[Servercert-wg] Ballot SC-066: Fall 2023 Clean-up v3

Inigo Barreira Inigo.Barreira at sectigo.com
Mon Nov 6 14:57:48 UTC 2023

Hi Tobias,

Not sure what you are requesting, to not consider the issue #423 and remove the version number of the NetSec or that this change can´t be considered a "clean-up" ballot and should go on a different one. Or none of these 😊

When the #423 was discussed, and Dimitris indicated in the proposal, was to remove the version numbers to avoid pointing to old or deprecated versions because everytime there was a new version of the NetSec, the TLS BRs should change/update and point to the new version. Dimitris indicated in the text that we could leave the version of the NetSec but I think that we agreed during the call to also remove that version number. Maybe someone else can clarify or remember what was agreed. If it was decided to keep the version number for the NetSec, this can be reverted.

If the question is to discuss this change in a different ballot, specific for this, not a problem. This issue could be removed from the clean-up ballot.


-----Mensaje original-----
De: Tobias S. Josefowitz <tobij at opera.com>
Enviado el: lunes, 6 de noviembre de 2023 13:06
Para: Inigo Barreira <Inigo.Barreira at sectigo.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Asunto: Re: [Servercert-wg] Ballot SC-066: Fall 2023 Clean-up v3

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Inigo,

On Mon, 6 Nov 2023, Inigo Barreira via Servercert-wg wrote:

> - Motion Begins -
> This ballot modifies the "Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates" ("Baseline Requirements"),
> based on Version 2.0.1.
> MODIFY the Baseline Requirements as specified in the following Pull Request:
> Comparing
> 90a98dc7c1131eaab01af411968aa7330d315b9b...d2ad035a4acb3ee78d7f4713afd0479892bda08d
> · cabforum/servercert
> (github.com)<https://github.com/cabforum/servercert/compare/90a98dc7c1131eaab01af411968aa7330d315b9b...d2ad035a4acb3ee78d7f4713afd0479892bda08d>

Regarding the change from

   Network and Certificate System Security Requirements, Version 1.7,
   available at


   Network and Certificate System Security Requirements, available at

I wonder, who has authority over
https://cabforum.org/network-security-requirements/, i.e. the ability to
publish new versions there? Is it the NetSec WG?

I seem to remember that, when the NetSec WG was formed, there were
concerns raised related to maintaining the NCSSRs in a WG that not all
members of all WGs that produce documents referencing the NCSSRs are
members of. If I remember correctly, this related both to the IPR
situation as well as the normative content. I seem to remember that the
concensus at the time was that other WGs would incorporate new versions of
the NCSSRs by versioned reference, and that that would alleviate most of
the problems.

Whether I remember this wrong or not, if the effect is that the NetSec WG
gets to make normative changes to the SCWG BRs by reference as a result of
this change, then I don't think it is appropriate to do this as part of a
"Clean-up" Ballot.


More information about the Servercert-wg mailing list