JPRS votes YES to Ballot SC-073
Yoshihiko Matsuo
On 2024/04/26 9:00, Wayne Thayer via Servercert-wg wrote:
Purpose of Ballot SC-073
This ballot proposes updates to the Baseline Requirements for the Issuance and
Management of Publicly-Trusted TLS Server Certificates related to weak and
I did a quick check, but was only able to find one recently issued leaf
certificate that contained an https CA Issuers URI. There seems to be about 26
CA certificates that do as well, but all were issued before 2019 except for 2.
Of the 1 leaf and 2 CA certificates that are more recent, they’re
VikingCloud votes yes on SC-073.
Regards,
Andrea Holland
From: Servercert-wg On Behalf Of Wayne
Thayer via Servercert-wg
Sent: Thursday, April 25, 2024 8:00 PM
To: CA/B Forum Server Certificate WG Public Discussion List
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-073:
CommScope votes “yes” to Ballot SC-073.
From: Servercert-wg On Behalf Of Wayne
Thayer via Servercert-wg
Sent: Thursday, April 25, 2024 8:00 PM
To: CA/B Forum Server Certificate WG Public Discussion List
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and
Weak Keys
Hi Clint,
> My understanding is that the intent was indeed to restrict these to HTTP
> specifically.
That matches my understanding as well.
> I’m not convinced a clarification is worthwhile here. To be clear, I’m not
> opposed, I’m just not sure it’s something CAs are actively getting
Thanks Clint,
It would help doing some research in CENSYS to see if this is a real
problem or not. I will try to get some additional resources internally
to help me with this. In any case, this discussion might inspire some of
the linting software developers to write a lint expecting only