[Servercert-wg] [EXTERNAL] Discussion Period Begins - Ballot SC-063 V2: “Make OCSP Optional, Require CRLs, and Incentivize Automation”

Aaron Gable aaron at letsencrypt.org
Wed May 17 23:08:26 UTC 2023


Thanks for opening another discussion period! I think I am in favor of all
of the language in this ballot. As is my wont, I've left another bevvy of
comments directly on the PR
but they're basically all about organization, not about content.

On Wed, May 17, 2023 at 11:32 AM Bruce Morton via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Hi Ryan,
> Per the Short-lived Subscriber Certificate definition, many CAs may
> already issue certificates with a short validity period. I also think the
> definition is missing the intended use which is a certificate with no
> certificate status. How about this definition?
> **Short-lived Subscriber Certificate**: Certificate issued with a short
> Validity Period, where the CA MAY NOT provide Subscriber Certificate status.
> The validity period does not need to go in the definition as it is
> addressed in section 6.3.2.
In the current version of this ballot, the validity period cutoffs for
Short-Lived Subscriber Certificates are not actually contained in Section
6.3.2 anymore. In the previous version, they were defined in two places; I
suggested consolidating that definition to just Section 1.6.1 Definitions.

I personally like using the definitions section to define what a
Short-Lived Subscriber Certificate *is*, and then having the document
elsewhere describe what costs and benefits such a certificate has. This
matches, for example, the way that the Definitions section simply defines
"P-Label" and "Non-Reserved LDH Label", but then leaves it up to Section to describe why those definitions are important.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230517/4387485c/attachment.html>

More information about the Servercert-wg mailing list