[Servercert-wg] Ballot SC-74 - Clarify CP/CPS structure according to RFC 3647

Aaron Gable aaron at letsencrypt.org
Wed May 8 22:06:05 UTC 2024 

Of course! Done: https://github.com/cabforum/servercert/issues/513

On Wed, May 8, 2024 at 8:37 AM Dimitris Zacharopoulos (HARICA) <
dzacharo at harica.gr> wrote:

> Thanks Aaron,
>
> Would it be ok for you to create a GitHub issue
> <https://github.com/cabforum/servercert/issues> to identify the specific
> sections that deviate in content? We might tackle that in a cleanup ballot.
> I don't think the capitalization is so much of a concern but if others
> think it is, please speak up :)
>
>
> Dimitris.
>
> On 8/5/2024 1:19 π.μ., Aaron Gable wrote:
>
> Two notes on this ballot, findings from our process for handling upcoming
> requirements:
>
> 1) Let's Encrypt has created and open-sourced a tool
> <https://github.com/letsencrypt/cp-cps/tree/d5b258a/tools/lint> for
> linting a CPS to confirm compliance with RFC 3647 Section 6 and Ballot
> SC-074. If you maintain your CPS document in markdown, it should be very
> simple to use or adapt to your particular situation.
>
> 2) The Baseline Requirements themselves do not quite comply with RFC 3647
> Section 6, with several section titles that deviate from that outline in
> either capitalization or actual content.
>
> We hope this information is helpful to others,
> Aaron
>
> On Thu, Apr 25, 2024 at 9:27 AM Dimitris Zacharopoulos (HARICA) via
> Servercert-wg <servercert-wg at cabforum.org> wrote:
>
>>
>> SC-74 - Clarify CP/CPS structure according to RFC 3647 Summary
>>
>> The TLS Baseline Requirements require in section 2.2 that:
>>
>> *"The Certificate Policy and/or Certification Practice Statement MUST be
>> structured in accordance with RFC 3647 and MUST include all material
>> required by RFC 3647."*
>>
>> The intent of this language was to ensure that all CAs' CP and/or CPS
>> documents contain a similar structure, making it easier to review and
>> compare against the BRs. However, there was some ambiguity as to the actual
>> structure that CAs should follow. After several discussions in the SCWG
>> Public Mailing List
>> <https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html>
>> and F2F meetings, it was agreed that more clarity should be added to the
>> existing requirement, pointing to the outline described in section 6 of RFC
>> 3647.
>> The following motion has been proposed by Dimitris Zacharopoulos (HARICA)
>> and endorsed by Aaron Poulsen (Amazon) and Tim Hollebeek (Digicert).
>>
>> You can view the github pull request representing this ballot here
>> <https://github.com/cabforum/servercert/pull/503>.
>> Motion Begins
>>
>> MODIFY the "Baseline Requirements for the Issuance and Management of
>> Publicly-Trusted TLS Server Certificates" based on Version 2.0.4 as
>> specified in the following redline:
>>
>>    -
>>    https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae
>>
>> Motion Ends
>>
>> This ballot proposes a Final Maintenance Guideline. The procedure for
>> approval of this ballot is as follows:
>> Discussion (at least 7 days)
>>
>>    - Start time: 2024-04-25 16:30:00 UTC
>>    - End time: on or after 2024-05-02 16:30:00 UTC
>>
>> Vote for approval (7 days)
>>
>>    - Start time: TBD
>>    - End time: TBD
>>
>>
>> _______________________________________________
>> Servercert-wg mailing list
>> Servercert-wg at cabforum.org
>> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240508/f4b6ef22/attachment-0001.html>

More information about the Servercert-wg mailing list