Re: [Servercert-wg] Voting Period Begins: Ballot SC-078 - Subject organizationName alignment for DBA / Assumed Name

[chtsai]

TWCA votes Yes on ballot SC-078

Best Regards

蔡家宏 Chya-Hung Tsai
認證研發部CA研發處 處長
Tel: +886-2-2370-8886 ext. 722
Fax: +886-2-2388-6720
Email: cht...@twca.com.tw
[cid:image006.jpg@01D8A68E.04296C20]
12台北市延平南路85號10樓
https://www.twca.com.tw


From: Servercert-wg  On Behalf Of Martijn 
Katerbarg via Servercert-wg
Sent: Tuesday, September 17, 2024 9:20 PM
To: CA/B Forum Server Certificate WG Public Discussion List 

Subject: [Servercert-wg] Voting Period Begins: Ballot SC-078 - Subject 
organizationName alignment for DBA / Assumed Name

Summary
The TLS Baseline Requirements currently state an OV certificate may contain 
either a DBA / Assumed Name or Legal Name. The EVGs and SBRs allow for the 
common format of "DBA (Legal Name)". This ballot aims to align the practices 
for OV certificates with this.

While still allowing the inclusion of the sole DBA / Assumed Name, it will also 
allow for the "DBA (Legal Name)" format to be used, allowing CAs to align 
practices with the EVG and SBRs.

The following motion has been proposed by Martijn Katerbarg (Sectigo) and 
endorsed by Clint Wilson (Apple) and Enrico Entschew (D-Trust).

Motion Begins
MODIFY the "Baseline Requirements for the Issuance and Management of 
Publicly-Trusted Certificates" ("Baseline Requirements") based on Version 2.0.7 
as specified in the following redline:

https://github.com/cabforum/servercert/compare/ba28d04894d69c8fac62850b9d0de5061658c7c5...d69373c35ff72121a912b69b060ff89f32d41383

Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval 
of this ballot is as follows:

Discussion (at least 7 days)

  *   Start time: 2024-09-10 13:00 UTC
  *   End time: 2024-09-17 13:20 UTC

Vote for approval (7 days)

  *   Start time: 2024-09-17 13:20 UTC
  *   End time: 2024-09-24 13:20 UTC


___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Re: [Servercert-wg] VOTING Period Begins - Ballot SC-077: Update WebTrust Audit name in Section 8.4 and References

[chtsai]

TWCA votes YES on ballot SC-077.

Best regards,
ChtaHung Tsai

From: Servercert-wg  On Behalf Of Clint 
Wilson via Servercert-wg
Sent: Wednesday, August 14, 2024 1:05 AM
To: ServerCert CA/BF 
Subject: [Servercert-wg] VOTING Period Begins - Ballot SC-077: Update WebTrust 
Audit name in Section 8.4 and References

Purpose of Ballot

CPA Canada has separated the audit criteria which map to the Network and 
Certificate System Security Requirements (NCSSRs) from the audit criteria which 
map to the TLS Baseline Requirements (TBRs). As a result, the requirements in 
Section 8.4 are out of date for audits which use the updated/separated audit 
criteria. However, we also need to ensure the combined audit criteria are able 
to be used until fully deprecated by CPA Canada and/or Root Programs stop 
accepting them.

This ballot modifies Section 8.4 to allow for a CA to be audited against either:

  *   WebTrust Principles and Criteria for Certification Authorities – SSL 
Baseline with Network Security; or
  *   WebTrust Principles and Criteria for Certification Authorities – SSL 
Baseline AND WebTrust Principles and Criteria for Certification Authorities – 
Network Security

Motion

The following motion has been proposed by Clint Wilson (Apple) and endorsed by 
Dimitris Zacharopoulos (HARICA) and Trevoli Ponds-White (Amazon)

You can view and comment on the Github pull request representing this ballot 
here.

Motion Begins

MODIFY the "Baseline Requirements for the Issuance and Management of 
Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements") based 
on Version 2.0.5 as specified in the following redline:

  *   
https://github.com/cabforum/servercert/compare/20af1b271f2b689344ae353d3e78dc6b772199db...a9d3e3b6e514cf8b4d44ace625a447108c04a91c

Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval 
of this ballot is as follows:

Discussion (at least 7 days)

  *   Start time: August 6, 2024 17:00 UTC
  *   End time: on or after August 13, 2024 17:00 UTC

Vote for approval (7 days)

  *   Start time: August 13, 2024 17:00 UTC
  *   End time: August 20, 2024 17:00 UTC
___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Re: [Servercert-wg] [Voting Begins] Ballot SC-75 v3 - Pre-sign linting

[chtsai]

TWCA  votes "yes" to ballot SC-75v3

ChyaHung Tsai

From: Servercert-wg  On Behalf Of Dimitris 
Zacharopoulos (HARICA) via Servercert-wg
Sent: Wednesday, June 19, 2024 6:13 PM
To: CA/B Forum Server Certificate WG Public Discussion List 

Subject: [Servercert-wg] [Voting Begins] Ballot SC-75 v3 - Pre-sign linting

Voting begins for this ballot.
SC-75 v3 Pre-sign linting
Summary

There have been numerous compliance incidents publicly disclosed by CAs in 
which they failed to comply with the technical requirements described in 
standards associated with the issuance and management of publicly-trusted TLS 
Certificates. However, the industry has developed open-source tools, linters, 
that are free to use and can help CAs avoid certificate misissuance. Using such 
linters before issuing a precertificate from a Publicly-Trusted CA 
(pre-issuance linting) can prevent the mis-issuance in a wide variety of cases.

The following motion has been proposed by Dimitris Zacharopoulos of HARICA and 
endorsed by Corey Bonnell of Digicert and Ben Wilson of Mozilla.

You can view the GitHub pull request representing this ballot 
here.

Motion Begins

MODIFY the "Baseline Requirements for the Issuance and Management of 
Publicly-Trusted TLS Server Certificates" based on Version 2.0.5 as specified 
in the following redline:

  *   
https://github.com/cabforum/servercert/compare/20af1b271f2b689344ae353d3e78dc6b772199db...d809c41bc063109e15d46bfe1b5ad6403d823381

Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval 
of this ballot is as follows:

Discussion (at least 7 days)

  *   Start time: 2024-06-12 06:30:00 UTC
  *   End time: on or after 2024-06-19 06:30:00 UTC

Vote for approval (7 days)

  *   Start time: 2024-06-19 10:00:00 UTC
  *   End time: 2024-06-26 10:00:00 UTC

___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Re: [Servercert-wg] [Voting Begins] Ballot SC-74 - Clarify CP/CPS structure according to RFC 3647

[chtsai]

TWCA votes "yes" to ballot SC-74.


From: Servercert-wg  On Behalf Of Dimitris 
Zacharopoulos (HARICA) via Servercert-wg
Sent: Sunday, May 5, 2024 4:25 PM
To: CA/B Forum Server Certificate WG Public Discussion List 

Subject: [Servercert-wg] [Voting Begins] Ballot SC-74 - Clarify CP/CPS 
structure according to RFC 3647

Voting begins for ballot SC-74.

SC-74 - Clarify CP/CPS structure according to RFC 3647
Summary

The TLS Baseline Requirements require in section 2.2 that:

"The Certificate Policy and/or Certification Practice Statement MUST be 
structured in accordance with RFC 3647 and MUST include all material required 
by RFC 3647."

The intent of this language was to ensure that all CAs' CP and/or CPS documents 
contain a similar structure, making it easier to review and compare against the 
BRs. However, there was some ambiguity as to the actual structure that CAs 
should follow. After several discussions in the SCWG Public Mailing 
List
 and F2F meetings, it was agreed that more clarity should be added to the 
existing requirement, pointing to the outline described in section 6 of RFC 
3647.

The following motion has been proposed by Dimitris Zacharopoulos (HARICA) and 
endorsed by Aaron Poulsen (Amazon) and Tim Hollebeek (Digicert).

You can view the github pull request representing this ballot 
here.

Motion Begins

MODIFY the "Baseline Requirements for the Issuance and Management of 
Publicly-Trusted TLS Server Certificates" based on Version 2.0.4 as specified 
in the following redline:

  *   
https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae

Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval 
of this ballot is as follows:

Discussion (at least 7 days)

  *   Start time: 2024-04-25 16:30:00 UTC
  *   End time: on or after 2024-05-02 16:30:00 UTC

Vote for approval (7 days)

  *   Start time: 2024-05-05 8:30:00 UTC
  *   End time: 2024-05-12 8:30:00 UTC

___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Re: [Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and Weak Keys

[chtsai]

TWCA  votes "Yes" to Ballot SC-073

From: Servercert-wg  On Behalf Of Wayne 
Thayer via Servercert-wg
Sent: Friday, April 26, 2024 8:00 AM
To: CA/B Forum Server Certificate WG Public Discussion List 

Subject: [Servercert-wg] Voting Period Begins - Ballot SC-073: Compromised and 
Weak Keys


Purpose of Ballot SC-073

This ballot proposes updates to the Baseline Requirements for the Issuance and 
Management of Publicly-Trusted TLS Server Certificates related to weak and 
compromised private keys. These changes lie primarily in Section 
6.1.1.3:

  *   6.1.1.3(4) clarifies that, for the purpose of this requirement, CAs shall 
be made aware of compromised keys using their existing notification 
mechanism(s).
  *   6.1.1.3(5) improves guidance for CAs around the detection of weak keys. 
Should this ballot pass, these changes become effective on November 15, 2024.

Notes:

  *   This ballot builds on the extensive work done by SSL.com in creating 
ballot SC-59v2 Weak Key Guidance. SSL.com’s contributions are appreciated.
  *   Thanks to Rob Stradling of Sectigo for the generation and publication of 
the set of Debian weak keys referenced in this ballot.
  *   The Debian weak keys requirements have been discussed extensively, 
including in the following threads: 
https://lists.cabforum.org/pipermail/servercert-wg/2024-March/004291.html and 
https://lists.cabforum.org/pipermail/servercert-wg/2024-April/004422.html
  *   This ballot does not appear to conflict with any other ballots that are 
currently under discussion.



The following motion has been proposed by Wayne Thayer of Fastly, and endorsed 
by Brittany Randall of GoDaddy and Bruce Morton of Entrust.

— Motion Begins —

This ballot modifies the “Baseline Requirements for the Issuance and Management 
of Publicly-Trusted Certificates” (“Baseline Requirements”), based on Version 
2.0.3.

MODIFY the Baseline Requirements for the Issuance and Management of 
Publicly-Trusted TLS Server Certificates as specified in the following Redline:

Here is a link to the immutable GitHub redline: 
https://github.com/cabforum/servercert/compare/a65402cff89affe1fc0a1f0e49807c7e42e1608a...bee10c8e4a56815bffd59fab12cbd4044baa7cc0

— Motion Ends —

This ballot proposes a Final Maintenance Guideline. The procedure for approval 
of this ballot is as follows:

Discussion (7+ days)

  *   Start time: 2024-04-18 00:00:00 UTC
  *   End time: 2024-04-26 00:00:00 UTC

Vote for approval (7 days)

  *   Start time: 2024-04-26 00:00:00 UTC
  *   End time: 2024-05-03 00:00:00 UTC
___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg

Re: [Servercert-wg] [Voting Period Begins]: SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

[chtsai]

TWCA votes ‘Yes’ on ballot SC-72


From: Servercert-wg  On Behalf Of Paul van 
Brouwershaven via Servercert-wg
Sent: Monday, March 25, 2024 8:01 PM
To: CA/B Forum Server Certificate WG Public Discussion List 

Subject: [Servercert-wg] [Voting Period Begins]: SC-72 - Delete except to 
policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED

This ballot updates the TLS Extended Validation Guidelines (EVGs) by removing 
the exceptions to policyQualifiers​ in section 9.7, to align them with the 
Baseline Requirements (BRs).

The following motion has been proposed by Paul van Brouwershaven (Entrust) and 
endorsed by Dimitris Zacharopoulos (HARICA) and Iñigo Barreira (Sectigo).

--- Motion Begins ---

This ballot modifies the “Guidelines for the Issuance and Management of 
Extended Validation Certificates” (“EV Guidelines”) as follows, based on 
version 1.8.1:

MODIFY the Extended Validation Guidelines as specified in the following 
redline: 
https://github.com/cabforum/servercert/compare/8e7fc7d5cac0cc27c44fe2aa88cf45f5606f4b94...7b9bb1dbfd41b1d0459b8a985ed629ad841ce122

--- Motion Ends ---

Discussion (at least 7 days):
- Start: 2024-03-15 10:00 UTC
- End no earlier than 2024-03-22 10:00 UTC

Vote for approval (7 days):
- Start: 2024-03-25 12:00 UTC
- End: 2024-04-01 12:00 UTC
Any email and files/attachments transmitted with it are intended solely for the 
use of the individual or entity to whom they are addressed. If this message has 
been sent to you in error, you must not copy, distribute or disclose of the 
information it contains. Please notify Entrust immediately and delete the 
message from your system.
___
Servercert-wg mailing list
Servercert-wg@cabforum.org
https://lists.cabforum.org/mailman/listinfo/servercert-wg