[Servercert-wg] [Discussion Period Begins]: SC65: Convert EVGs into RFC 3647 format

Corey Bonnell Corey.Bonnell at digicert.com
Fri Feb 16 14:50:50 UTC 2024

Also, apologies for sending this feedback late. I had intended to review and
send earlier this week, but I got bogged down with a few other urgent
matters and didn’t have a chance to review until this AM.


From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Corey
Bonnell via Servercert-wg
Sent: Friday, February 16, 2024 9:46 AM
To: Inigo Barreira <Inigo.Barreira at sectigo.com>; CA/B Forum Server
Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] [Discussion Period Begins]: SC65: Convert EVGs
into RFC 3647 format


Hi Inigo,

I did a cursory review of the draft ballot and have a few comments:


1.	Line 1303 indicates that the values of the
CABFOrganizationIdentifier extension MUST be derived from the
OrganizationName attribute as opposed to the OrganizationIdentifier
2.	The changes in Appendix H introduced by SC-68 (to allow EL and XI in
the VAT Registration Scheme) need to be contemplated in accordance with
Bylaws 2.4 (10). Depending on the urgency of this ballot, it might be easier
to wait until SC-68 (presumably) clears IPR and is published before
initiating voting. 
3.	Are there any normative requirements changes introduced in this
ballot? If there are none, it would be useful to indicate that there are no
normative requirements changes in the ballot preamble so that the intent of
the language changes is clear.





From: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Inigo Barreira
via Servercert-wg
Sent: Friday, February 9, 2024 8:30 AM
To: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: [Servercert-wg] [Discussion Period Begins]: SC65: Convert EVGs into
RFC 3647 format



The Extended Validation Certificates guidelines (EVGs) were developed and
written in a specific format. Since then, the RFC 3647 has been the basis
(and the de-facto standard) for the CA/Browser Forum to develop other

This ballot aims to update the EVGs to follow the RFC 3647 format without
changing any content, just moving current sections to those defined in the
RFC 3647. This change also affects the Baseline Requirements for TSL
certificates (BRs) which needs to point to the new sections of the EVGs.

This ballot is proposed by Iñigo Barreira (Sectigo) and endorsed by Pedro
Fuentes (OISTE) and Ben Wilson (Mozilla).

--- Motion Begins ---

This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted TLS Certificates" ("TLS Baseline
Requirements"), based on Version 2.0.2 and the “Guidelines for the Issuance
and Management of Extended Validation Certificates” (EVGs) based on Version

MODIFY the TLS EVGs and BRs as specified in the following Redline:

xMDAyNTExYjI0MTM2OTdiMDpoOkY> Comparing
1079411 · cabforum/servercert (github.com)

--- Motion Ends ---

This ballot proposes a Final Maintenance Guideline for the BRs and EVGs. The
procedure for approval of this ballot is as follows:

Discussion (at least 7 days)

1.	Start time: 2024-02-09 14:30:00 UTC
2.	End time: not before 2024-02-16 14:30:00 UTC

Vote for approval (7 days)

1.	Start time: TBD
2.	End time: TBD


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240216/5cbe1bba/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5231 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240216/5cbe1bba/attachment-0001.p7s>

More information about the Servercert-wg mailing list