open GitHub pull requests (originallyhere
>     <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsleevi%2Fcabforum-docs%2Fpull%2F36&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xGnKPbuT6m7Z1rr5qLa6aWR%2FUotGzJdMPuF5Ei1qK%2BA%3D&reserved=0>,
>     and more recentlyhere
>     <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F373&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BY5m6WwsINseypDdIuTb3jheusvwuxxkEvHg5fQUZNM%3D&reserved=0>),
>
>  *
>
>     several closed GitHub pull requests made against the “profiles
>     <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Ftree%2Fprofiles&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uVn1l5IILEPhBD%2FFnemtqBXl4%2FLqGbrqDt8fsByt8Qs%3D&reserved=0>”
>     branch of the servercert GitHub repository (most recentlyhere
>     <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F418&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nbskoX5ir1TWfXvKrJ8lTaW8US6C8gmHYbow%2FemoXqo%3D&reserved=0>),
>     and
>
>  *
>
>     Validation Subcommittee meeting minutes (to include sessions held
>     at Face-to-Face meetings).
>
>
> Due to a small number of changes proposed in the ballot that is 
> otherwise focused on clarifying existing requirements, an 
> “all-encompassing” effective date makes these changes normative 
> beginning 2023-09-15.
>
>
> The following motion has been proposed by Ryan Dickson of Google and 
> endorsed by Clint Wilson of Apple and Dimitris Zacharopoulos of HARICA.
>
>
>
> — Motion Begins —
>
>
> This ballot modifies the “Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates” (“Baseline 
> Requirements”), based on Version 1.8.6.
>
>
> Notes:
>
>  *
>
>     Upon beginning discussion for SC-62 V2 on 2/17, Version 1.8.6 was
>     the latest approved version of the BRs. During the discussion
>     period, the SC-61 V4 vote was approved
>     <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fpipermail%2Fservercert-wg%2F2023-February%2F003600.html&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=feSBwD75LkyGGfK9r6gzBUhuhFSOUuIfKLlwvRUpcws%3D&reserved=0>,
>     incrementing the soon to be latest version of the BRs to 1.8.7. 
>     These changes are in the process of being merged into the main
>     Github repository.
>
>  *
>
>     The changes introduced in SC-62 V2
>     <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2Fe87bc5fcf35f533e58899311e538e6ffe959102e&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291116972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PeRYBykMGCGS0scWHEowBdplL2ZCQ4NaKMvcOhfujw0%3D&reserved=0>do
>     not conflict with those added in SC-61 V4
>     <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291273613%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0u2JhrNWOHSkoffOkX6QgeMwKqXqvR6hGmr8qVTll2E%3D&reserved=0>.
>
>
>  *
>
>     As observed with other ballots in the past, minor administrative
>     updates must be made to the proposed ballot text before
>     publication such that the appropriate Version # and Change History
>     are accurately represented (e.g., to indicate these changes will
>     be represented in Version 1.8.8).
>
>
> MODIFY the Baseline Requirements as specified in the following 
> Redline: 
> https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018 
> <https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291273613%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0u2JhrNWOHSkoffOkX6QgeMwKqXqvR6hGmr8qVTll2E%3D&reserved=0>
>
>
>
> — Motion Ends —
>
>
>
> This ballot proposes a Final Maintenance Guideline. The procedure for 
> approval of this ballot is as follows:
>
>
> Discussion (11+ days)
>
>  *
>
>     Start time: 2023-02-17 19:00:00 UTC
>
>  *
>
>     End time: 2023-03-09 18:59:00 UTC
>
>
> Vote for approval (7 days)
>
>  *
>
>     Start time: 2023-03-09 19:00:00 UTC
>
>  *
>
>     End time: 2023-03-16 19:00:00 UTC
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=05%7C01%7Cwtrapczynski%40certum.pl%7Cccb0fec7e32a4db0995e08db20d08bdc%7Ce8063e6c783d4fb3892550849f67af47%7C0%7C0%7C638139852291273613%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JxRfBOdywrYfTDJpmu%2F5J8icJty6tuGbkCKgnTZJ6z4%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230315/5715e5d7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3706 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230315/5715e5d7/attachment-0001.p7s>


More information about the Servercert-wg mailing list