[Servercert-wg] [Discussion Period Begins]: SC65: Convert EVGs into RFC 3647 format

Corey Bonnell Corey.Bonnell at digicert.com
Fri Feb 16 14:50:50 UTC 2024


Also, apologies for sending this feedback late. I had intended to review and
send earlier this week, but I got bogged down with a few other urgent
matters and didn’t have a chance to review until this AM.

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Corey
Bonnell via Servercert-wg
Sent: Friday, February 16, 2024 9:46 AM
To: Inigo Barreira <Inigo.Barreira at sectigo.com>; CA/B Forum Server
Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] [Discussion Period Begins]: SC65: Convert EVGs
into RFC 3647 format

 

Hi Inigo,

I did a cursory review of the draft ballot and have a few comments:

 

1.	Line 1303 indicates that the values of the
CABFOrganizationIdentifier extension MUST be derived from the
OrganizationName attribute as opposed to the OrganizationIdentifier
attribute:
https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031c
d1bff3d4f35..65b69fe0ab5365a002c3d4b668d3f2ab81079411?diff=split
<https://url.avanan.click/v2/___https:/github.com/cabforum/servercert/compar
e/41f01640748fa612386f8b1a3031cd1bff3d4f35..65b69fe0ab5365a002c3d4b668d3f2ab
81079411?diff=split&w=%23diff-f7368cf58de0586cb0ad80e242205ab3272314af71f411
5b99187f49521da529R1303___.YXAzOmRpZ2ljZXJ0OmE6bzo0YWZhNzQyMWRjOTYwYzY4NjVkN
TA3Zjg3ZTBkMjI2NTo2OjA2NmQ6MjUxMzgzNTM4YzY4NmRhNzQwZWM0NjU2NDllMWRlMTBiYmJhN
2VlMzI1YTVkZjcyYjQ5MjZiODU5N2M1NDE3MTpoOkY>
&w=#diff-f7368cf58de0586cb0ad80e242205ab3272314af71f4115b99187f49521da529R13
03
2.	The changes in Appendix H introduced by SC-68 (to allow EL and XI in
the VAT Registration Scheme) need to be contemplated in accordance with
Bylaws 2.4 (10). Depending on the urgency of this ballot, it might be easier
to wait until SC-68 (presumably) clears IPR and is published before
initiating voting. 
3.	Are there any normative requirements changes introduced in this
ballot? If there are none, it would be useful to indicate that there are no
normative requirements changes in the ballot preamble so that the intent of
the language changes is clear.

 

Thanks,

Corey

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Inigo Barreira
via Servercert-wg
Sent: Friday, February 9, 2024 8:30 AM
To: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: [Servercert-wg] [Discussion Period Begins]: SC65: Convert EVGs into
RFC 3647 format

 

Summary: 

The Extended Validation Certificates guidelines (EVGs) were developed and
written in a specific format. Since then, the RFC 3647 has been the basis
(and the de-facto standard) for the CA/Browser Forum to develop other
documents.

This ballot aims to update the EVGs to follow the RFC 3647 format without
changing any content, just moving current sections to those defined in the
RFC 3647. This change also affects the Baseline Requirements for TSL
certificates (BRs) which needs to point to the new sections of the EVGs.

This ballot is proposed by Iñigo Barreira (Sectigo) and endorsed by Pedro
Fuentes (OISTE) and Ben Wilson (Mozilla).

--- Motion Begins ---

This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted TLS Certificates" ("TLS Baseline
Requirements"), based on Version 2.0.2 and the “Guidelines for the Issuance
and Management of Extended Validation Certificates” (EVGs) based on Version
1.8.0. 

MODIFY the TLS EVGs and BRs as specified in the following Redline:

 
<https://url.avanan.click/v2/___https:/github.com/cabforum/servercert/compar
e/90a98dc7c1131eaab01af411968aa7330d315b9b...65b69fe0ab5365a002c3d4b668d3f2a
b81079411___.YXAzOmRpZ2ljZXJ0OmE6bzoyZmIwNGQzNmUyMGY4MzM5OTU3NWYwNDM0NzI3ZDM
wYzo2OmYxNTI6MTY2NDE3Njk1NjhmMDhkNjFiOGZmZDk3OWNiNWQwOTkwZmUwMTk3MjFjYTA3ODA
xMDAyNTExYjI0MTM2OTdiMDpoOkY> Comparing
90a98dc7c1131eaab01af411968aa7330d315b9b...65b69fe0ab5365a002c3d4b668d3f2ab8
1079411 · cabforum/servercert (github.com)

--- Motion Ends ---

This ballot proposes a Final Maintenance Guideline for the BRs and EVGs. The
procedure for approval of this ballot is as follows:

Discussion (at least 7 days)

1.	Start time: 2024-02-09 14:30:00 UTC
2.	End time: not before 2024-02-16 14:30:00 UTC

Vote for approval (7 days)

1.	Start time: TBD
2.	End time: TBD

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240216/5cbe1bba/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5231 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240216/5cbe1bba/attachment-0001.p7s>


More information about the Servercert-wg mailing list