[Servercert-wg] Voting Period Begins | SC-079v2 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate

[Inigo Barreira]

Sectigo votes yes

 

De: Servercert-wg <servercert-wg-bounces at cabforum.org> En nombre de Paul van
Brouwershaven via Servercert-wg
Enviado el: lunes, 30 de septiembre de 2024 13:08
Para: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg at cabforum.org>
Asunto: [Servercert-wg] Voting Period Begins | SC-079v2 - Allow more than
one Certificate Policy in a Cross-Certified Subordinate CA Certificate

 

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.

 

### Purpose of the Ballot

 

This ballot duplicates the content of section 7.1.2.10.5 (CA Certificate
Certificate Policies) into section 7.1.2.2 (Cross-Certified Subordinate CA
Certificate Profile) as section 7.1.2.2.6 (Cross-Certified Subordinate CA
Certificate Certificate Policies), modifying the requirement from "MUST
contain exactly one Reserved Certificate Policy Identifier" to "MUST include
at least one Reserved Certificate Policy Identifier. If any Subscriber
Certificates will chain up directly to the Certificate issued under this
Certificate Profile, this Cross-Certified Subordinate CA Certificate MUST
contain exactly one Reserved Certificate Policy Identifier". This change
allows the inclusion of multiple Reserved Certificate Policy Identifiers in
a Cross-Certified Subordinate CA Certificate, except when any Subscriber
Certificates chain up directly to the Certificate issued under this
Certificate Profile.

 

Additionally, the description of the `policyIdentifier` contents was updated
for clarification in both sections.

 

The following motion has been proposed by Paul van Brouwershaven (Entrust)
and endorsed by Ben Wilson (Mozilla) and Thomas Zermeno (SSL.com).

 

### Motion begins

 

MODIFY the "Baseline Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements")
based on Version 2.0.7 as specified in the following redline:

 

-
https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de
5061658c7c5...e808034e0c8889884761a2e591bb562f86b858c3 

 

### Motion ends

 

This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:

 

Discussion (7+ days)

 

- Start time: 2024-09-22 19:10 UTC

- End time: 2024-09-2919:10 UTC

 

Vote for approval (7 days)

 

- Start time: 2024-09-30 11:10 UTC
- End time: 2024-10-07 11:10 UTC

 

 

 

Any email and files/attachments transmitted with it are intended solely for
the use of the individual or entity to whom they are addressed. If this
message has been sent to you in error, you must not copy, distribute or
disclose of the information it contains. Please notify Entrust immediately
and delete the message from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20241003/a2fb22a0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6630 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20241003/a2fb22a0/attachment-0001.p7s>