VikingCloud votes NO on SC-59 v2.
From: Servercert-wg <[email protected]> On Behalf Of Tom
Zermeno via Servercert-wg
Sent: Thursday, July 6, 2023 12:18 PM
To: Infrastructure Bot via Servercert-wg <[email protected]>
Subject: [Servercert-wg] Voting Period Begins - Ballot SC-59 v2 "Weak Key
Guidance"
Caution: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
Purpose of the Ballot SC-59
This ballot proposes updates to the Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates related to the identification and
revocation of certificates with private keys that were generated in a manner
that may make them susceptible to easy decryption. It specifically deals with
Debian weak keys, ROCA, and Close Primes Vulnerability.
Notes:
* Thank you to the participants who voiced opinions and concerns about the
previous version of the ballot. While there were many concerns about the
inclusion of the Debian weak keys checks, we have decided to leave the checks
in the ballot. Our reasoning is that we wanted to strengthen the guidance
statements, to help CAs ensure compliant certificate generation. Future
reviews of the BRs may cull the requirements, as is required by the needs of
the community.
* We believe that the requested date of November 15, 2023, will allow
enough time for Certificate Authorities to enact any changes to their systems
to ensure that they perform the weak key checks on all CSRs submitted for TLS
certificates.
* The changes introduced in SC-59 do not conflict with any of the recent
ballots. As observed with other ballots in the past, minor administrative
updates must be made to the proposed ballot text before publication such that
the appropriate Version # and Change History are accurately represented (e.g.,
to indicate these changes will be represented in Version 2.0.1).
The following motion has been proposed by Thomas Zermeno of SSL.com and has
been endorsed by Martijn Katerbarg of Sectigo and Ben Wilson of Mozilla.
- Motion Begins -
This ballot modifies the "Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates" ("Baseline Requirements"), based on Version
2.0.0.
MODIFY the Baseline Requirements as specified in the following Redline:
https://github.com/cabforum/servercert/compare/a0360b61e73476959220dc328e3b68d0224fa0b3...SSLcom:servercert:958e6ccac857b826fead6e4bd06d58f4fdd7fa7a
- Motion Ends -
The procedure for approval of this ballot is as follows:
Discussion (7 days)
* Start time: 2023-06-26 22:00:00 UTC
* End time: 2023-07-03 21:59:59 UTC
Vote for approval (7 days)
* Start Time: 2023-07-06 17:00:00
* End Time: 2023-07-13 16:59:59
Company Registration Details
VikingCloud is the registered business name of Sysxnet Limited. Sysxnet Limited
is registered in Ireland under company registration number 147176 and its
registered office is at 1st Floor, Block 71a, The Plaza, Park West Business
Park, Dublin 12, Ireland.
Email Disclaimer
The information contained in this communication is intended solely for the use
of the individual or entity to whom it is addressed and others authorized to
receive it. It may contain confidential or legally privileged information. If
you are not the intended recipient you are hereby notified that any disclosure,
copying, distribution or taking any action in reliance on the contents of this
information is strictly prohibited and may be unlawful. If you have received
this communication in error, please notify us immediately by responding to this
email and then delete it from your system. Sysxnet Limited is neither liable
for the proper and complete transmission of the information contained in this
communication nor for any delay in its receipt..
_______________________________________________
Servercert-wg mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/servercert-wg
