HARICA votes "yes" to ballot SC-073.
On 26/4/2024 3:00 π.μ., Wayne Thayer via Servercert-wg wrote:
Purpose of Ballot SC-073
This ballot proposes updates to the Baseline Requirements for the
Issuance and Management of Publicly-Trusted TLS Server Certificates
related to weak and compromised private keys. These changes lie
primarily in Section 6.1.1.3 <http://6.1.1.3>:
*
6.1.1.3(4) clarifies that, for the purpose of this requirement,
CAs shall be made aware of compromised keys using their existing
notification mechanism(s).
*
6.1.1.3(5) improves guidance for CAs around the detection of weak
keys. Should this ballot pass, these changes become effective on
November 15, 2024.
Notes:
*
This ballot builds on the extensive work done by SSL.com in
creating ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions
are appreciated.
*
Thanks to Rob Stradling of Sectigo for the generation and
publication of the set of Debian weak keys referenced in this ballot.
*
The Debian weak keys requirements have been discussed extensively,
including in the following threads:
https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html
<https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html>and
https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html
<https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html>
*
This ballot does not appear to conflict with any other ballots
that are currently under discussion.
The following motion has been proposed by Wayne Thayer of Fastly, and
endorsed by Brittany Randall of GoDaddy and Bruce Morton of Entrust.
— Motion Begins —
This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” (“Baseline
Requirements”), based on Version 2.0.3.
MODIFY the Baseline Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates as specified in the following
Redline:
Here is a link to the immutable GitHub redline:
https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0
<https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0>
— Motion Ends —
This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:
Discussion (7+ days)
*
Start time: 2024-04-18 00:00:00 UTC
*
End time: 2024-04-26 00:00:00 UTC
Vote for approval (7 days)
*
Start time: 2024-04-26 00:00:00 UTC
* End time: 2024-05-03 00:00:00 UTC
_______________________________________________
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
_______________________________________________
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
