Thank you Wayne! I think this gets close to the sweet spot for me, personally. I've left two small comments on the ballot, but on the whole I think I like this approach.
Thanks again, Aaron On Mon, Feb 12, 2024 at 8:18 AM Wayne Thayer via Servercert-wg < servercert-wg@cabforum.org> wrote: > Following up from the last SCWG teleconference, I've reviewed the feedback > from the discussion [1] and voting [2] periods for ballot SC-59 Weak Key > Guidance, along with the prior discussions on the "made aware" language in > section 6.1.1.3 [3] and I would like to propose the following Baseline > Requirements improvements: > > * Scope the 6.1.1.3 "made aware" language to "made aware via the CA's > documented problem reporting mechanism". This addresses the concern that I > raised by limiting how a CA can be "made aware". [4] > > * Remove the Debian requirements from the prior weak keys ballot and > replace them with language that excludes Debian weak keys. Otherwise use > the language from the prior ballot, with the exception of a new effective > date. This consolidates feedback that CAs do desire the clarity that would > have been provided by the prior ballot, but many believe that the burden > for rejecting Debian weak keys exceeds the value of doing so at this point > in time. > > Here's the result: https://github.com/wthayer/servercert/pull/1/files > > Note that, while there has been discussion about completely removing weak > key checking requirements, there does not appear to be a consensus to do so. > > I would appreciate everyone's feedback on the proposal, and I am also > seeking endorsers. > > Thanks, > > Wayne > > [1] > https://lists.cabforum.org/pipermail/servercert-wg/2023-July/003820.html > [2] > https://lists.cabforum.org/pipermail/servercert-wg/2023-July/003857.html > [3] > https://lists.cabforum.org/pipermail/servercert-wg/2023-July/003902.html > [4] https://github.com/cabforum/servercert/issues/442 > > _______________________________________________ > Servercert-wg mailing list > Servercert-wg@cabforum.org > https://lists.cabforum.org/mailman/listinfo/servercert-wg >
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
