[Servercert-wg] Voting Period Begins | SC-079v2 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate

Mon, 30 Sep 2024 04:08:22 -0700 

### Purpose of the Ballot

This ballot duplicates the content of section 7.1.2.10.5 (CA Certificate 
Certificate Policies) into section 7.1.2.2 (Cross-Certified Subordinate CA 
Certificate Profile) as section 7.1.2.2.6 (Cross-Certified Subordinate CA 
Certificate Certificate Policies), modifying the requirement from "MUST contain 
exactly one Reserved Certificate Policy Identifier" to "MUST include at least 
one Reserved Certificate Policy Identifier. If any Subscriber Certificates will 
chain up directly to the Certificate issued under this Certificate Profile, 
this Cross-Certified Subordinate CA Certificate MUST contain exactly one 
Reserved Certificate Policy Identifier". This change allows the inclusion of 
multiple Reserved Certificate Policy Identifiers in a Cross-Certified 
Subordinate CA Certificate, except when any Subscriber Certificates chain up 
directly to the Certificate issued under this Certificate Profile.

Additionally, the description of the `policyIdentifier` contents was updated 
for clarification in both sections.

The following motion has been proposed by Paul van Brouwershaven (Entrust) and 
endorsed by Ben Wilson (Mozilla) and Thomas Zermeno (SSL.com).

### Motion begins

MODIFY the "Baseline Requirements for the Issuance and Management of 
Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements") based 
on Version 2.0.7 as specified in the following redline:

- 
https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5...e808034e0c8889884761a2e591bb562f86b858c3

### Motion ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval 
of this ballot is as follows:

Discussion (7+ days)

- Start time: 2024-09-22 19:10 UTC
- End time: 2024-09-2919:10 UTC

Vote for approval (7 days)

- Start time: 2024-09-30 11:10 UTC
- End time: 2024-10-07 11:10 UTC



Any email and files/attachments transmitted with it are intended solely for the 
use of the individual or entity to whom they are addressed. If this message has 
been sent to you in error, you must not copy, distribute or disclose of the 
information it contains. Please notify Entrust immediately and delete the 
message from your system.

_______________________________________________
Servercert-wg mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Reply via email to