Apple votes YES. Curt
> On Dec 7, 2017, at 8:52 AM, Ryan Sleevi via Public <[email protected]> > wrote: > > Ballot 217: Sunset RFC 2527 > > Purpose of Ballot: The Baseline Requirements and Extended Validation > Guidelines require that CA's disclosures of the Certificate Policy and/or > Certification Practice Statements include all of the material required by > either RFC 2527 or RFC 3647 and structured in accordance with RFC 2527 or RFC > 3647. > > RFC 2527 is an obsolete RFC, published in 1999, and replaced by RFC 3647 in > 2003. This sunsets the use of RFC 2527, ensuring that CAs' disclosures will > follow a consistent pattern across the industry, facilitating easier review > by Subscribers, Browsers, and the broader community. Based upon Member > feedback, 6 months is provided for CAs to review and update their CP/CPS > documents. > > This motion aligns the language to be consistent between the BRs and the > EVGs. For the benefit of minimal changes, this aligns the existing language > through duplication, rather than attempting to incorporate the BRs by > reference. > > The following motion has been proposed by Ryan Sleevi of Google and endorsed > by Tim Hollebeek of DigiCert and Dimitris Zacharopoulos of HARICA. > > -- MOTION BEGINS -- > > This ballot modifies the "Baseline Requirements for the Issuance and > Management of Publicly-Trusted Certificates" as follows, based upon Version > 1.5.1: > > In Section 2.2, replace the text: > "The CA SHALL publicly disclose its Certificate Policy and/or Certification > Practice Statement through an appropriate and readily accessible online means > that is available on a 24x7 basis. The CA SHALL publicly disclose its CA > business practices to the extent required by the CA's selected audit scheme > (see Section 8.1). The disclosures MUST include all the material required by > RFC 2527 or RFC 3647, and MUST be structured in accordance with either RFC > 2527 or RFC 3647. " > > with the following: > "The CA SHALL publicly disclose its Certificate Policy and/or Certification > Practice Statement through an appropriate and readily accessible online means > that is available on a 24x7 basis. The CA SHALL publicly disclose its CA > business practices to the extent required by the CA's selected audit scheme > (see Section 8.1). > > Effective as of 31 May 2018, the Certificate Policy and/or Certification > Practice Statement MUST be structured in accordance with RFC 3647. Prior to > 31 May 2018, the Certificate Policy and/or Certification Practice Statement > MUST be structured in accordance with either RFC 2527 or RFC 3647. The > Certificate Policy and/or Certification Practice Statement MUST include all > material required by RFC 3647 or, if structured as such, RFC 2527." > > > > This ballot modifies the "Guidelines for the Issuance and Management of > Extended Validation Certificates" as follows, based on Version 1.6.6: > > In Section 8.2.2, replace the text: > "Each CA MUST publicly disclose their EV Policies through an appropriate and > readily accessible online means that is available on a 24x7 basis. The CA is > also REQUIRED to publicly disclose its CA business practices as required by > WebTrust for CAs and ETSI TS 102 042 and ETSI EN 319 411-1. The disclosures > MUST be structured in accordance with either RFC 2527 or RFC 3647." > > With the following: > "Each CA MUST publicly disclose its Certificate Policy and/or Certification > Practice Statement through an appropriate and readily accessible online means > that is available on a 24x7 basis. The CA SHALL publicly disclose its CA > business practices to the extent required by the CA's selected audit scheme > (see Section 17.1). > > Effective as of 31 May 2018, the CA's Certificate Policy and/or Certification > Practice Statement MUST be structured in accordance with RFC 3647. Prior to > 31 May 2018, the CA's Certificate Policy and/or Certification Practice > Statement MUST be structured in accordance with either RFC 2527 or RFC 3647. > The Certificate Policy and/or Certification Practice Statement MUST include > all material required by RFC 3647 or, if structured as such, RFC 2527." > > -- MOTION ENDS -- > > The procedure for approval of this ballot is as follows: > > Discussion (7 to 14 days) > Start Time: 2017-12-07 22:00:00 UTC > End Time: 2017-12-14 22:00:00 UTC > > Vote for approval (7 days) > Start Time: 2017-12-14 22:00:00 UTC > End Time: 2017-12-21 22:00:00 UTC > > Votes must be cast by posting an on-list reply to this thread on the Public > list. A vote in favor of the motion must indicate a clear 'yes' in the > response. A vote against must indicate a clear 'no' in the response. A vote > to abstain must indicate a clear 'abstain' in the response. Unclear responses > will not be counted. The latest vote received from any representative of a > voting member before the close of the voting period will be counted. Voting > members are listed here: https://cabforum.org/members/ > <https://cabforum.org/members/> > > In order for the motion to be adopted, two thirds or more of the votes cast > by members in the CA category and greater than 50% of the votes cast by > members in the browser category must be in favor. Quorum is shown on > CA/Browser Forum wiki. Under Bylaw 2.2(g), at least the required quorum > number must participate in the ballot for the ballot to be valid, either by > voting in favor, voting against, or abstaining. > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
