[Servercert-wg] Voting Period Begins | SC-079v2 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate

Tue Oct 1 02:54:10 UTC 2024

Chunghwa Telecom votes "yes" for BallotSC-079v2.

Regards,
Tsung-Min Kuo

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Paul van Brouwershaven via Servercert-wg
Sent: Monday, September 30, 2024 7:08 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [外部郵件][Servercert-wg] Voting Period Begins | SC-079v2 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate

### Purpose of the Ballot

This ballot duplicates the content of section 7.1.2.10.5 (CA Certificate Certificate Policies) into section 7.1.2.2 (Cross-Certified Subordinate CA Certificate Profile) as section 7.1.2.2.6 (Cross-Certified Subordinate CA Certificate Certificate Policies), modifying the requirement from "MUST contain exactly one Reserved Certificate Policy Identifier" to "MUST include at least one Reserved Certificate Policy Identifier. If any Subscriber Certificates will chain up directly to the Certificate issued under this Certificate Profile, this Cross-Certified Subordinate CA Certificate MUST contain exactly one Reserved Certificate Policy Identifier". This change allows the inclusion of multiple Reserved Certificate Policy Identifiers in a Cross-Certified Subordinate CA Certificate, except when any Subscriber Certificates chain up directly to the Certificate issued under this Certificate Profile.

Additionally, the description of the `policyIdentifier` contents was updated for clarification in both sections.

The following motion has been proposed by Paul van Brouwershaven (Entrust) and endorsed by Ben Wilson (Mozilla) and Thomas Zermeno (SSL.com).

### Motion begins

MODIFY the "Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements") based on Version 2.0.7 as specified in the following redline:

- https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5...e808034e0c8889884761a2e591bb562f86b858c3

### Motion ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion (7+ days)

- Start time: 2024-09-22 19:10 UTC
- End time: 2024-09-2919:10 UTC

Vote for approval (7 days)

- Start time: 2024-09-30 11:10 UTC
- End time: 2024-10-07 11:10 UTC

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20241001/2638dc32/attachment-0001.html>