[Servercert-wg] Seeking endorsers for Ballot SC-076 "Clarify and improve OCSP requirements"

[Ben Wilson]

Mozilla will endorse.

On Fri, Aug 9, 2024 at 12:54 PM Aaron Gable via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> This ballot has grown out of discussions around whether OCSP responses
> must be made available for Precertificates, and how quickly they must be
> made available after initial issuance. Much of that conversation is
> captured in this bugzilla incident
> <https://bugzilla.mozilla.org/show_bug.cgi?id=1905419> and this Mozilla
> issue <https://github.com/mozilla/pkipolicy/issues/280>.
>
> In addition, I've often felt like Sections 4.9.9 and 4.9.10 are poorly
> laid out, with little rhyme or reason as to why any particular requirement
> lives in one section or the other. RFC 3647 says that Section 4.9.10 is
> meant to place requirements on relying parties, not on CAs, which explains
> much of the confusion.
>
> The result is a total rearrangement of Sections 4.9.9 and 4.9.10. This
> ballot empties 4.9.10, moves all of its requirements into 4.9.9, and
> arranges them into three sections:
> - A few definitions (which apply only in this section);
> - Requirements which apply to OCSP Responders whose URLs are found in the
> AIA OCSP field of certificates; and
> - Requirements which apply to all OCSP Responses, regardless of how it was
> queried.
>
> The PR representing this ballot is here:
> https://github.com/cabforum/servercert/pull/535
>
> Please let me know if you have any comments or suggested changes on the
> GitHub PR, and please let me know if you'd be willing to endorse.
>
> Thank you,
> Aaron
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240810/0eaa2e6d/attachment.html>