That also works. DZ.
May 21, 2024 11:08:29 Martijn Katerbarg <martijn.katerb...@sectigo.com>: > Regarding the contributing… I’m not even sure it should be a SHOULD. > I like adding it as a guidance for CAs, especially any new CA that may start > from scratch reading the BRs. So how about “CAs are encouraged to contribute > to existing open-source linters”? > *From: *Servercert-wg <servercert-wg-boun...@cabforum.org> on behalf of > Dimitris Zacharopoulos via Servercert-wg <servercert-wg@cabforum.org> > *Date: *Tuesday, 21 May 2024 at 10:05 > *To: *Inigo Barreira <inigo.barre...@sectigo.com> > *Cc: *CA/B Forum Server Certificate WG Public Discussion List > <servercert-wg@cabforum.org> > *Subject: *Re: [Servercert-wg] Ballot SC-75 - Pre-sign linting > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > I see, it was added as a hint for CAs to also assist in improving these open > source linting tools like some CAs have done in the past. As part of a > SHOULD, it would be helpful to get some CAs involved into building and > improving existing lints. > > I can remove the parenthesis and add it as a clear SHOULD if this is helpful. > > Will this work better? > > > Dimitris > > PS: I will respond to Ryan's post later this week after consulting with the > co-sponsors. > > May 21, 2024 10:31:41 Inigo Barreira <inigo.barre...@sectigo.com>: > > Sure, in the last para of section 4.3.1.2, the sentence “… but CAs SHOULD use > (and help improve) the Linting tools …” and I was suggesting removing that > “(and help improve)” because IMO this can´t go in the main > requirement/recommendation and “the help to improve” be seen as another > requirement instead of a suggestion or willing to act which I think is what > you had in mind. > *De:* Dimitris Zacharopoulos <dzach...@harica.gr> > *Enviado el:* lunes, 20 de mayo de 2024 22:01 > *Para:* Inigo Barreira <inigo.barre...@sectigo.com> > *CC:* CA/B Forum Server Certificate WG Public Discussion List > <servercert-wg@cabforum.org> > *Asunto:* Re: [Servercert-wg] Ballot SC-75 - Pre-sign linting > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > Hello Inigo, > > Can you be more specific? Which part of the ballot redline seems to need an > update/removal? > > > Thanks, > > DZ. > > May 20, 2024 21:03:50 Inigo Barreira <inigo.barre...@sectigo.com>: > > Hi Dimitris, > I don´t know if the “(help to improve)” is adding any additional hidden > requirement. IMO, I´d remove that. > Regards > *De:* Servercert-wg <servercert-wg-boun...@cabforum.org> *En nombre de > *Dimitris Zacharopoulos (HARICA) via Servercert-wg > *Enviado el:* lunes, 20 de mayo de 2024 19:57 > *Para:* CA/B Forum Server Certificate WG Public Discussion List > <servercert-wg@cabforum.org> > *Asunto:* [Servercert-wg] Ballot SC-75 - Pre-sign linting > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > **SC-75 Pre-sign linting** > > **Summary** > > There have been numerous compliance incidents publicly disclosed by CAs in > which they failed to comply with the technical requirements described in > standards associated with the issuance and management of publicly-trusted TLS > Certificates. However, the industry has developed open-source tools, linters, > that are free to use and can help CAs avoid certificate misissuance. Using > such linters before issuing a precertificate from a Publicly-Trusted CA > (pre-issuance linting) can prevent the mis-issuance in a wide variety of > cases. > > The following motion has been proposed by Dimitris Zacharopoulos of HARICA > and endorsed by Corey Bonnell of Digicert and Ben Wilson of Mozilla. > > You can view the GitHub pull request representing this ballot > here[https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fpull%2F518&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C0c51c3574574452dd83b08dc796cc04b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638518755212271312%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=fxB%2FDgdORRnLCaLhp5bosMwYTwnC4%2BP9GX7cHna0N5I%3D&reserved=0]. > > > > **Motion Begins** > > MODIFY the "Baseline Requirements for the Issuance and Management of > Publicly-Trusted TLS Server Certificates" based on Version 2.0.4 as specified > in the following redline: > > * > https://github.com/cabforum/servercert/compare/049237e096650fe01f67780b7c24bd5211ee3038...ada5d6e0db76b32be28d64edd7b0677bbef9c2f5[https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fservercert%2Fcompare%2F049237e096650fe01f67780b7c24bd5211ee3038...ada5d6e0db76b32be28d64edd7b0677bbef9c2f5&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C0c51c3574574452dd83b08dc796cc04b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638518755212284502%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=p6NEvIFNST35dk8S9z4VOHk1MzyDmtodSboof68v5Y8%3D&reserved=0] > > > **Motion Ends** > > This ballot proposes a Final Maintenance Guideline. The procedure for > approval of this ballot is as follows: > > > **Discussion (at least 7 days)** > > * Start time: 2024-05-20 18:00:00 UTC > * End time: on or after 2024-05-27 18:00:00 UTC > > **Vote for approval (7 days)** > > * Start time: TBD > * End time: TBD
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
