Re: [Servercert-wg] [EXTERNAL] [Discussion Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

I concur that it is a misrepresentation to say that a "NOT RECOMMENDED" in the BRs and a "MUST" in the EVGs is a conflict. It is no more of a conflict than we saw recently where European law allowed two identifiers to be used while the EVGs

Re: [Servercert-wg] [EXTERNAL] [Discussion Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

> > I don’t have any particular concern with the change itself, to be clear, > but the motivation behind this — and the abruptness of the introduction of > the topic — remain opaque to me. It appears to me that this bug is the motivation for this ballot:

Re: [Servercert-wg] Compromised/Weak Keys Ballot Proposal

On yesterday's SCWG teleconference, Mads suggested that a way forward would be to leave the existing requirements in place for Debian weak keys. I've interpreted that to mean that we would just remove references to Debian, resulting in this: https://github.com/wthayer/servercert/pull/1/files I'm

Re: [Servercert-wg] [EXTERNAL] [Discussion Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

Hi Paul, There are a lot of ways that the EVGs differ from the TBRs; that’s basically the point of them, as I understand it. Specifically it’s within the profiles that most non-process-oriented differences can be found between EV, OV, IV, and DV TLS certificates. Are all of these differences

Re: [Servercert-wg] [EXTERNAL] Re: [Discussion Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

Hi Clint, If the BRs specified MAY and the EVGs MUST you can put it in both and thus have profile alignment. After this changed from MAY to NOT RECOMMENDED we end up with a conflicting requirement, while allowed, its expected that CAs adhere to a NOT RECOMMENDED unless they have a good reason

Re: [Servercert-wg] [Discussion Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

Hi, Could the ballot author and endorsers please provide some additional explanation and context surrounding this ballot? As far as I can recall, this topic hasn’t been discussed since SC-062, so it’s rather coming out of nowhere as a ballot proposal (which is, of course, totally fine, but

[Servercert-wg] [Discussion Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

This ballot updates the TLS Extended Validation Guidelines (EVGs) by removing the exceptions to policyQualifiers​ in section 9.7, to align them with the Baseline Requirements (BRs).As result, this ballot changes policyQualifiers​ from MUST​ to NOT RECOMMENDED​ as stated in the TLS Baseline