Google ABSTAINS on voting for Ballot SC-59 v2. On Tue, Jul 11, 2023 at 4:24 PM Paul van Brouwershaven via Servercert-wg < [email protected]> wrote:
> Entrust votes NO on Ballot SC-59 v2. > > While we are in compliance with the proposed requirements, we concur with > others that it would be more beneficial to continue the recent discussion > to prevent the need for another update to this section shortly after > this ballot passes. > > > ------------------------------ > *From:* Servercert-wg <[email protected]> on behalf of > Tom Zermeno via Servercert-wg <[email protected]> > *Sent:* Thursday, July 6, 2023 18:17 > *To:* Infrastructure Bot via Servercert-wg <[email protected]> > *Subject:* [EXTERNAL] [Servercert-wg] Voting Period Begins - Ballot SC-59 > v2 "Weak Key Guidance" > > WARNING: This email originated outside of Entrust. > DO NOT CLICK links or attachments unless you trust the sender and know the > content is safe. > ------------------------------ > > *Purpose of the Ballot SC-59* > > This ballot proposes updates to the Baseline Requirements for the Issuance > and Management of Publicly-Trusted Certificates related to the > identification and revocation of certificates with private keys that were > generated in a manner that may make them susceptible to easy decryption. It > specifically deals with Debian weak keys, ROCA, and Close Primes > Vulnerability. > > Notes: > > - Thank you to the participants who voiced opinions and concerns about > the previous version of the ballot. While there were many concerns about > the inclusion of the Debian weak keys checks, we have decided to leave the > checks in the ballot. Our reasoning is that we wanted to strengthen the > guidance statements, to help CAs ensure compliant certificate generation. > Future reviews of the BRs may cull the requirements, as is required by the > needs of the community. > - We believe that the requested date of November 15, 2023, will allow > enough time for Certificate Authorities to enact any changes to their > systems to ensure that they perform the weak key checks on all CSRs > submitted for TLS certificates. > - The changes introduced in SC-59 do not conflict with any of the > recent ballots. As observed with other ballots in the past, minor > administrative updates must be made to the proposed ballot text before > publication such that the appropriate Version # and Change History are > accurately represented (e.g., to indicate these changes will be represented > in Version 2.0.1). > > The following motion has been proposed by Thomas Zermeno of SSL.com and > has been endorsed by Martijn Katerbarg of Sectigo and Ben Wilson of > Mozilla. > > *- Motion Begins -* > > This ballot modifies the “Baseline Requirements for the Issuance and > Management of Publicly-Trusted Certificates” (“Baseline Requirements”), > based on Version 2.0.0. > > MODIFY the Baseline Requirements as specified in the following Redline: > https://github.com/cabforum/servercert/compare/a0360b61e73476959220dc328e3b68d0224fa0b3...SSLcom:servercert:958e6ccac857b826fead6e4bd06d58f4fdd7fa7a > > > *- Motion Ends -* > > The procedure for approval of this ballot is as follows: > > Discussion (7 days) > > • Start time: 2023-06-26 22:00:00 UTC > > • End time: 2023-07-03 21:59:59 UTC > > *Vote for approval (7 days)* > > * • Start Time: 2023-07-06 17:00:00* > > * • End Time: 2023-07-13 16:59:59* > > > *Any email and files/attachments transmitted with it are intended solely > for the use of the individual or entity to whom they are addressed. If this > message has been sent to you in error, you must not copy, distribute or > disclose of the information it contains. Please notify Entrust immediately > and delete the message from your system.* > _______________________________________________ > Servercert-wg mailing list > [email protected] > https://lists.cabforum.org/mailman/listinfo/servercert-wg >
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
