[Servercert-wg] Voting Period Begins - Ballot SC-062 V2: Certificate Profiles Update

Aaron Gable aaron at letsencrypt.org
Thu Mar 16 00:21:36 UTC 2023


Let's Encrypt / ISRG votes Yes on ballot SC-062v2.

On Thu, Mar 9, 2023 at 11:00 AM Ryan Dickson via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Purpose of Ballot SC-062 V2
>
> Over the past three years, members of the Server Certificate Working Group
> Validation Subcommittee have collaborated on an update to the Baseline
> Requirements for the Issuance and Management of Publicly-Trusted
> Certificates focused on improving the clarity of Section 7 (“Certificate,
> CRL, and OCSP Profiles”).
>
> The update:
>
>    1.
>
>    better aligns certificate content expectations across certificate
>    issuers and consumers,
>    2.
>
>    reduces the opportunity for confusion resulting from the absence of a
>    more precise certificate profile specification, and
>    3.
>
>    promotes more consistent and reliable implementations across the
>    ecosystem.
>
>
> While most of the proposed updates focus on Section 7, changes were not
> limited to only this section.
>
> Technical discussion related to the proposed changes, along with
> high-level change summaries have been documented in:
>
>    -
>
>    open GitHub pull requests (originally here
>    <https://github.com/sleevi/cabforum-docs/pull/36>, and more recently
>    here <https://github.com/cabforum/servercert/pull/373>),
>    -
>
>    several closed GitHub pull requests made against the “profiles
>    <https://github.com/cabforum/servercert/tree/profiles>” branch of the
>    servercert GitHub repository (most recently here
>    <https://github.com/cabforum/servercert/pull/418>), and
>    -
>
>    Validation Subcommittee meeting minutes (to include sessions held at
>    Face-to-Face meetings).
>
>
> Due to a small number of changes proposed in the ballot that is otherwise
> focused on clarifying existing requirements, an “all-encompassing”
> effective date makes these changes normative beginning 2023-09-15.
>
> The following motion has been proposed by Ryan Dickson of Google and
> endorsed by Clint Wilson of Apple and Dimitris Zacharopoulos of HARICA.
>
>
> — Motion Begins —
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
> based on Version 1.8.6.
>
> Notes:
>
>    -
>
>    Upon beginning discussion for SC-62 V2 on 2/17, Version 1.8.6 was the
>    latest approved version of the BRs. During the discussion period, the SC-61
>    V4 vote was approved
>    <https://lists.cabforum.org/pipermail/servercert-wg/2023-February/003600.html>,
>    incrementing the soon to be latest version of the BRs to 1.8.7.  These
>    changes are in the process of being merged into the main Github repository.
>    -
>
>    The changes introduced in SC-62 V2
>    <https://github.com/cabforum/servercert/compare/e87bc5fcf35f533e58899311e538e6ffe959102e>
>    do not conflict with those added in SC-61 V4
>    <https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018>
>    .
>    -
>
>    As observed with other ballots in the past, minor administrative
>    updates must be made to the proposed ballot text before publication such
>    that the appropriate Version # and Change History are accurately
>    represented (e.g., to indicate these changes will be represented in Version
>    1.8.8).
>
>
> MODIFY the Baseline Requirements as specified in the following Redline:
> https://github.com/cabforum/servercert/compare/2c63814fa7f9f7c477c74a6bfbeb57e0fcc5dd5b..aa9fc5d0b2b59504a31638e880cb81c69aefa018
>
>
>
> — Motion Ends —
>
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
> Discussion (11+ days)
>
>    -
>
>    Start time: 2023-02-17 19:00:00 UTC
>    -
>
>    End time: 2023-03-09 18:59:00 UTC
>
>
> Vote for approval (7 days)
>
>    -
>
>    Start time: 2023-03-09 19:00:00 UTC
>    -
>
>    End time: 2023-03-16 19:00:00 UTC
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230315/7882c924/attachment-0001.html>


More information about the Servercert-wg mailing list