Re: [Servercert-wg] Discussion Period Begins - Ballot SC-067 V3: "Require domain validation and CAA checks to be performed from multiple Network Perspectives"

Hi Christophe, Answers to your questions are listed below, flagged with a “CRP Response" prefix. Due to expected formatting and readability issues commonly observed with the mail archive (i.e., poorly formatted bulleted lists), a copy of this content is available in doc form here

Re: [Servercert-wg] Ballot SC-75 - Pre-sign linting

Thanks for the update, Dimitris - and to the ballot endorsers for their consideration of the points made in my message. In general, I have no objections to the recently described adoption approach or timeline. > I'm fine with the stated preference for pre-signing over post-signing linting but

Re: [Servercert-wg] Ballot SC-75 - Pre-sign linting

> I’d like to point out that probably many CA is not a Software-Development company and relies on suppliers for their CA systems. Linting project contributions go beyond only offering engineering expertise and include important tasks like reporting "unlintable issues," updating documentation

Re: [Servercert-wg] Ballot SC-75 - Pre-sign linting

Hi Dimitris, Corey, and Ben, Thank you for bringing this ballot forward for the group’s consideration. A few questions: - Given the perceived value of linting, should we consider a stronger position on its adoption (i.e., MUST versus SHOULD)? While I recognize that the Baseline

Re: [Servercert-wg] [External Sender] Discussion about single-purpose client authentication leaf certificates issued from a server TLS Issuing CA

Hi Pedro, Sharing our perspective below: > I don’t know if you didn’t mention Chrome for a particular reason, but actually that’s the Root program that makes me scratch my head while reading these discussions… because AFAIK they only include Roots for TLS serverAuth purposes, and not for

Re: [Servercert-wg] [External Sender] Question regarding the id-ad-caIssuers accessMethod URI

It's my understanding that the intent of the updates made in SC-62 were to prohibit any non-HTTP URI. This was discussed in: 1) at least one historical GitHub discussion (referenced in ballot preamble

Re: [Servercert-wg] Fixing lag between requirements changes and linter updates

Like Martijn, we appreciate the spirit behind this recommendation. Establishing clear expectations related to linting is something the Chrome Root Program considers important. We’ve touched [1] on this on the open SCWG

Re: [Servercert-wg] [Voting Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

Google votes YES on SC-72. On Thu, Mar 28, 2024 at 12:53 PM Tim Hollebeek via Servercert-wg < servercert-wg@cabforum.org> wrote: > DigiCert votes YES on SC-72. > > > > -Tim > > > > *From:* Servercert-wg *On Behalf Of *Paul > van Brouwershaven via Servercert-wg > *Sent:* Monday, March 25, 2024

Re: [Servercert-wg] [EXTERNAL] Voting Period Begins - Ballot SC-59 v2 "Weak Key Guidance"

Google ABSTAINS on voting for Ballot SC-59 v2. On Tue, Jul 11, 2023 at 4:24 PM Paul van Brouwershaven via Servercert-wg < servercert-wg@cabforum.org> wrote: > Entrust votes NO on Ballot SC-59 v2. > > While we are in compliance with the proposed requirements, we concur with > others that it would