[cabfpub] Ballot 106 - Extended deadline to prohibit OCSP good response for non-issued certificates

Rich Smith richard.smith at comodo.com
Tue Jul 23 20:21:34 UTC 2013


Kelvin,

I'm against this ballot.  Not because I necessarily believe that we
shouldn't allow more time to comply, but because this ballot is, necessarily
due to the impending deadline, being rushed through and it adds a full year
to the current deadline.  I don't think that is warranted today, or at least
I don't think we currently have enough information to say it's warranted, or
that we will not just be rushing to extend it or do away with it again next
year.

 

I think that if we are going to extend the deadline with a rushed, eleventh
hour ballot we should only extend it by 90 days.  Tom made some valid points
regarding this requirement possibly presenting some security concerns for
enterprises and in light of that I'm open to some additional discussion and
study of the ramifications of this requirement.  90 days should be ample
time to gather additional information and discuss this in more depth than we
can do in the next 2 weeks, with the deadline looming and many people in
summer holiday mode.  Towards the end of the 90 day extension, based upon
study, discussion, and hopefully some additional knowledge of the overall
situation perhaps we can then discuss pushing the deadline to August 1,
2014, but IMO going that far out without having some significant questions
answered is ill-advised.

 

Regards,

Rich

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Ben Wilson
Sent: Tuesday, July 23, 2013 12:44 PM
To: public at cabforum.org
Subject: [cabfpub] Ballot 106 - Extended deadline to prohibit OCSP good
response for non-issued certificates

 

Ballot 106 - Extended Deadline to Prohibit OCSP "Good" Response for
Non-Issued Certificates

 

Given that several CAs have notified the CA/Browser Forum that they will be
unable to comply with the 1-August-2013 deadline by which OCSP responders
MUST NOT respond with a "good" status for unissued certificates, and that a
one-year extension of this deadline is an appropriate timeframe by which
these CAs should be able to come into compliance;

 

Kelvin Yiu made the following motion, and Eddy Nigg from StartCom,  Ryan
Hurst from GlobalSign,  and Iida Yosiaki from SECOM, and Inigo Barreira of
Izenpe endorsed it: 

 

Motion Begins 

 

EFFECTIVE RETROACTIVELY TO 1 AUGUST 2013,

 

The last sentence of Section 13.2.6 of the Baseline Requirements (Response
for non-issued certificates) is hereby amended to read as follows:   

 

"Effective 1 August 2014, OCSP responders MUST NOT respond with a "good"
status for such certificates."

 

Motion Ends

 

The ballot review period comes into effect immediately upon posting today
(Tuesday, 23 July 2013) and will close at 2200 UTC on Tuesday, 30 July 2013.
Unless the ballot is withdrawn or modified during the review period, the
voting period will start immediately thereafter and will close at 2200 UTC
on Tuesday, 6 August 2013.  If the ballot is modified for reasons other than
to correct minor typographical errors, then the ballot will be deemed to
have been withdrawn.

 

Votes must be cast by posting an on-list reply to this thread.

 

A vote in favor of the ballot must indicate a clear 'yes' in the response.

 

A vote against the ballot must indicate a clear 'no' in the response. A vote
to abstain must indicate a clear 'abstain' in the response. Unclear
responses will not be counted. The latest vote received from any
representative of a voting member before the close of the voting period will
be counted.

 

Voting members are listed here: http://www.cabforum.org/forum.html

 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and more than one half of the votes cast by
members in the browser category must be in favor. Also, quorum is currently
set at seven (7) members-- at least seven members must participate in the
ballot, either by voting in favor, voting against, or by abstaining for the
vote to be valid.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130723/3c6a4a71/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6391 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130723/3c6a4a71/attachment-0003.bin>


More information about the Public mailing list