Thank you fo the feedback Aaron. I agree with both points you made in the PR and have updated it to reflect your suggestions.
- Wayne On Mon, Feb 12, 2024 at 12:27 PM Aaron Gable <aa...@letsencrypt.org> wrote: > Thank you Wayne! I think this gets close to the sweet spot for me, > personally. I've left two small comments on the ballot, but on the whole I > think I like this approach. > > Thanks again, > Aaron > > On Mon, Feb 12, 2024 at 8:18 AM Wayne Thayer via Servercert-wg < > servercert-wg@cabforum.org> wrote: > >> Following up from the last SCWG teleconference, I've reviewed the >> feedback from the discussion [1] and voting [2] periods for ballot SC-59 >> Weak Key Guidance, along with the prior discussions on the "made aware" >> language in section 6.1.1.3 [3] and I would like to propose the following >> Baseline Requirements improvements: >> >> * Scope the 6.1.1.3 "made aware" language to "made aware via the CA's >> documented problem reporting mechanism". This addresses the concern that I >> raised by limiting how a CA can be "made aware". [4] >> >> * Remove the Debian requirements from the prior weak keys ballot and >> replace them with language that excludes Debian weak keys. Otherwise use >> the language from the prior ballot, with the exception of a new effective >> date. This consolidates feedback that CAs do desire the clarity that would >> have been provided by the prior ballot, but many believe that the burden >> for rejecting Debian weak keys exceeds the value of doing so at this point >> in time. >> >> Here's the result: https://github.com/wthayer/servercert/pull/1/files >> >> Note that, while there has been discussion about completely removing weak >> key checking requirements, there does not appear to be a consensus to do so. >> >> I would appreciate everyone's feedback on the proposal, and I am also >> seeking endorsers. >> >> Thanks, >> >> Wayne >> >> [1] >> https://lists.cabforum.org/pipermail/servercert-wg/2023-July/003820.html >> [2] >> https://lists.cabforum.org/pipermail/servercert-wg/2023-July/003857.html >> [3] >> https://lists.cabforum.org/pipermail/servercert-wg/2023-July/003902.html >> [4] https://github.com/cabforum/servercert/issues/442 >> >> _______________________________________________ >> Servercert-wg mailing list >> Servercert-wg@cabforum.org >> https://lists.cabforum.org/mailman/listinfo/servercert-wg >> >
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg