[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬6) 1 issues created: - Incorrect capitalization of RFC2119 key word in Section 4.9.7 (nitpick) (by ryancdickson) https://github.com/cabforum/servercert/issues/550 2 issues received 6 new comments: - #550 Incorrect capitalization of RFC2119 key word in Section 4.9.7 (nitpick) (2 by github-actions, ryancdickson) https://github.com/cabforum/servercert/issues/550 - #459 Add "Domain Validation Method" indicator to certificate profiles (4 by CBonnell, aaomidi, birgelee) https://github.com/cabforum/servercert/issues/459 [enhancement] [baseline-requirements] [profiles-future] [backlog] Pull requests - * cabforum/servercert (+2/-0/π¬14) 2 pull requests submitted: - SC-080: Sunset WHOIS (Version 1) (by ryancdickson) https://github.com/cabforum/servercert/pull/549 - Sunset WHOIS [Version .1] (by ryancdickson) https://github.com/cabforum/servercert/pull/548 3 pull requests received 14 new comments: - #549 SC-080: Sunset WHOIS (Version 1) (7 by XolphinMartijn, defacto64, ryancdickson, shaver, timfromdigicert, wthayer) https://github.com/cabforum/servercert/pull/549 - #548 Sunset WHOIS [Version .1] (4 by XolphinMartijn, dougbeattie, ryancdickson, shaver) https://github.com/cabforum/servercert/pull/548 - #544 SC-079 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate (3 by BenWilson-Mozilla, vanbroup) https://github.com/cabforum/servercert/pull/544 [baseline-requirements] [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-3/π¬6) 2 issues created: - Phone Contact with Domain Contact -- Is it allowed, or is it not? (by aaomidi) https://github.com/cabforum/servercert/issues/547 - 3.2.2.4.4 should probably not end with "... to Domain Contact" (by aaomidi) https://github.com/cabforum/servercert/issues/546 6 issues received 6 new comments: - #547 Phone Contact with Domain Contact -- Is it allowed, or is it not? (1 by github-actions) https://github.com/cabforum/servercert/issues/547 - #546 3.2.2.4.4 should probably not end with "... to Domain Contact" (1 by github-actions) https://github.com/cabforum/servercert/issues/546 - #466 Unify sections regarding CAA (1 by barrini) https://github.com/cabforum/servercert/issues/466 - #465 Incorrect reference in TLS BRs section 7.1 (1 by barrini) https://github.com/cabforum/servercert/issues/465 [baseline-requirements] [clean-up] - #463 Extra parenthesis in 7.1.2.7.4 Organization Validated (1 by barrini) https://github.com/cabforum/servercert/issues/463 [baseline-requirements] [clean-up] - #459 Add "Domain Validation Method" indicator to certificate profiles (1 by barrini) https://github.com/cabforum/servercert/issues/459 [enhancement] [baseline-requirements] [profiles-future] [backlog] 3 issues closed: - Clarify that defined terms which are singular apply to usages of the term which are plural https://github.com/cabforum/servercert/issues/468 [editorial] [baseline-requirements] [clean-up] - Inconsistent document formatting (Markdown vs PDF) https://github.com/cabforum/servercert/issues/462 - Minor grammatical error in 7.1.2.11.4 Subject Key Identifier https://github.com/cabforum/servercert/issues/461 [baseline-requirements] [clean-up] Pull requests - * cabforum/servercert (+1/-0/π¬1) 1 pull requests submitted: - SC-78 - Subject organizationName alignment for DBA / Assumed Name (by XolphinMartijn) https://github.com/cabforum/servercert/pull/545 [ballot] 1 pull requests received 1 new comments: - #545 SC-078 - Subject organizationName alignment for DBA / Assumed Name (1 by XolphinMartijn) https://github.com/cabforum/servercert/pull/545 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+2/-2/π¬0) 2 pull requests submitted: - SC-078 - Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate (by vanbroup) https://github.com/cabforum/servercert/pull/544 - SC-077: Update WebTrust Audit name in Section 8.4 and References (#514) (by barrini) https://github.com/cabforum/servercert/pull/543 2 pull requests merged: - Update BR.md (#517) https://github.com/cabforum/servercert/pull/537 - SC-077: Update WebTrust Audit name in Section 8.4 and References https://github.com/cabforum/servercert/pull/514 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-4/π¬7) 5 issues received 7 new comments: - #458 Replace "Applicant" with "Subscriber" in BR 4.9.1.1 (9) (1 by aarongable) https://github.com/cabforum/servercert/issues/458 [baseline-requirements] [clean-up] - #457 Amend 3.2.5 to not require IV validation for DV certificates (1 by clintwilson) https://github.com/cabforum/servercert/issues/457 [validation-sc] [clean-up] - #456 Clarify "or hosting service relationship" in BR section 9.6.3 (1 by barrini) https://github.com/cabforum/servercert/issues/456 [baseline-requirements] [clean-up] - #452 Amend ASN.1 definition of CABFOrganizationIdentifier to require at least 1 character for state/province value (1 by aarongable) https://github.com/cabforum/servercert/issues/452 [ev-guidelines] [clean-up] - #451 eddsa support (3 by BenWilson-Mozilla, barrini) https://github.com/cabforum/servercert/issues/451 4 issues closed: - Clarify CA Subscribers https://github.com/cabforum/servercert/issues/453 [baseline-requirements] [clean-up] - eddsa support https://github.com/cabforum/servercert/issues/451 - eddsa support https://github.com/cabforum/servercert/issues/451 - Clarify "specified above" in section 6.2 https://github.com/cabforum/servercert/issues/450 [baseline-requirements] [clean-up] Pull requests - * cabforum/servercert (+1/-0/π¬1) 1 pull requests submitted: - The title of section 1.2.2 is missing the section number as a prefix (by vanbroup) https://github.com/cabforum/servercert/pull/542 [ev-guidelines] [clean-up] 1 pull requests received 1 new comments: - #534 Update BR.md (1 by clintwilson) https://github.com/cabforum/servercert/pull/534 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+4/-0/π¬5) 4 issues created: - Undefined term "Eligible Audit Scheme" in Section 8.2 (by clintwilson) https://github.com/cabforum/servercert/issues/541 [clean-up] [definitions-candidate] - Section 7.1.2.8.8 is redundant (by robstradling) https://github.com/cabforum/servercert/issues/540 - One or more Reserved Certificate Policy Identifier (by XolphinMartijn) https://github.com/cabforum/servercert/issues/539 [baseline-requirements] [clean-up] - CA Certificate Certificate Policies use of Profile (by XolphinMartijn) https://github.com/cabforum/servercert/issues/538 4 issues received 5 new comments: - #541 Undefined term "Eligible Audit Scheme" in Section 8.2 (1 by github-actions) https://github.com/cabforum/servercert/issues/541 [clean-up] [definitions-candidate] - #540 Section 7.1.2.8.8 is redundant (2 by github-actions, robstradling) https://github.com/cabforum/servercert/issues/540 - #539 One or more Reserved Certificate Policy Identifier (1 by github-actions) https://github.com/cabforum/servercert/issues/539 [baseline-requirements] [clean-up] - #538 CA Certificate Certificate Policies use of Profile (1 by github-actions) https://github.com/cabforum/servercert/issues/538 Pull requests - * cabforum/servercert (+0/-0/π¬1) 1 pull requests received 1 new comments: - #534 Update BR.md (1 by ENEN-DTR) https://github.com/cabforum/servercert/pull/534 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+0/-0/π¬1) 1 pull requests received 1 new comments: - #535 Ballot SC-76: Clarify and improve OCSP requirements (1 by aarongable) https://github.com/cabforum/servercert/pull/535 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+1/-2/π¬0) 1 pull requests submitted: - Update BR.md (#517) (by barrini) https://github.com/cabforum/servercert/pull/537 2 pull requests merged: - SC-067 V3: Require Multi-Perspective Issuance Corroboration (Version 3) https://github.com/cabforum/servercert/pull/517 [baseline-requirements] [ballot] - Ballot SC-75 - Pre-sign linting https://github.com/cabforum/servercert/pull/527 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-1/π¬4) 1 issues received 4 new comments: - #449 Clarify reusability of Validation of authority (3.2.5 vs. 4.2.1) (4 by aarongable, barrini, defacto64) https://github.com/cabforum/servercert/issues/449 1 issues closed: - IP validation via ACME https://github.com/cabforum/servercert/issues/446 [clean-up] Pull requests - * cabforum/servercert (+1/-0/π¬1) 1 pull requests submitted: - Update BR to clarify that Validation of authority (3.2.5) can also be reused up to 825 days (by defacto64) https://github.com/cabforum/servercert/pull/536 1 pull requests received 1 new comments: - #470 Ballot SC-XX: Measure all hours and days to the second (1 by aarongable) https://github.com/cabforum/servercert/pull/470 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-2/π¬8) 7 issues received 8 new comments: - #499 Review of EVG cabfOrganizationIdentifier (1 by defacto64) https://github.com/cabforum/servercert/issues/499 [ev-guidelines] [validation-sc] - #454 Weak key ballot redux (1 by wthayer) https://github.com/cabforum/servercert/issues/454 [baseline-requirements] - #444 BR v2.0.0 Missing Section 7.1.5 (1 by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/444 [clean-up] - #443 Add linting requirements to the TLS BRs (1 by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/443 [enhancement] [baseline-requirements] - #442 Define (or reference an existing definition for) the expected method by which CAs are "made aware" (2 by BenWilson-Mozilla, wthayer) https://github.com/cabforum/servercert/issues/442 [baseline-requirements] - #437 Clarify when it's acceptable to "backdate" a CRL entry (1 by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/437 - #436 Explore & add transition period for CAs not compliant with profiles from SC-062 (1 by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/436 [baseline-requirements] [clean-up] 2 issues closed: - Weak key ballot redux https://github.com/cabforum/servercert/issues/454 [baseline-requirements] - Add linting requirements to the TLS BRs https://github.com/cabforum/servercert/issues/443 [enhancement] [baseline-requirements] Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Ballot SC-XX: Clarify and improve OCSP requirements (by aarongable) https://github.com/cabforum/servercert/pull/535 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+4/-0/π¬7) 4 issues created: - Clarify that non-TLS leaf Certificates are not allowed to be issued from a server TLS-capable Issuing CA (by dzacharo) https://github.com/cabforum/servercert/issues/532 [baseline-requirements] [clean-up] - Update reference related to ISO 21188:2006 (by clintwilson) https://github.com/cabforum/servercert/issues/531 [clean-up] - Update reference related to FIPS 185-4 (by clintwilson) https://github.com/cabforum/servercert/issues/530 - Update reference related to ETSI TS 102 042 (by clintwilson) https://github.com/cabforum/servercert/issues/529 [clean-up] 5 issues received 7 new comments: - #532 Clarify that non-TLS leaf Certificates are not allowed to be issued from a server TLS-capable Issuing CA (2 by CBonnell, github-actions) https://github.com/cabforum/servercert/issues/532 [baseline-requirements] [clean-up] - #531 Update reference related to ISO 21188:2006 (1 by github-actions) https://github.com/cabforum/servercert/issues/531 [clean-up] - #530 Update reference related to FIPS 185-4 (1 by github-actions) https://github.com/cabforum/servercert/issues/530 - #529 Update reference related to ETSI TS 102 042 (1 by github-actions) https://github.com/cabforum/servercert/issues/529 [clean-up] - #422 Section 4.9.10: Untangle "assigned" vs "reserved" serials, precertificates, and OCSP (2 by aarongable, jollyjustify) https://github.com/cabforum/servercert/issues/422 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬10) 1 issues created: - Clean up usage of the "Certificate Profile" Defined Term (by CBonnell) https://github.com/cabforum/servercert/issues/526 2 issues received 10 new comments: - #526 Clean up usage of the "Certificate Profile" Defined Term (2 by github-actions, timfromdigicert) https://github.com/cabforum/servercert/issues/526 [baseline-requirements] - #422 Section 4.9.10: Untangle "assigned" vs "reserved" serials, precertificates, and OCSP (8 by CBonnell, XolphinMartijn, aarongable) https://github.com/cabforum/servercert/issues/422 Pull requests - * cabforum/servercert (+2/-1/π¬0) 2 pull requests submitted: - Fix lists format (by hablutzel1) https://github.com/cabforum/servercert/pull/528 - Ballot SC-75 - Pre-sign linting (by barrini) https://github.com/cabforum/servercert/pull/527 1 pull requests merged: - Ballot SC-75 - Pre-sign linting https://github.com/cabforum/servercert/pull/518 [baseline-requirements] [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-3/π¬8) 8 issues received 8 new comments: - #435 Error in definition of "Translator" (1 by barrini) https://github.com/cabforum/servercert/issues/435 [clean-up] - #433 Proposal for automated onion service certificate issuance based on fully qualified onion service key signed certificate request (1 by barrini) https://github.com/cabforum/servercert/issues/433 - #432 Standardize format and style in CABF documents (1 by castillar) https://github.com/cabforum/servercert/issues/432 [clean-up] - #428 EVG 9.2.8 is overly restrictive for the syntax of ISO 3166-2 states/provinces (1 by XolphinMartijn) https://github.com/cabforum/servercert/issues/428 [bug] [ev-guidelines] [clean-up] - #424 RA definitions: Almost anything is an RA (1 by barrini) https://github.com/cabforum/servercert/issues/424 - #422 Section 4.9.10: Untangle "assigned" vs "reserved" serials, precertificates, and OCSP (1 by barrini) https://github.com/cabforum/servercert/issues/422 - #420 The title of the TLS BR should include a reference to TLS/serverAuth (1 by barrini) https://github.com/cabforum/servercert/issues/420 [baseline-requirements] - #417 Amend BRs to Clarify Auditing of "Parked" CA Keys (1 by barrini) https://github.com/cabforum/servercert/issues/417 [baseline-requirements] [backlog] 3 issues closed: - Clarify maximum period for DCV usage https://github.com/cabforum/servercert/issues/430 [clean-up] - Remove specific version in the WebTrust reference in section 1.6.3 https://github.com/cabforum/servercert/issues/423 [baseline-requirements] [clean-up] - The title of the TLS BR should include a reference to TLS/serverAuth https://github.com/cabforum/servercert/issues/420 [baseline-requirements] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+4/-1/π¬7) 4 issues created: - Update NCSSRs references (by srdavidson) https://github.com/cabforum/servercert/issues/525 - Conformance to the latest version of the BR is a MUST (by pfuentes69) https://github.com/cabforum/servercert/issues/524 - Update all "http" to "https" in the TLS BRs (by barrini) https://github.com/cabforum/servercert/issues/523 [clean-up] - Question: https URLs in AIA (by mtgag) https://github.com/cabforum/servercert/issues/522 4 issues received 7 new comments: - #525 Update NCSSRs references (1 by github-actions) https://github.com/cabforum/servercert/issues/525 - #524 Conformance to the latest version of the BR is a MUST (1 by github-actions) https://github.com/cabforum/servercert/issues/524 - #523 Update all "http" to "https" in the TLS BRs (2 by barrini, github-actions) https://github.com/cabforum/servercert/issues/523 [baseline-requirements] [clean-up] - #522 Question: https URLs in AIA (3 by CBonnell, github-actions, mtgag) https://github.com/cabforum/servercert/issues/522 1 issues closed: - Question: https URLs in AIA https://github.com/cabforum/servercert/issues/522 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-4/π¬11) 1 issues created: - Clarify Revocation Codes for Intermediate CAs (by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/520 8 issues received 11 new comments: - #520 Clarify Revocation Codes for Intermediate CAs (1 by AdrianMueller-sws) https://github.com/cabforum/servercert/issues/520 [baseline-requirements] - #519 The BR and Delegated OCSP responder signing certificates (4 by XolphinMartijn, arvid-vermote) https://github.com/cabforum/servercert/issues/519 - #387 TLS BR Section 8.4 reference to triennial audit (1 by barrini) https://github.com/cabforum/servercert/issues/387 [enhancement] [baseline-requirements] - #370 CP/CPS updates at least every 365 days (1 by barrini) https://github.com/cabforum/servercert/issues/370 [enhancement] [baseline-requirements] [backlog] - #341 BRs: Replace "CA" with "CA Operator" in section 8.1 (1 by barrini) https://github.com/cabforum/servercert/issues/341 [baseline-requirements] [backlog] - #321 Specify CRL validity interval (1 by barrini) https://github.com/cabforum/servercert/issues/321 [baseline-requirements] - #320 Define "PKI system" (1 by barrini) https://github.com/cabforum/servercert/issues/320 [enhancement] [baseline-requirements] [definitions-candidate] - #316 Define "Risk Assessment" (1 by barrini) https://github.com/cabforum/servercert/issues/316 [enhancement] [baseline-requirements] [clean-up] 4 issues closed: - Add reference to RFC 8954 in BR 4.9.10 https://github.com/cabforum/servercert/issues/343 [baseline-requirements] - BRs: Change Title of BRs https://github.com/cabforum/servercert/issues/337 [baseline-requirements] [clean-up] - Move all NCSSR definitions to the Baseline Requirements https://github.com/cabforum/servercert/issues/331 - Specify CRL validity interval https://github.com/cabforum/servercert/issues/321 [baseline-requirements] Pull requests - * cabforum/servercert (+1/-2/π¬1) 1 pull requests submitted: - Auto-comment on new issues stating which TLS BR and EVG versions wereβ¦ (by XolphinMartijn) https://github.com/cabforum/servercert/pull/521 1 pull requests received 1 new comments: - #518 Ballot SC-75 - Pre-sign linting (1 by dzacharo) https://github.com/cabforum/servercert/pull/518 2 pull requests merged: - Auto-comment on new issues stating which TLS BR and EVG versions wereβ¦ https://github.com/cabforum/servercert/pull/521 - Ballot SC-073: Compromised and Weak Keys (#500) https://github.com/cabforum/servercert/pull/509 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-0/π¬1) 1 issues received 1 new comments: - #267 BRs: Make nameConstraints critical (1 by robstradling) https://github.com/cabforum/servercert/issues/267 [enhancement] [baseline-requirements] [profiles-future] Pull requests - * cabforum/servercert (+2/-0/π¬1) 2 pull requests submitted: - Ballot SC-75 - Pre-sign linting (by dzacharo) https://github.com/cabforum/servercert/pull/518 - SC-067 V3: Require Multi-Perspective Issuance Corroboration (Version 3) (by ChristopherRC) https://github.com/cabforum/servercert/pull/517 1 pull requests received 1 new comments: - #507 SC-067 V2: Require Multi-Perspective Issuance Corroboration (Version 2) (1 by ChristopherRC) https://github.com/cabforum/servercert/pull/507 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬12) 2 issues created: - Authorization Domain Names π¬ (by clintwilson) https://github.com/cabforum/servercert/issues/516 - "Government Entity" Subscribers should be allowed to use a registration number in the serialNumber field (by dzacharo) https://github.com/cabforum/servercert/issues/515 [ev-guidelines] 4 issues received 12 new comments: - #516 Authorization Domain Names π¬ (1 by timfromdigicert) https://github.com/cabforum/servercert/issues/516 [baseline-requirements] [validation-sc] [definitions-candidate] - #515 "Government Entity" Subscribers should be allowed to use a registration number in the serialNumber field (3 by CBonnell, dzacharo) https://github.com/cabforum/servercert/issues/515 [ev-guidelines] - #267 BRs: Make nameConstraints critical (7 by clintwilson, defacto64, robstradling, tadahik) https://github.com/cabforum/servercert/issues/267 [enhancement] [baseline-requirements] [profiles-future] - #255 CA is prohibited from signing own server certs (1 by kyanha) https://github.com/cabforum/servercert/issues/255 [editorial] [baseline-requirements] Pull requests - * cabforum/servercert (+1/-0/π¬1) 1 pull requests submitted: - Update WebTrust Audit name in Section 8.4 and References (by clintwilson) https://github.com/cabforum/servercert/pull/514 1 pull requests received 1 new comments: - #508 Delete docs/NSR.md (1 by clintwilson) https://github.com/cabforum/servercert/pull/508 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-3/π¬9) 2 issues created: - Bring section titles in-line with RFC 3647 (by aarongable) https://github.com/cabforum/servercert/issues/513 - Remove "pointβinβtime readiness assessment" from BR 8.1 (by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/512 [baseline-requirements] 6 issues received 9 new comments: - #270 BRs: Permit 3.2.2.4.20 for onion domains? (1 by clintwilson) https://github.com/cabforum/servercert/issues/270 [enhancement] [baseline-requirements] - #268 BRs: Clarify how SRVName subjectAltNames should behave (1 by barrini) https://github.com/cabforum/servercert/issues/268 [enhancement] [baseline-requirements] - #267 BRs: Make nameConstraints critical (3 by XolphinMartijn, barrini) https://github.com/cabforum/servercert/issues/267 [enhancement] [baseline-requirements] [profiles-future] - #266 BRs: Clarify policies around notBefore and notAfter for Subscriber and CA certificates (2 by barrini, clintwilson) https://github.com/cabforum/servercert/issues/266 [baseline-requirements] - #255 CA is prohibited from signing own server certs (1 by clintwilson) https://github.com/cabforum/servercert/issues/255 [editorial] [baseline-requirements] - #254 Clarify Certificate Policies for Sub-CAs (1 by barrini) https://github.com/cabforum/servercert/issues/254 [baseline-requirements] 3 issues closed: - BRs: Permit 3.2.2.4.20 for onion domains? https://github.com/cabforum/servercert/issues/270 [enhancement] [baseline-requirements] - BRs: Clarify policies around notBefore and notAfter for Subscriber and CA certificates https://github.com/cabforum/servercert/issues/266 [baseline-requirements] - CA is prohibited from signing own server certs https://github.com/cabforum/servercert/issues/255 [editorial] [baseline-requirements] Pull requests - * cabforum/servercert (+3/-2/π¬1) 3 pull requests submitted: - Update EVG.md (by barrini) https://github.com/cabforum/servercert/pull/511 - Regulate the usage of QGIS for verification tasks (by pfuentes69) https://github.com/cabforum/servercert/pull/510 - Ballot SC-073: Compromised and Weak Keys (#500) (by barrini) https://github.com/cabforum/servercert/pull/509 1 pull requests received 1 new comments: - #507 SC-067 V2: Require Multi-Perspective Issuance Corroboration (Version 2) (1 by job) https://github.com/cabforum/servercert/pull/507 2 pull requests merged: - Update EVG.md https://github.com/cabforum/servercert/pull/511 - Ballot SC-073: Compromised and Weak Keys https://github.com/cabforum/servercert/pull/500 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Delete docs/NSR.md (by BenWilson-Mozilla) https://github.com/cabforum/servercert/pull/508 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-3/π¬13) 2 issues created: - Update to description of certificateHold (by dougbeattie) https://github.com/cabforum/servercert/issues/506 - Making CRLs required and OCSP Optional (by dougbeattie) https://github.com/cabforum/servercert/issues/505 7 issues received 13 new comments: - #506 Update to description of certificateHold (5 by clintwilson, dougbeattie, robstradling, timfromdigicert) https://github.com/cabforum/servercert/issues/506 - #505 Making CRLs required and OCSP Optional (3 by XolphinMartijn, clintwilson, wthayer) https://github.com/cabforum/servercert/issues/505 - #229 BRs: Clarify what "an appropriate way" means for wildcards and gTLDs (1 by dzacharo) https://github.com/cabforum/servercert/issues/229 [enhancement] [baseline-requirements] - #193 Standardize on date format for date of incorporation or registration (1 by barrini) https://github.com/cabforum/servercert/issues/193 [ev-guidelines] - #187 Baseline Requirements: Should Technically Constrained Sub CAs require a Key Generation report? (1 by barrini) https://github.com/cabforum/servercert/issues/187 [enhancement] [baseline-requirements] - #160 Baseline Requirements: nameConstraints definition is ambiguous (1 by barrini) https://github.com/cabforum/servercert/issues/160 [baseline-requirements] - #153 Clarify validation requirements for .arpa (1 by barrini) https://github.com/cabforum/servercert/issues/153 [baseline-requirements] [validation-sc] 3 issues closed: - BR Certificate Policy OIDS are no longer optional https://github.com/cabforum/servercert/issues/248 [baseline-requirements] [clean-up] - BRs: Clarify what "an appropriate way" means for wildcards and gTLDs https://github.com/cabforum/servercert/issues/229 [enhancement] [baseline-requirements] - Baseline Requirements: Clarify the allowed fields for issuer names https://github.com/cabforum/servercert/issues/154 [baseline-requirements] Pull requests - * cabforum/servercert (+3/-1/π¬1) 3 pull requests submitted: - SC-067 V2: Require Multi-Perspective Issuance Corroboration (Version 2) (by ChristopherRC) https://github.com/cabforum/servercert/pull/507 - SC-071 V2 - Incorporating V1 feedback (by DustinHollenback-Microsoft) https://github.com/cabforum/servercert/pull/504 - Ballot SC74: Clarify that CAs must follow the outline of Section 6 of RFC 3647 for CP/CPS documents (by dzacharo) https://github.com/cabforum/servercert/pull/503 [baseline-requirements] [ballot] 1 pull requests received 1 new comments: - #487 SC-067: Require Multi-Perspective Issuance Corroboration (Version 1) (1 by ChristopherRC) https://github.com/cabforum/servercert/pull/487 [ballot] 1 pull requests merged: - SC-071 V2 - Incorporating V1 feedback https://github.com/cabforum/servercert/pull/504 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬5) 2 issues created: - Remove extraneous "for either" in 3.2.2.4.7 (by clintwilson) https://github.com/cabforum/servercert/issues/502 [baseline-requirements] [clean-up] - Review of EVG cabfOrganizationIdentifier (by srdavidson) https://github.com/cabforum/servercert/issues/499 [ev-guidelines] 2 issues received 5 new comments: - #499 Review of EVG cabfOrganizationIdentifier (4 by CBonnell, clintwilson, srdavidson) https://github.com/cabforum/servercert/issues/499 [ev-guidelines] [validation-sc] - #354 Permit the inclusion of LEIs in Subject fields (1 by srdavidson) https://github.com/cabforum/servercert/issues/354 [validation-sc] Pull requests - * cabforum/servercert (+2/-2/π¬0) 2 pull requests submitted: - Ballot SC-XX: Modify section 3.2.2.4.7 to allow CA Assisted DNS Validβ¦ (by slghtr-says) https://github.com/cabforum/servercert/pull/501 - Ballot SC-073: Compromised and Weak Keys (by wthayer) https://github.com/cabforum/servercert/pull/500 2 pull requests merged: - SC65: Convert EVGs into RFC 3647 format v2 (#440) https://github.com/cabforum/servercert/pull/493 - Ballot SC-69: Clarify router and firewall logging requirements (#477) https://github.com/cabforum/servercert/pull/491 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬0) 1 issues created: - extKeyUsage criticality in the Root CA Certificate Profile Extension Table (Clean-Up Ballot Candidate) (by ryancdickson) https://github.com/cabforum/servercert/issues/498 Pull requests - * cabforum/servercert (+0/-0/π¬6) 1 pull requests received 6 new comments: - #487 SC-067: Require Multi-Perspective Issuance Corroboration (Version 1) (6 by romanf, timfromdigicert, tobij) https://github.com/cabforum/servercert/pull/487 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+1/-1/π¬0) 1 pull requests submitted: - SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by β¦ (by barrini) https://github.com/cabforum/servercert/pull/497 1 pull requests merged: - SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED https://github.com/cabforum/servercert/pull/490 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬1) 2 issues created: - clarify (none) use of space separators on contactphone (by tadahik) https://github.com/cabforum/servercert/issues/496 - Clarify/expand on 7.1.2 introductory paragraph (by clintwilson) https://github.com/cabforum/servercert/issues/495 [baseline-requirements] [profiles-future] 1 issues received 1 new comments: - #267 BRs: Make nameConstraints critical (1 by clintwilson) https://github.com/cabforum/servercert/issues/267 [enhancement] [baseline-requirements] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Fix wrong order for Technically Constrained CA types (by hablutzel1) https://github.com/cabforum/servercert/pull/494 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬1) 1 issues created: - Technically constrained subordinate CA certificate definition (by barrini) https://github.com/cabforum/servercert/issues/492 1 issues received 1 new comments: - #492 Technically constrained subordinate CA certificate definition (1 by barrini) https://github.com/cabforum/servercert/issues/492 [baseline-requirements] Pull requests - * cabforum/servercert (+3/-2/π¬9) 3 pull requests submitted: - SC65: Convert EVGs into RFC 3647 format v2 (#440) (by barrini) https://github.com/cabforum/servercert/pull/493 - Ballot SC-69: Clarify router and firewall logging requirements (#477) (by barrini) https://github.com/cabforum/servercert/pull/491 - SC-72 - Align policyQualifiers with BRs and make them NOT RECOMMENDED (by vanbroup) https://github.com/cabforum/servercert/pull/490 [ballot] 1 pull requests received 9 new comments: - #490 SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED (9 by CBonnell, clintwilson, dzacharo, robstradling, vanbroup) https://github.com/cabforum/servercert/pull/490 [ballot] 2 pull requests merged: - SC65: Convert EVGs into RFC 3647 format v2 https://github.com/cabforum/servercert/pull/440 [ballot] - Ballot SC-69: Clarify router and firewall logging requirements https://github.com/cabforum/servercert/pull/477 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+0/-1/π¬0) 1 pull requests merged: - SC68: Allow VATEL and VATXI https://github.com/cabforum/servercert/pull/478 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Update RDAP RFC in WHOIS definition (by vanbroup) https://github.com/cabforum/servercert/pull/489 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬2) 1 issues created: - Support the dns-account-01 ACME challenge (by wthayer) https://github.com/cabforum/servercert/issues/486 2 issues received 2 new comments: - #484 Clarify when Root CAs may stop issuing CRLs (1 by aarongable) https://github.com/cabforum/servercert/issues/484 [baseline-requirements] - #474 Consider reversing "whichever is greater" CAA language (1 by orangepizza) https://github.com/cabforum/servercert/issues/474 [baseline-requirements] [backlog] Pull requests - * cabforum/servercert (+2/-1/π¬0) 2 pull requests submitted: - Ballot SC-070: Clarify the use of DTPs for domain control validation β¦ (by barrini) https://github.com/cabforum/servercert/pull/488 - SC-067: Require Multi-Perspective Issuance Corroboration (Version 1) (by ChristopherRC) https://github.com/cabforum/servercert/pull/487 1 pull requests merged: - Ballot SC-070: Clarify the use of DTPs for domain control validation https://github.com/cabforum/servercert/pull/475 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-2/π¬17) 2 issues created: - Clarify when Root CAs may stop issuing CRLs (by aarongable) https://github.com/cabforum/servercert/issues/484 - "trusted roles" in 5.2.2 is not capitalized (by clintwilson) https://github.com/cabforum/servercert/issues/481 [baseline-requirements] [clean-up] 2 issues received 17 new comments: - #484 Clarify when Root CAs may stop issuing CRLs (16 by BenWilson-Mozilla, CBonnell, aarongable, techliaison, timfromdigicert) https://github.com/cabforum/servercert/issues/484 [baseline-requirements] [clean-up] - #169 Baseline Requirements: Replace 3.2.2.5.6/.7 with RFC 8738 (1 by barrini) https://github.com/cabforum/servercert/issues/169 [enhancement] [baseline-requirements] [clean-up] 2 issues closed: - Change "Random Number" with "Random Value" in the BRs https://github.com/cabforum/servercert/issues/174 [editorial] [baseline-requirements] [clean-up] - Baseline Requirements: Replace 3.2.2.5.6/.7 with RFC 8738 https://github.com/cabforum/servercert/issues/169 [enhancement] [baseline-requirements] [clean-up] Pull requests - * cabforum/servercert (+3/-3/π¬0) 3 pull requests submitted: - Update BR.md (by DustinHollenback-Microsoft) https://github.com/cabforum/servercert/pull/485 - Interim version of SC67 (by BenWilson-Mozilla) https://github.com/cabforum/servercert/pull/483 - Update BR.md (by DustinHollenback-Microsoft) https://github.com/cabforum/servercert/pull/482 3 pull requests merged: - Update BR.md https://github.com/cabforum/servercert/pull/485 - Interim version of SC67 https://github.com/cabforum/servercert/pull/483 - Update BR.md https://github.com/cabforum/servercert/pull/482 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+2/-0/π¬0) 2 pull requests submitted: - Correct the reasons for not needing the AIA in OCSP certificates (by hablutzel1) https://github.com/cabforum/servercert/pull/480 - Remove outdated text (by hablutzel1) https://github.com/cabforum/servercert/pull/479 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+2/-1/π¬0) 2 pull requests submitted: - SC68: Allow VATEL and VATXI (by barrini) https://github.com/cabforum/servercert/pull/478 - SC-69: Clarify router and firewall logging requirements (by XolphinMartijn) https://github.com/cabforum/servercert/pull/477 1 pull requests merged: - Allow VATEL for organizationIdentifier https://github.com/cabforum/servercert/pull/473 [ev-guidelines] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-0/π¬1) 1 issues received 1 new comments: - #436 Explore & add transition period for CAs not compliant with profiles from SC-062 (1 by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/436 [baseline-requirements] [clean-up] Pull requests - * cabforum/servercert (+0/-0/π¬1) 1 pull requests received 1 new comments: - #475 Ballot SC-068: Clarify the use of DTPs for domain control validation (1 by aarongable) https://github.com/cabforum/servercert/pull/475 [ballot] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬1) 1 issues created: - Consider reversing "whichever is greater" CAA language (by clintwilson) https://github.com/cabforum/servercert/issues/474 [baseline-requirements] [backlog] 1 issues received 1 new comments: - #474 Consider reversing "whichever is greater" CAA language (1 by hablutzel1) https://github.com/cabforum/servercert/issues/474 [baseline-requirements] [backlog] Pull requests - * cabforum/servercert (+3/-1/π¬1) 3 pull requests submitted: - Update branch for BRs pointing to new sections of EVGs (by barrini) https://github.com/cabforum/servercert/pull/476 - Ballot SC-XX: Clarify the use of DTPs for domain control validation (by aarongable) https://github.com/cabforum/servercert/pull/475 - Allow VATEL for organizationIdentifier (by dzacharo) https://github.com/cabforum/servercert/pull/473 [ev-guidelines] 1 pull requests received 1 new comments: - #470 Ballot SC-XX: Measure all hours and days to the second (1 by timfromdigicert) https://github.com/cabforum/servercert/pull/470 1 pull requests merged: - Update branch for BRs pointing to new sections of EVGs https://github.com/cabforum/servercert/pull/476 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬3) 2 issues created: - Clarify effective date for EKUs allowed in Intermediate CA Certificates (by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/472 - Merge language of BRs 9.16.3 and EVG 8.1 (by dzacharo) https://github.com/cabforum/servercert/issues/471 [baseline-requirements] [ev-guidelines] 2 issues received 3 new comments: - #466 Unify sections regarding CAA (2 by ryancdickson, srdavidson) https://github.com/cabforum/servercert/issues/466 - #384 Prohibit the inclusion of dataEncipherment and keyAgreement KU bits (1 by vanbroup) https://github.com/cabforum/servercert/issues/384 [validation-sc] [profiles-future] Pull requests - * cabforum/servercert (+0/-1/π¬0) 1 pull requests merged: - Fall 2023 clean up https://github.com/cabforum/servercert/pull/460 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Pull requests - * cabforum/servercert (+0/-0/π¬1) 1 pull requests received 1 new comments: - #327 Ballot SC52 (1 by ceron972) https://github.com/cabforum/servercert/pull/327 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬3) 1 issues created: - Inconsistency in the use of policyQualifiers in the EVGs and TLS BRs (by ChristopherRC) https://github.com/cabforum/servercert/issues/469 3 issues received 3 new comments: - #469 Inconsistency in the use of policyQualifiers in the EVGs and TLS BRs (1 by XolphinMartijn) https://github.com/cabforum/servercert/issues/469 - #442 Define (or reference an existing definition for) the expected method by which CAs are "made aware" (1 by wthayer) https://github.com/cabforum/servercert/issues/442 [baseline-requirements] - #361 Workaround for DNS Fragmentation attacks (1 by ChristopherRC) https://github.com/cabforum/servercert/issues/361 [validation-sc] Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Ballot SC-XX: Measure all hours and days to the second (by aarongable) https://github.com/cabforum/servercert/pull/470 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-0/π¬1) 1 issues received 1 new comments: - #466 Unify sections regarding CAA (1 by srdavidson) https://github.com/cabforum/servercert/issues/466 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+3/-0/π¬7) 3 issues created: - Inconsistency in the use of the defined term "High Risk Certificate Request" (by dzacharo) https://github.com/cabforum/servercert/issues/468 [editorial] [baseline-requirements] [clean-up] - Improve EVG 11.13 and 11.8.4 to clarify that automatic issuance is permitted (by CBonnell) https://github.com/cabforum/servercert/issues/467 [ev-guidelines] [validation-sc] - Unify sections regarding CAA (by aarongable) https://github.com/cabforum/servercert/issues/466 3 issues received 7 new comments: - #468 Inconsistency in the use of the defined term "High Risk Certificate Request" (4 by XolphinMartijn, bcmorton, dzacharo) https://github.com/cabforum/servercert/issues/468 [editorial] [baseline-requirements] [clean-up] - #467 Improve EVG 11.13 and 11.8.4 to clarify that automatic issuance is permitted (2 by CBonnell, MadZeg) https://github.com/cabforum/servercert/issues/467 [ev-guidelines] [validation-sc] - #466 Unify sections regarding CAA (1 by bcmorton) https://github.com/cabforum/servercert/issues/466 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬0) 1 issues created: - Incorrect reference in TLS BRs section 7.1 (by dzacharo) https://github.com/cabforum/servercert/issues/465 [baseline-requirements] [clean-up] Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Update BR.md (by slghtr-says) https://github.com/cabforum/servercert/pull/464 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-0/π¬1) 1 issues received 1 new comments: - #361 Workaround for DNS Fragmentation attacks (1 by wthayer) https://github.com/cabforum/servercert/issues/361 [validation-sc] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬7) 1 issues created: - Inconsistent document formatting (Markdown vs PDF) (by ryancdickson) https://github.com/cabforum/servercert/issues/462 4 issues received 7 new comments: - #462 Inconsistent document formatting (Markdown vs PDF) (4 by barrini, dzacharo) https://github.com/cabforum/servercert/issues/462 - #353 Define standard CAA semantics for limiting cert issuance (1 by CBonnell) https://github.com/cabforum/servercert/issues/353 [validation-sc] - #352 Require DNSSEC validation for CAA records when the domain is DNSSEC enabled (1 by CBonnell) https://github.com/cabforum/servercert/issues/352 [validation-sc] - #153 Clarify validation requirements for .arpa (1 by CBonnell) https://github.com/cabforum/servercert/issues/153 [question] [baseline-requirements] [validation-sc] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-0/π¬1) 1 issues received 1 new comments: - #432 Standardize format and style in CABF documents (1 by ryancdickson) https://github.com/cabforum/servercert/issues/432 [clean-up] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-4/π¬16) 8 issues received 16 new comments: - #229 BRs: Clarify what "an appropriate way" means for wildcards and gTLDs (2 by barrini, dzacharo) https://github.com/cabforum/servercert/issues/229 [enhancement] [baseline-requirements] - #201 BRs: Clarify that the problem reporting method must be itself be available via a readily accessible online means (1 by barrini) https://github.com/cabforum/servercert/issues/201 [bug] [baseline-requirements] - #196 BRs: Clarify the relationship between id-kp-clientAuth, BR Policy OIDs, and the Scope of the BRs (1 by barrini) https://github.com/cabforum/servercert/issues/196 [baseline-requirements] - #187 Baseline Requirements: Should Technically Constrained Sub CAs require a Key Generation report? (4 by BenWilson-Mozilla, barrini, pfuentes69) https://github.com/cabforum/servercert/issues/187 [enhancement] [baseline-requirements] - #186 Subscriber key pair generation by the CA, and private key control verification (5 by BenWilson-Mozilla, XolphinMartijn, barrini, defacto64) https://github.com/cabforum/servercert/issues/186 [baseline-requirements] - #180 Baseline Requirements: "Log entries" in 5.4.1 is ambiguous (1 by barrini) https://github.com/cabforum/servercert/issues/180 [baseline-requirements] - #160 Baseline Requirements: nameConstraints definition is ambiguous (1 by barrini) https://github.com/cabforum/servercert/issues/160 [baseline-requirements] - #154 Baseline Requirements: Clarify the allowed fields for issuer names (1 by barrini) https://github.com/cabforum/servercert/issues/154 [baseline-requirements] 4 issues closed: - Subscriber key pair generation by the CA, and private key control verification https://github.com/cabforum/servercert/issues/186 [baseline-requirements] - BRs: Clarify that the problem reporting method must be itself be available via a readily accessible online means https://github.com/cabforum/servercert/issues/201 [bug] [baseline-requirements] - BRs: Clarify the relationship between id-kp-clientAuth, BR Policy OIDs, and the Scope of the BRs https://github.com/cabforum/servercert/issues/196 [baseline-requirements] - Baseline Requirements: "Log entries" in 5.4.1 is ambiguous https://github.com/cabforum/servercert/issues/180 [baseline-requirements] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-0/π¬1) 1 issues received 1 new comments: - #459 Add "Domain Validation Method" indicator to certificate profiles (1 by vanbroup) https://github.com/cabforum/servercert/issues/459 [enhancement] [baseline-requirements] [profiles-future] [backlog] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬3) 2 issues created: - Minor grammatical error in 7.1.2.11.4 Subject Key Identifier (by clintwilson) https://github.com/cabforum/servercert/issues/461 [baseline-requirements] [clean-up] - Add "Domain Validation Method" indicator to certificate profiles (by clintwilson) https://github.com/cabforum/servercert/issues/459 [enhancement] [baseline-requirements] [profiles-future] [backlog] 2 issues received 3 new comments: - #461 Minor grammatical error in 7.1.2.11.4 Subject Key Identifier (2 by barrini, romanf) https://github.com/cabforum/servercert/issues/461 [baseline-requirements] [clean-up] - #446 IP validation via ACME (1 by barrini) https://github.com/cabforum/servercert/issues/446 [clean-up] Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Fall 2023 clean up (by barrini) https://github.com/cabforum/servercert/pull/460 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+3/-0/π¬3) 3 issues created: - Replace "Applicant" with "Subscriber" in BR 4.9.1.1 (9) (by CBonnell) https://github.com/cabforum/servercert/issues/458 [baseline-requirements] [clean-up] - Amend 3.2.5 to not require IV validation for DV certificates (by CBonnell) https://github.com/cabforum/servercert/issues/457 [validation-sc] [clean-up] - Clarify "or hosting service relationship" in BR section 9.6.3 (by CBonnell) https://github.com/cabforum/servercert/issues/456 [baseline-requirements] [clean-up] 1 issues received 3 new comments: - #458 Replace "Applicant" with "Subscriber" in BR 4.9.1.1 (9) (3 by aarongable, dzacharo) https://github.com/cabforum/servercert/issues/458 [baseline-requirements] [clean-up] Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Bump actions/checkout from 3 to 4 (by dependabot) https://github.com/cabforum/servercert/pull/455 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬10) 1 issues created: - Weak key ballot redux (by wthayer) https://github.com/cabforum/servercert/issues/454 9 issues received 10 new comments: - #453 Clarify CA Subscribers (1 by barrini) https://github.com/cabforum/servercert/issues/453 [baseline-requirements] [clean-up] - #450 Clarify "specified above" in section 6.2 (1 by barrini) https://github.com/cabforum/servercert/issues/450 [baseline-requirements] [clean-up] - #446 IP validation via ACME (1 by barrini) https://github.com/cabforum/servercert/issues/446 [clean-up] - #444 BR v2.0.0 Missing Section 7.1.5 (1 by barrini) https://github.com/cabforum/servercert/issues/444 [clean-up] - #438 Fix links in 7.1.2.10.2 (1 by barrini) https://github.com/cabforum/servercert/issues/438 [editorial] [clean-up] - #436 Explore & add transition period for CAs not compliant with profiles from SC-062 (1 by barrini) https://github.com/cabforum/servercert/issues/436 [baseline-requirements] [clean-up] - #432 Standardize format and style in CABF documents (1 by barrini) https://github.com/cabforum/servercert/issues/432 [clean-up] - #430 Clarify maximum period for DCV usage (2 by aarongable, barrini) https://github.com/cabforum/servercert/issues/430 [clean-up] - #337 BRs: Change Title of BRs (1 by barrini) https://github.com/cabforum/servercert/issues/337 [baseline-requirements] [clean-up] Pull requests - * cabforum/servercert (+0/-1/π¬0) 1 pull requests merged: - Proposal: Make OCSP Optional, Require CRLs, and Incentivize Automatioβ¦ https://github.com/cabforum/servercert/pull/441 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬3) 2 issues created: - Clarify CA Subscribers (by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/453 - Amend ASN.1 definition of CABFOrganizationIdentifier to require at least 1 character for state/province value (by CBonnell) https://github.com/cabforum/servercert/issues/452 [ev-guidelines] 3 issues received 3 new comments: - #453 Clarify CA Subscribers (1 by BenWilson-Mozilla) https://github.com/cabforum/servercert/issues/453 [baseline-requirements] [clean-up] - #400 "Certificate request" - Revisit usage (1 by CBonnell) https://github.com/cabforum/servercert/issues/400 - #153 Clarify validation requirements for .arpa (1 by CBonnell) https://github.com/cabforum/servercert/issues/153 [question] [baseline-requirements] [validation-sc] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬0) 2 issues created: - eddsa support (by bmeirellesRJ) https://github.com/cabforum/servercert/issues/451 - Clarify "specified above" in section 6.2 (by wthayer) https://github.com/cabforum/servercert/issues/450 [baseline-requirements] [clean-up] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+2/-0/π¬0) 2 issues created: - Clarify reusability of Validation of authority (3.2.5 vs. 4.2.1) (by defacto64) https://github.com/cabforum/servercert/issues/449 - CAA checking for Onion Domain Names (by CBonnell) https://github.com/cabforum/servercert/issues/448 [validation-sc] Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+1/-0/π¬1) 1 issues created: - IP validation via ACME (by timfromdigicert) https://github.com/cabforum/servercert/issues/446 1 issues received 1 new comments: - #446 IP validation via ACME (1 by ryancdickson) https://github.com/cabforum/servercert/issues/446 Pull requests - * cabforum/servercert (+1/-0/π¬0) 1 pull requests submitted: - Remove "additional" from first sentence of Β§14.2.2 (by defacto64) https://github.com/cabforum/servercert/pull/447 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+4/-1/π¬12) 4 issues created: - BR v2.0.0 Redline Inconsistent Naming (by AaronP-ATS) https://github.com/cabforum/servercert/issues/445 - BR v2.0.0 Missing Section 7.1.5 (by AaronP-ATS) https://github.com/cabforum/servercert/issues/444 - Add linting requirements to the TLS BRs (by clintwilson) https://github.com/cabforum/servercert/issues/443 [enhancement] [baseline-requirements] - Define (or reference an existing definition for) the expected method by which CAs are "made aware" (by clintwilson) https://github.com/cabforum/servercert/issues/442 [baseline-requirements] 4 issues received 12 new comments: - #445 BR v2.0.0 Redline Inconsistent Naming (1 by barrini) https://github.com/cabforum/servercert/issues/445 - #444 BR v2.0.0 Missing Section 7.1.5 (1 by barrini) https://github.com/cabforum/servercert/issues/444 [clean-up] - #443 Add linting requirements to the TLS BRs (8 by dzacharo, robstradling, romanf, ryancdickson, timfromdigicert) https://github.com/cabforum/servercert/issues/443 [enhancement] [baseline-requirements] - #169 Baseline Requirements: Replace 3.2.2.5.6/.7 with RFC 8738 (2 by barrini, ryancdickson) https://github.com/cabforum/servercert/issues/169 [enhancement] [baseline-requirements] 1 issues closed: - BR v2.0.0 Redline Inconsistent Naming https://github.com/cabforum/servercert/issues/445 Pull requests - * cabforum/servercert (+1/-1/π¬0) 1 pull requests submitted: - Proposal: Make OCSP Optional, Require CRLs, and Incentivize Automatioβ¦ (by barrini) https://github.com/cabforum/servercert/pull/441 1 pull requests merged: - Proposal: Make OCSP Optional, Require CRLs, and Incentivize Automation / Short-Lived Certificates https://github.com/cabforum/servercert/pull/414 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
[Servercert-wg] Weekly github digest (Server Certificate Working Group)
Issues -- * cabforum/servercert (+0/-0/π¬1) 1 issues received 1 new comments: - #438 Fix links in 7.1.2.10.2 (1 by CBonnell) https://github.com/cabforum/servercert/issues/438 [editorial] [clean-up] Pull requests - * cabforum/servercert (+1/-0/π¬2) 1 pull requests submitted: - EVGs based on RFC3647 (by barrini) https://github.com/cabforum/servercert/pull/440 1 pull requests received 2 new comments: - #440 EVGs based on RFC3647 (2 by barrini, ryancdickson) https://github.com/cabforum/servercert/pull/440 Repositories tracked by this digest: --- * https://github.com/cabforum/servercert ___ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg