[Servercert-wg] [Discussion Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

Clint Wilson clintw at apple.com
Fri Mar 15 16:00:29 UTC 2024


Could the ballot author and endorsers please provide some additional explanation and context surrounding this ballot? As far as I can recall, this topic hasn’t been discussed since SC-062, so it’s rather coming out of nowhere as a ballot proposal (which is, of course, totally fine, but also still abrupt/confusing). Why is this difference between the TBRs and the EVGs necessary/valuable for the WG to address at the moment?

You indicate that this is a discrepancy introduced by Ballot SC-062, but I don’t see how that’s the case. Before SC-062, the TBRs specified policyQualifiers as Optional and after as NOT RECOMMENDED. Neither of these match the MUST present in the EVGs and both of these are compatible/non-conflicting with the MUST present in the EVGs.


> On Mar 15, 2024, at 3:01 AM, Paul van Brouwershaven via Servercert-wg <servercert-wg at cabforum.org> wrote:
> This ballot updates the TLS Extended Validation Guidelines (EVGs) by removing the exceptions to policyQualifiers​ in section 9.7, to align them with the Baseline Requirements (BRs).As result, this ballot changes policyQualifiers​ from MUST​ to NOT RECOMMENDED​ as stated in the TLS Baseline Requirements, resolving a discrepancy introduced byBallot SC-62v2 <https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-update/> between section Subscriber Certificate Policies <https://cabforum.org/working-groups/server/baseline-requirements/requirements/#71279-subscriber-certificate-certificate-policies> of the BRs and the Additional Technical Requirements for EV Certificates <https://cabforum.org/working-groups/server/extended-validation/guidelines/#97-additional-technical-requirements-for-ev-certificates> in the EVGs.
> The following motion has been proposed by Paul van Brouwershaven (Entrust) and endorsed by Dimitris Zacharopoulos (HARICA) and Iñigo Barreira (Sectigo).
> You can view and comment on the GitHub pull request representing this ballot here:https://github.com/cabforum/servercert/pull/490 
> --- Motion Begins ---
> This ballot modifies the “Guidelines for the Issuance and Management of Extended Validation Certificates” (“EV Guidelines”) as follows, based on version 1.8.1:
> MODIFY the Extended Validation Guidelines as specified in the following redline: https://github.com/cabforum/servercert/compare/8e7fc7d5cac0cc27c44fe2aa88cf45f5606f4b94...7b9bb1dbfd41b1d0459b8a985ed629ad841ce122 
> --- Motion Ends ---
> Discussion (at least 7 days):
> - Start: 2024-03-15 10:00 UTC
> - End no earlier than 2024-03-22 10:00 UTC
> Vote for approval (7 days):
> - Start: TBD
> - End: TBD
> Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org <mailto:Servercert-wg at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/servercert-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240315/330d33b1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240315/330d33b1/attachment.p7s>

More information about the Servercert-wg mailing list