[Servercert-wg] [Voting Begins] Ballot SC-75 v3 - Pre-sign linting

Inigo Barreira Inigo.Barreira at sectigo.com
Thu Jun 27 07:55:47 UTC 2024


Hi Tom,

 

This vote won´t count for the ballot because arrived past the end date of
the voting period which was on the 26th at 10:00 UTC.

 

Regards

 

De: Servercert-wg <servercert-wg-bounces at cabforum.org> En nombre de Tom
Zermeno via Servercert-wg
Enviado el: miércoles, 26 de junio de 2024 23:50
Para: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>; CA/B Forum
Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Asunto: Re: [Servercert-wg] [Voting Begins] Ballot SC-75 v3 - Pre-sign
linting

 

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.

 

SSL.com votes “Yes” for SC-75.

 

Thanks,

 

Tom

SSL.com

 

From: Servercert-wg <servercert-wg-bounces at cabforum.org
<mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Dimitris
Zacharopoulos (HARICA) via Servercert-wg
Sent: Wednesday, June 19, 2024 5:13 AM
To: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: [Servercert-wg] [Voting Begins] Ballot SC-75 v3 - Pre-sign linting

 

Voting begins for this ballot.


SC-75 v3 Pre-sign linting


Summary


There have been numerous compliance incidents publicly disclosed by CAs in
which they failed to comply with the technical requirements described in
standards associated with the issuance and management of publicly-trusted
TLS Certificates. However, the industry has developed open-source tools,
linters, that are free to use and can help CAs avoid certificate
misissuance. Using such linters before issuing a precertificate from a
Publicly-Trusted CA (pre-issuance linting) can prevent the mis-issuance in a
wide variety of cases.

The following motion has been proposed by Dimitris Zacharopoulos of HARICA
and endorsed by Corey Bonnell of Digicert and Ben Wilson of Mozilla.

You can view the GitHub pull request representing this ballot here
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fpull%2F518&data=05%7C02%7Cinigo.barreira%40secti
go.com%7Cf08dd3be271141c17b7808dc9629e616%7C0e9c48946caa465d96604b6968b49fb7
%7C0%7C0%7C638550353915436240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ja6yjkDfOCMi
QusM8JuglBpJHvf54rw0bPkXKc73Qvw%3D&reserved=0> . 


Motion Begins


MODIFY the "Baseline Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates" based on Version 2.0.5 as
specified in the following redline:

*
https://github.com/cabforum/servercert/compare/20af1b271f2b689344ae353d3e78d
c6b772199db...d809c41bc063109e15d46bfe1b5ad6403d823381 


Motion Ends


This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:


Discussion (at least 7 days)


*	Start time: 2024-06-12 06:30:00 UTC
*	End time: on or after 2024-06-19 06:30:00 UTC


Vote for approval (7 days)


*	Start time: 2024-06-19 10:00:00 UTC
*	End time: 2024-06-26 10:00:00 UTC

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240627/1afac939/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6630 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240627/1afac939/attachment-0001.p7s>


More information about the Servercert-wg mailing list