[Servercert-wg] Ballot SC-74 - Clarify CP/CPS structure according to RFC 3647

Aaron Gable aaron at letsencrypt.org
Tue May 7 22:19:15 UTC 2024


Two notes on this ballot, findings from our process for handling upcoming
requirements:

1) Let's Encrypt has created and open-sourced a tool
<https://github.com/letsencrypt/cp-cps/tree/d5b258a/tools/lint> for linting
a CPS to confirm compliance with RFC 3647 Section 6 and Ballot SC-074. If
you maintain your CPS document in markdown, it should be very simple to use
or adapt to your particular situation.

2) The Baseline Requirements themselves do not quite comply with RFC 3647
Section 6, with several section titles that deviate from that outline in
either capitalization or actual content.

We hope this information is helpful to others,
Aaron

On Thu, Apr 25, 2024 at 9:27 AM Dimitris Zacharopoulos (HARICA) via
Servercert-wg <servercert-wg at cabforum.org> wrote:

>
> SC-74 - Clarify CP/CPS structure according to RFC 3647 Summary
>
> The TLS Baseline Requirements require in section 2.2 that:
>
> *"The Certificate Policy and/or Certification Practice Statement MUST be
> structured in accordance with RFC 3647 and MUST include all material
> required by RFC 3647."*
>
> The intent of this language was to ensure that all CAs' CP and/or CPS
> documents contain a similar structure, making it easier to review and
> compare against the BRs. However, there was some ambiguity as to the actual
> structure that CAs should follow. After several discussions in the SCWG
> Public Mailing List
> <https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html>
> and F2F meetings, it was agreed that more clarity should be added to the
> existing requirement, pointing to the outline described in section 6 of RFC
> 3647.
>
> The following motion has been proposed by Dimitris Zacharopoulos (HARICA)
> and endorsed by Aaron Poulsen (Amazon) and Tim Hollebeek (Digicert).
>
> You can view the github pull request representing this ballot here
> <https://github.com/cabforum/servercert/pull/503>.
> Motion Begins
>
> MODIFY the "Baseline Requirements for the Issuance and Management of
> Publicly-Trusted TLS Server Certificates" based on Version 2.0.4 as
> specified in the following redline:
>
>    -
>    https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae
>
> Motion Ends
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
> Discussion (at least 7 days)
>
>    - Start time: 2024-04-25 16:30:00 UTC
>    - End time: on or after 2024-05-02 16:30:00 UTC
>
> Vote for approval (7 days)
>
>    - Start time: TBD
>    - End time: TBD
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240507/f174a39f/attachment.html>


More information about the Servercert-wg mailing list