[Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and Weak Keys

Rollin.Yu rollin.yu at trustasia.com
Tue Apr 30 20:06:11 UTC 2024 

TrustAsia votes YES on Ballot SC-073.

Best regards,
Rollin Yu





> On Apr 26, 2024, at 08:00, Wayne Thayer via Servercert-wg <servercert-wg at cabforum.org> wrote:
> 
> Purpose of Ballot SC-073
> This ballot proposes updates to the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates related to weak and compromised private keys. These changes lie primarily in Section 6.1.1.3 <http://6.1.1.3/>:
> 
> 6.1.1.3(4) clarifies that, for the purpose of this requirement, CAs shall be made aware of compromised keys using their existing notification mechanism(s).
> 6.1.1.3(5) improves guidance for CAs around the detection of weak keys. Should this ballot pass, these changes become effective on November 15, 2024.
> 
> Notes:
> 
> This ballot builds on the extensive work done by SSL.com in creating ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions are appreciated.
> Thanks to Rob Stradling of Sectigo for the generation and publication of the set of Debian weak keys referenced in this ballot.
> The Debian weak keys requirements have been discussed extensively, including in the following threads: https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html and https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html 
> This ballot does not appear to conflict with any other ballots that are currently under discussion.
> 
> 
> The following motion has been proposed by Wayne Thayer of Fastly, and endorsed by Brittany Randall of GoDaddy and Bruce Morton of Entrust.
> — Motion Begins —
> This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version 2.0.3.
> MODIFY the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates as specified in the following Redline:
> Here is a link to the immutable GitHub redline: https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0 
> — Motion Ends —
> This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
> Discussion (7+ days)
> 
> Start time: 2024-04-18 00:00:00 UTC
> End time: 2024-04-26 00:00:00 UTC
> Vote for approval (7 days)
> 
> Start time: 2024-04-26 00:00:00 UTC
> End time: 2024-05-03 00:00:00 UTC
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240430/6bdc6dd8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3668 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240430/6bdc6dd8/attachment-0001.p7s>

More information about the Servercert-wg mailing list