D-Trust votes „YES“ on SC-073.
Thanks,
Enrico
Von: Servercert-wg <servercert-wg-boun...@cabforum.org> Im Auftrag von Wayne
Thayer via Servercert-wg
Gesendet: Friday, April 26, 2024 2:00 AM
An: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg@cabforum.org>
Betreff: [Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and
Weak Keys
Purpose of Ballot SC-073
This ballot proposes updates to the Baseline Requirements for the Issuance and
Management of Publicly-Trusted TLS Server Certificates related to weak and
compromised private keys. These changes lie primarily in Section 6.1.1.3
<http://6.1.1.3> :
· 6.1.1.3(4) clarifies that, for the purpose of this requirement, CAs
shall be made aware of compromised keys using their existing notification
mechanism(s).
· 6.1.1.3(5) improves guidance for CAs around the detection of weak keys.
Should this ballot pass, these changes become effective on November 15, 2024.
Notes:
· This ballot builds on the extensive work done by SSL.com in creating
ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions are appreciated.
· Thanks to Rob Stradling of Sectigo for the generation and publication
of the set of Debian weak keys referenced in this ballot.
· The Debian weak keys requirements have been discussed extensively,
including in the following threads:
<https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html>
https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html and
<https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html>
https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html
· This ballot does not appear to conflict with any other ballots that are
currently under discussion.
The following motion has been proposed by Wayne Thayer of Fastly, and endorsed
by Brittany Randall of GoDaddy and Bruce Morton of Entrust.
— Motion Begins —
This ballot modifies the “Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version
2.0.3.
MODIFY the Baseline Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates as specified in the following Redline:
Here is a link to the immutable GitHub redline:
<https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0>
https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0
— Motion Ends —
This ballot proposes a Final Maintenance Guideline. The procedure for approval
of this ballot is as follows:
Discussion (7+ days)
· Start time: 2024-04-18 00:00:00 UTC
· End time: 2024-04-26 00:00:00 UTC
Vote for approval (7 days)
· Start time: 2024-04-26 00:00:00 UTC
* End time: 2024-05-03 00:00:00 UTC
--- Begin Message ---
D-Trust votes „YES“ on SC-073.
Thanks,
Enrico
Von: Servercert-wg <servercert-wg-boun...@cabforum.org> Im Auftrag von Wayne
Thayer via Servercert-wg
Gesendet: Friday, April 26, 2024 2:00 AM
An: CA/B Forum Server Certificate WG Public Discussion List
<servercert-wg@cabforum.org>
Betreff: [Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and
Weak Keys
Purpose of Ballot SC-073
This ballot proposes updates to the Baseline Requirements for the Issuance and
Management of Publicly-Trusted TLS Server Certificates related to weak and
compromised private keys. These changes lie primarily in Section 6.1.1.3
<http://6.1.1.3> :
· 6.1.1.3(4) clarifies that, for the purpose of this requirement, CAs
shall be made aware of compromised keys using their existing notification
mechanism(s).
· 6.1.1.3(5) improves guidance for CAs around the detection of weak keys.
Should this ballot pass, these changes become effective on November 15, 2024.
Notes:
· This ballot builds on the extensive work done by SSL.com in creating
ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions are appreciated.
· Thanks to Rob Stradling of Sectigo for the generation and publication
of the set of Debian weak keys referenced in this ballot.
· The Debian weak keys requirements have been discussed extensively,
including in the following threads:
<https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html>
https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html and
<https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html>
https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html
· This ballot does not appear to conflict with any other ballots that are
currently under discussion.
The following motion has been proposed by Wayne Thayer of Fastly, and endorsed
by Brittany Randall of GoDaddy and Bruce Morton of Entrust.
— Motion Begins —
This ballot modifies the “Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version
2.0.3.
MODIFY the Baseline Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates as specified in the following Redline:
Here is a link to the immutable GitHub redline:
<https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0>
https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0
— Motion Ends —
This ballot proposes a Final Maintenance Guideline. The procedure for approval
of this ballot is as follows:
Discussion (7+ days)
· Start time: 2024-04-18 00:00:00 UTC
· End time: 2024-04-26 00:00:00 UTC
Vote for approval (7 days)
· Start time: 2024-04-26 00:00:00 UTC
* End time: 2024-05-03 00:00:00 UTC
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
