Chunghwa Telecom votes ‘no’ on Ballot SC-073.
Tsung-Min Kuo From: Servercert-wg <servercert-wg-boun...@cabforum.org <mailto:servercert-wg-boun...@cabforum.org> > On Behalf Of Wayne Thayer via Servercert-wg Sent: Friday, April 26, 2024 2:00 AM To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg@cabforum.org <mailto:servercert-wg@cabforum.org> > Subject: [Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and Weak Keys Purpose of Ballot SC-073 This ballot proposes updates to the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates related to weak and compromised private keys. These changes lie primarily in Section 6.1.1.3 <https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2F6.1.1.3%2F &data=05%7C02%7Ctmkuo%40cht.com.tw%7C5a8a789bca98401a438c08dc6a7e9041%7C54eb 9440cf0345fe835e61bd4ce515c8%7C0%7C0%7C638502339031475174%7CUnknown%7CTWFpbG Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0 %7C%7C%7C&sdata=G4qU8iQWwf6HT4Gv4m%2FSxA3CBxTj56Lh%2Fxz1ycKUGY4%3D&reserved= 0> : * 6.1.1.3(4) clarifies that, for the purpose of this requirement, CAs shall be made aware of compromised keys using their existing notification mechanism(s). * 6.1.1.3(5) improves guidance for CAs around the detection of weak keys. Should this ballot pass, these changes become effective on November 15, 2024. Notes: * This ballot builds on the extensive work done by SSL.com in creating ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions are appreciated. * Thanks to Rob Stradling of Sectigo for the generation and publication of the set of Debian weak keys referenced in this ballot. * The Debian weak keys requirements have been discussed extensively, including in the following threads: <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cab forum.org%2Fpipermail%2Fservercert-wg%2F2024-March%2F004291.html&data=05%7C0 2%7Ctmkuo%40cht.com.tw%7C5a8a789bca98401a438c08dc6a7e9041%7C54eb9440cf0345fe 835e61bd4ce515c8%7C0%7C0%7C638502339031483002%7CUnknown%7CTWFpbGZsb3d8eyJWIj oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sd ata=O7eVqc%2Bz%2B4FXrDdN8uck2aG1UCGw2b3HnY41hX3aIHE%3D&reserved=0> https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html and <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cab forum.org%2Fpipermail%2Fservercert-wg%2F2024-April%2F004422.html&data=05%7C0 2%7Ctmkuo%40cht.com.tw%7C5a8a789bca98401a438c08dc6a7e9041%7C54eb9440cf0345fe 835e61bd4ce515c8%7C0%7C0%7C638502339031487142%7CUnknown%7CTWFpbGZsb3d8eyJWIj oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sd ata=2gJxRk7LtsfVOGSH%2FcnTMBTaN8Nx%2B%2BCxzlFJaayGMEA%3D&reserved=0> https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html * This ballot does not appear to conflict with any other ballots that are currently under discussion. The following motion has been proposed by Wayne Thayer of Fastly, and endorsed by Brittany Randall of GoDaddy and Bruce Morton of Entrust. — Motion Begins — This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version 2.0.3. MODIFY the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates as specified in the following Redline: Here is a link to the immutable GitHub redline: <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fcabforum%2Fservercert%2Fcompare%2Fa65402cff89affe1fc0a1f0e49807c7e42e160 8a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0&data=05%7C02%7Ctmkuo%40cht.com .tw%7C5a8a789bca98401a438c08dc6a7e9041%7C54eb9440cf0345fe835e61bd4ce515c8%7C 0%7C0%7C638502339031491221%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3jSsBVkrV%2FKKV H34XMbxit41SVwq3%2BZjNVg%2BXgTJyx8%3D&reserved=0> https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807 c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0 — Motion Ends — This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows: Discussion (7+ days) * Start time: 2024-04-18 00:00:00 UTC * End time: 2024-04-26 00:00:00 UTC Vote for approval (7 days) * Start time: 2024-04-26 00:00:00 UTC * End time: 2024-05-03 00:00:00 UTC
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
