SC-74 - Clarify CP/CPS structure according to RFC 3647
Summary
The TLS Baseline Requirements require in section 2.2 that:
/"The Certificate Policy and/or Certification Practice Statement MUST be
structured in accordance with RFC 3647 and MUST include all material
required by RFC 3647."/
The intent of this language was to ensure that all CAs' CP and/or CPS
documents contain a similar structure, making it easier to review and
compare against the BRs. However, there was some ambiguity as to the
actual structure that CAs should follow. After several discussions in
the SCWG Public Mailing List
<https://lists.cabforum.org/pipermail/servercert-wg/2023-November/004070.html>
and F2F meetings, it was agreed that more clarity should be added to the
existing requirement, pointing to the outline described in section 6 of
RFC 3647.
The following motion has been proposed by Dimitris Zacharopoulos
(HARICA) and endorsed by Aaron Poulsen (Amazon) and Tim Hollebeek
(Digicert).
You can view the github pull request representing this ballot here
<https://github.com/cabforum/servercert/pull/503>.
Motion Begins
MODIFY the "Baseline Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates" based on Version 2.0.4 as
specified in the following redline:
*
https://github.com/cabforum/servercert/compare/c4a34fe2292022e0a04ba66b5a85df75907ac2a2...f6a90e2a652fbb7a2d62a976b70f4af3adce8dae
Motion Ends
This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:
Discussion (at least 7 days)
* Start time: 2024-04-25 16:30:00 UTC
* End time: on or after 2024-05-02 16:30:00 UTC
Vote for approval (7 days)
* Start time: TBD
* End time: TBD
_______________________________________________
Servercert-wg mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/servercert-wg
