[Servercert-wg] SC-079v2 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate

Wed Oct 2 14:28:02 UTC 2024

Disig votes "YES" on SC-079v2 - Allow more than one  Certificate Policy in a Cross-Certified Subordinate CA  Certificate.

Regards
Peter Miskovic

-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of servercert-wg-request at cabforum.org
Sent: pondelok 30. septembra 2024 15:23
To: servercert-wg at cabforum.org
Subject: Servercert-wg Digest, Vol 75, Issue 81

Send Servercert-wg mailing list submissions to
	servercert-wg at cabforum.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.cabforum.org/mailman/listinfo/servercert-wg
or, via email, send a message with subject or body 'help' to
	servercert-wg-request at cabforum.org

You can reach the person managing the list at
	servercert-wg-owner at cabforum.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of Servercert-wg digest..."

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Paul van Brouwershaven via Servercert-wg
Sent: Monday, September 30, 2024 7:08 AM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [EXTERNAL] [Servercert-wg] Voting Period Begins | SC-079v2 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate

### Purpose of the Ballot This ballot duplicates the content of section 7.?1.?2.?10.?5 (CA Certificate Certificate Policies) into section 7.?1.?2.?2 (Cross-Certified Subordinate CA Certificate Profile) as section 7.?1.?2.?2.?6 (Cross-Certified Subordinate

### Purpose of the Ballot

This ballot duplicates the content of section 7.1.2.10.5 (CA Certificate Certificate Policies) into section 7.1.2.2 (Cross-Certified Subordinate CA Certificate Profile) as section 7.1.2.2.6 (Cross-Certified Subordinate CA Certificate Certificate Policies), modifying the requirement from "MUST contain exactly one Reserved Certificate Policy Identifier" to "MUST include at least one Reserved Certificate Policy Identifier. If any Subscriber Certificates will chain up directly to the Certificate issued under this Certificate Profile, this Cross-Certified Subordinate CA Certificate MUST contain exactly one Reserved Certificate Policy Identifier". This change allows the inclusion of multiple Reserved Certificate Policy Identifiers in a Cross-Certified Subordinate CA Certificate, except when any Subscriber Certificates chain up directly to the Certificate issued under this Certificate Profile.

Additionally, the description of the `policyIdentifier` contents was updated for clarification in both sections.

The following motion has been proposed by Paul van Brouwershaven (Entrust) and endorsed by Ben Wilson (Mozilla) and Thomas Zermeno (SSL.com).

### Motion begins

MODIFY the "Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements") based on Version 2.0.7 as specified in the following redline:

- https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5...e808034e0c8889884761a2e591bb562f86b858c3<https://urldefense.com/v3/__https:/github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5...e808034e0c8889884761a2e591bb562f86b858c3__;!!FJ-Y8qCqXTj2!YDQ60nrTGIO5GI7L2gXir8HYqV56EGlsKeAJFead4-jIuy3ofabuz8YVxV0MaA2FNMoYQ6aZcOc6zmJEwmcBlGK-P0eF6g$>

### Motion ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion (7+ days)

- Start time: 2024-09-22 19:10 UTC
- End time: 2024-09-2919:10 UTC

Vote for approval (7 days)

- Start time: 2024-09-30 11:10 UTC
- End time: 2024-10-07 11:10 UTC

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240930/8d9b06c8/attachment-0001.html>