[Servercert-wg] Pre-ballot SC-74 - Clarify CP/CPS structure according to RFC 3647

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Sun Apr 21 09:20:18 UTC 2024 

Dear Members,

Following up to the CP/CPS RFC3647 alignment discussion at the last F2F, 
I prepared a ballot to address the ambiguity regarding the appropriate 
sections from RFC 3647 that CAs need to include in their CP and/or CPS 
documents.

An effective date was added because these changes may be considered 
normative compared to the current version of the BRs. I also included 
elements from section 3.3(5) of MRSP 
<https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md#33-cps-and-cpses>.

Please let me know if you have any comments or concerns. I also need one 
more endorser to kick off the official discussion period.


Best regards,
Dimitris.


  SC-74 - Clarify CP/CPS structure according to RFC 3647


    Summary

The TLS Baseline Requirements require in section 2.2 that:

/"The Certificate Policy and/or Certification Practice Statement MUST be 
structured in accordance with RFC 3647 and MUST include all material 
required by RFC 3647."/

The intent of this language was to ensure that all CAs' CP and/or CPS 
documents contain a similar structure, making it easier to review and 
compare against the BRs. However, there was some ambiguity as to the 
actual structure that CAs should follow. After several discussions in 
the SCWG Public Mailing List 
<https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html> 
and F2F meetings, it was agreed that more clarity should be added to the 
existing requirement, pointing to the outline described in section 6 of 
RFC 3647.

The following motion has been proposed by Dimitris Zacharopoulos 
(HARICA) and endorsed by Aaron Poulsen (Amazon) and XXXX (XXXX).

You can view and comment on the github pull request representing this 
ballot here <https://github.com/cabforum/servercert/pull/503>.


    Motion Begins

MODIFY the "Baseline Requirements for the Issuance and Management of 
Publicly-Trusted TLS Server Certificates" based on Version 2.0.4 as 
specified in the following redline:

  * https://github.com/cabforum/servercert/pull/503/files (EDITORIAL
    NOTE: this link will be replaced with the immutable URL before
    starting the official discussion period)


    Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for 
approval of this ballot is as follows:


        Discussion (at least 7 days)

  * Start time: 2024-04-29 10:00:00 UTC
  * End time: on or after 2024-05-06 10:00:00 UTC


        Vote for approval (7 days)

  * Start time: TBD
  * End time: TBD

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240421/6f1c4817/attachment-0001.html>

More information about the Servercert-wg mailing list