[cabf_validation] Proposal for updating BRs by introducing the definition of scheme according to RFC 3986, section 3.1

Entschew, Enrico e.entschew at d-trust.net
Fri Aug 16 06:44:30 UTC 2024


Hi everyone,

I'd like to propose some language changes to avoid possible
misinterpretations in regard to the content of the Subscriber Certificate
Authority Information Access, CRL Distribution Points, Subscriber
Certificate Certificate Policies, OCSP Responder Certificate Policies and CA
Certificate Certificate Policies.

These changes address ambiguous descriptions in the sections

*	1.6.1,
*	7.1.2.7.7,
*	7.1.2.11.2,
*	7.1.2.3.2,
*	7.1.2.7.9,
*	7.1.2.8.8,
*	7.1.2.10.5.

The proposal can be found here:
https://github.com/cabforum/servercert/pull/534

All these are linguistic improvements to avoid ambiguities. It introduces
the definition of scheme according to RFC 3986, section 3.1 to the BRs. It
also clarifies that no methods other than those listed in the respective
descriptions are permitted.

Background: D-Trust had an incident due to the current language of the BRs
and its interpretation. 

Could you please check the proposed changes? Feedback is highly appreciated.
I would like to eventually bring the proposal to a ballot at the Server
Certificate Working Group Level.

 

Thanks,

Enrico

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20240816/673f99ad/attachment-0001.html>
-------------- next part --------------
An embedded message was scrubbed...
From: "Entschew, Enrico" <e.entschew at d-trust.net>
Subject: Proposal for updating BRs by introducing the definition of scheme according to RFC 3986, section 3.1 
Date: Fri, 16 Aug 2024 06:44:30 +0000
Size: 19735
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20240816/673f99ad/attachment-0001.eml>


More information about the Validation mailing list