[Servercert-wg] Seeking endorsers for Ballot SC-076 "Clarify and improve OCSP requirements"
Aaron Gable
aaron at letsencrypt.org
Mon Aug 12 22:21:46 UTC 2024
Thank you to Ben Wilson for offering to endorse.
Thank you also to Bruce Morton, Wayne Thayer, and Antonios Eleftheriadis
for providing feedback on the proposed ballot text. I have made minor
updates per their comments, and am still seeking a second endorser.
Aaron
On Fri, Aug 9, 2024 at 11:54 AM Aaron Gable <aaron at letsencrypt.org> wrote:
> This ballot has grown out of discussions around whether OCSP responses
> must be made available for Precertificates, and how quickly they must be
> made available after initial issuance. Much of that conversation is
> captured in this bugzilla incident
> <https://bugzilla.mozilla.org/show_bug.cgi?id=1905419> and this Mozilla
> issue <https://github.com/mozilla/pkipolicy/issues/280>.
>
> In addition, I've often felt like Sections 4.9.9 and 4.9.10 are poorly
> laid out, with little rhyme or reason as to why any particular requirement
> lives in one section or the other. RFC 3647 says that Section 4.9.10 is
> meant to place requirements on relying parties, not on CAs, which explains
> much of the confusion.
>
> The result is a total rearrangement of Sections 4.9.9 and 4.9.10. This
> ballot empties 4.9.10, moves all of its requirements into 4.9.9, and
> arranges them into three sections:
> - A few definitions (which apply only in this section);
> - Requirements which apply to OCSP Responders whose URLs are found in the
> AIA OCSP field of certificates; and
> - Requirements which apply to all OCSP Responses, regardless of how it was
> queried.
>
> The PR representing this ballot is here:
> https://github.com/cabforum/servercert/pull/535
>
> Please let me know if you have any comments or suggested changes on the
> GitHub PR, and please let me know if you'd be willing to endorse.
>
> Thank you,
> Aaron
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240812/605f253e/attachment.html>
More information about the Servercert-wg
mailing list