[Servercert-wg] Voting Period Begins | SC-079v2 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate

Ben Wilson bwilson at mozilla.com
Mon Sep 30 15:30:42 UTC 2024


Mozilla votes "yes" for BallotSC-079v2.

On Mon, Sep 30, 2024 at 5:08 AM Paul van Brouwershaven via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> *### Purpose of the Ballot*
>
> This ballot duplicates the content of section 7.1.2.10.5 (CA Certificate
> Certificate Policies) into section 7.1.2.2 (Cross-Certified Subordinate CA
> Certificate Profile) as section 7.1.2.2.6 (Cross-Certified Subordinate CA
> Certificate Certificate Policies), modifying the requirement from "MUST
> contain exactly one Reserved Certificate Policy Identifier" to "MUST
> include at least one Reserved Certificate Policy Identifier. If any
> Subscriber Certificates will chain up directly to the Certificate issued
> under this Certificate Profile, this Cross-Certified Subordinate CA
> Certificate MUST contain exactly one Reserved Certificate Policy
> Identifier". This change allows the inclusion of multiple Reserved
> Certificate Policy Identifiers in a Cross-Certified Subordinate CA
> Certificate, except when any Subscriber Certificates chain up directly to
> the Certificate issued under this Certificate Profile.
>
> Additionally, the description of the `policyIdentifier` contents was
> updated for clarification in both sections.
>
> The following motion has been proposed by Paul van Brouwershaven (Entrust)
> and endorsed by Ben Wilson (Mozilla) and Thomas Zermeno (SSL.com).
>
> *### Motion begins*
>
> MODIFY the "Baseline Requirements for the Issuance and Management of
> Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements")
> based on Version 2.0.7 as specified in the following redline:
>
> -
> https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5...e808034e0c8889884761a2e591bb562f86b858c3
>
>
> *### Motion ends*
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> - Start time: 2024-09-22 19:10 UTC
> - End time: 2024-09-2919:10 UTC
>
> Vote for approval (7 days)
>
> - Start time: 2024-09-30 11:10 UTC
> - End time: 2024-10-07 11:10 UTC
>
>
>
> *Any email and files/attachments transmitted with it are intended solely
> for the use of the individual or entity to whom they are addressed. If this
> message has been sent to you in error, you must not copy, distribute or
> disclose of the information it contains. Please notify Entrust immediately
> and delete the message from your system.*
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240930/98b9e8ea/attachment.html>


More information about the Servercert-wg mailing list