Thanks Aaron,
Would it be ok for you to create a GitHub issue
<https://github.com/cabforum/servercert/issues> to identify the specific
sections that deviate in content? We might tackle that in a cleanup
ballot. I don't think the capitalization is so much of a concern but if
others think it is, please speak up :)
Dimitris.
On 8/5/2024 1:19 π.μ., Aaron Gable wrote:
Two notes on this ballot, findings from our process for handling
upcoming requirements:
1) Let's Encrypt has created and open-sourced a tool
<https://github.com/letsencrypt/cp-cps/tree/d5b258a/tools/lint> for
linting a CPS to confirm compliance with RFC 3647 Section 6 and Ballot
SC-074. If you maintain your CPS document in markdown, it should be
very simple to use or adapt to your particular situation.
2) The Baseline Requirements themselves do not quite comply with RFC
3647 Section 6, with several section titles that deviate from that
outline in either capitalization or actual content.
We hope this information is helpful to others,
Aaron
On Thu, Apr 25, 2024 at 9:27 AM Dimitris Zacharopoulos (HARICA) via
Servercert-wg <servercert-wg@cabforum.org> wrote:
SC-74 - Clarify CP/CPS structure according to RFC 3647
Summary
The TLS Baseline Requirements require in section 2.2 that:
/"The Certificate Policy and/or Certification Practice Statement
MUST be structured in accordance with RFC 3647 and MUST include
all material required by RFC 3647."/
The intent of this language was to ensure that all CAs' CP and/or
CPS documents contain a similar structure, making it easier to
review and compare against the BRs. However, there was some
ambiguity as to the actual structure that CAs should follow. After
several discussions in the SCWG Public Mailing List
<https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html>
and F2F meetings, it was agreed that more clarity should be added
to the existing requirement, pointing to the outline described in
section 6 of RFC 3647.
The following motion has been proposed by Dimitris Zacharopoulos
(HARICA) and endorsed by Aaron Poulsen (Amazon) and Tim Hollebeek
(Digicert).
You can view the github pull request representing this ballot here
<https://github.com/cabforum/servercert/pull/503>.
Motion Begins
MODIFY the "Baseline Requirements for the Issuance and Management
of Publicly-Trusted TLS Server Certificates" based on Version
2.0.4 as specified in the following redline:
*
https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae
Motion Ends
This ballot proposes a Final Maintenance Guideline. The procedure
for approval of this ballot is as follows:
Discussion (at least 7 days)
* Start time: 2024-04-25 16:30:00 UTC
* End time: on or after 2024-05-02 16:30:00 UTC
Vote for approval (7 days)
* Start time: TBD
* End time: TBD
_______________________________________________
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
_______________________________________________
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg
