Thank you to Ben Wilson for offering to endorse. Thank you also to Bruce Morton, Wayne Thayer, and Antonios Eleftheriadis for providing feedback on the proposed ballot text. I have made minor updates per their comments, and am still seeking a second endorser.
Aaron On Fri, Aug 9, 2024 at 11:54 AM Aaron Gable <[email protected]> wrote: > This ballot has grown out of discussions around whether OCSP responses > must be made available for Precertificates, and how quickly they must be > made available after initial issuance. Much of that conversation is > captured in this bugzilla incident > <https://bugzilla.mozilla.org/show_bug.cgi?id=1905419> and this Mozilla > issue <https://github.com/mozilla/pkipolicy/issues/280>. > > In addition, I've often felt like Sections 4.9.9 and 4.9.10 are poorly > laid out, with little rhyme or reason as to why any particular requirement > lives in one section or the other. RFC 3647 says that Section 4.9.10 is > meant to place requirements on relying parties, not on CAs, which explains > much of the confusion. > > The result is a total rearrangement of Sections 4.9.9 and 4.9.10. This > ballot empties 4.9.10, moves all of its requirements into 4.9.9, and > arranges them into three sections: > - A few definitions (which apply only in this section); > - Requirements which apply to OCSP Responders whose URLs are found in the > AIA OCSP field of certificates; and > - Requirements which apply to all OCSP Responses, regardless of how it was > queried. > > The PR representing this ballot is here: > https://github.com/cabforum/servercert/pull/535 > > Please let me know if you have any comments or suggested changes on the > GitHub PR, and please let me know if you'd be willing to endorse. > > Thank you, > Aaron >
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
