Hi Trevoli, thanks for the feedback! All: since it looks like we're going to have to create a V2 ballot and re-start the discussion period, please provide any other feedback that you have ASAP so that all feedback can be incorporated before I begin V2.
On Wed, Aug 28, 2024 at 12:41 PM Ponds-White, Trev <[email protected]> wrote: > Hi Aaron G., > > > > We have some feedback on the ballot. > > Can you add the word “first” into the sentence about 15 minutes to > reinforce that we are discussing just the first published response. Not > responses associated with status changes. We think this will improve > clarity and future litigation of this requirements. So the new sentence > would read “starting no more than 15 minutes after the Certificate or > Precertificate is *first* published or otherwise made available.” > Happy to make this change. > > Do we need “using any current or previous key associated with that CA > subject;”? What is additional clarity is that trying to provide? It kind of > reads as an endorsement of reusing keys for new CAs. > This line is carried forward from the existing language, and I didn't feel like I had a strong reason to change it. But I'm happy to remove it (serial uniqueness is covered by RFC 5280) since others think it is superfluous. > > When we read the lines starting at line 1391 we thought it might be more > clear if there was a line break after the first sentence. So it would look > like this instead: > > “If the OCSP responder receives a request for the status of a certificate > serial number that is "unassigned", then the responder SHOULD NOT respond > with a "good" status. > > If the OCSP responder is for a CA that is not Technically Constrained in > line with [Section > 7.1.2.3](#7123-technically-constrained-non-tls-subordinate-ca-certificate-profile) > or [Section > 7.1.2.5](#7125-technically-constrained-tls-subordinate-ca-certificate-profile), > the responder MUST NOT respond with a "good" status for such requests." > I'd actually prefer not to make this change. The second sentence ends with "...for such requests", and I think it is important that the antecedent of that phrase be within the same paragraph. Thanks, Aaron
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
