[Servercert-wg] Seeking endorsers for Ballot SC-076 "Clarify and improve OCSP requirements"

Antonis Eleftheriadis antoniose at harica.gr
Tue Aug 13 10:16:01 UTC 2024 

HARICA will endorse

Regards,
Antonis

Στις 13/8/24 01:22, ο/η Aaron Gable via Servercert-wg έγραψε:
> Thank you to Ben Wilson for offering to endorse.
>
> Thank you also to Bruce Morton, Wayne Thayer, and Antonios 
> Eleftheriadis for providing feedback on the proposed ballot text. I 
> have made minor updates per their comments, and am still seeking a 
> second endorser.
>
> Aaron
>
> On Fri, Aug 9, 2024 at 11:54 AM Aaron Gable <aaron at letsencrypt.org> wrote:
>
>     This ballot has grown out of discussions around whether OCSP
>     responses must be made available for Precertificates, and how
>     quickly they must be made available after initial issuance. Much
>     of that conversation is captured in this bugzilla incident
>     <https://bugzilla.mozilla.org/show_bug.cgi?id=1905419> and this
>     Mozilla issue <https://github.com/mozilla/pkipolicy/issues/280>.
>
>     In addition, I've often felt like Sections 4.9.9 and 4.9.10 are
>     poorly laid out, with little rhyme or reason as to why any
>     particular requirement lives in one section or the other. RFC 3647
>     says that Section 4.9.10 is meant to place requirements on relying
>     parties, not on CAs, which explains much of the confusion.
>
>     The result is a total rearrangement of Sections 4.9.9 and 4.9.10.
>     This ballot empties 4.9.10, moves all of its requirements into
>     4.9.9, and arranges them into three sections:
>     - A few definitions (which apply only in this section);
>     - Requirements which apply to OCSP Responders whose URLs are found
>     in the AIA OCSP field of certificates; and
>     - Requirements which apply to all OCSP Responses, regardless of
>     how it was queried.
>
>     The PR representing this ballot is here:
>     https://github.com/cabforum/servercert/pull/535
>
>     Please let me know if you have any comments or suggested changes
>     on the GitHub PR, and please let me know if you'd be willing to
>     endorse.
>
>     Thank you,
>     Aaron
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240813/48dd80f0/attachment.html>

More information about the Servercert-wg mailing list