[Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and Weak Keys
Ben Wilson
bwilson at mozilla.com
Fri Apr 26 07:32:41 UTC 2024
Mozilla votes "yes".
On Fri, Apr 26, 2024 at 2:00 AM Wayne Thayer via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> Purpose of Ballot SC-073
>
> This ballot proposes updates to the Baseline Requirements for the Issuance
> and Management of Publicly-Trusted TLS Server Certificates related to weak
> and compromised private keys. These changes lie primarily in Section
> 6.1.1.3:
>
> -
>
> 6.1.1.3(4) clarifies that, for the purpose of this requirement, CAs
> shall be made aware of compromised keys using their existing notification
> mechanism(s).
> -
>
> 6.1.1.3(5) improves guidance for CAs around the detection of weak
> keys. Should this ballot pass, these changes become effective on November
> 15, 2024.
>
> Notes:
>
> -
>
> This ballot builds on the extensive work done by SSL.com in creating
> ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions are appreciated.
> -
>
> Thanks to Rob Stradling of Sectigo for the generation and publication
> of the set of Debian weak keys referenced in this ballot.
> -
>
> The Debian weak keys requirements have been discussed extensively,
> including in the following threads:
> https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html
> and
> https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html
>
> -
>
> This ballot does not appear to conflict with any other ballots that
> are currently under discussion.
>
>
> The following motion has been proposed by Wayne Thayer of Fastly, and
> endorsed by Brittany Randall of GoDaddy and Bruce Morton of Entrust.
>
> — Motion Begins —
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” (“Baseline Requirements”),
> based on Version 2.0.3.
>
> MODIFY the Baseline Requirements for the Issuance and Management of
> Publicly-Trusted TLS Server Certificates as specified in the following
> Redline:
>
> Here is a link to the immutable GitHub redline:
> https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0
>
>
> — Motion Ends —
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> -
>
> Start time: 2024-04-18 00:00:00 UTC
> -
>
> End time: 2024-04-26 00:00:00 UTC
>
> Vote for approval (7 days)
>
> -
>
> Start time: 2024-04-26 00:00:00 UTC
> - End time: 2024-05-03 00:00:00 UTC
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240426/b4d10c3d/attachment.html>
More information about the Servercert-wg
mailing list