[cabfpub] Ballot 173 - Removal of requirement to cease use of private key due to incorrect certificate info

Robin Alden robin at comodo.com
Wed Jul 27 17:09:25 UTC 2016


Comodo votes 'Yes' for ballot 173.

Regards
Robin Alden
Comodo

> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Dimitris Zacharopoulos
> Sent: 27 July 2016 15:01
> To: CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of
> private key due to incorrect certificate info
> 
> HARICA votes "yes" for ballot 173.
> 
> Dimitris.
> 
> 
> > On 26 Ιουλ 2016, at 20:10, Ben Wilson <ben.wilson at digicert.com> wrote:
> >
> > DigiCert votes "yes".
> >
> > -----Original Message-----
> > From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Dean Coclin
> > Sent: Friday, July 22, 2016 6:28 PM
> > To: Josh Aas <josh at letsencrypt.org>; CABFPub <public at cabforum.org>
> > Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of
> private key due to incorrect certificate info
> >
> > Thanks Josh. So for clarification for others voting,  the revised ballot
> includes the 45 day effective date.
> >
> > -----Original Message-----
> > From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Josh Aas
> > Sent: Friday, July 22, 2016 7:49 PM
> > To: CABFPub <public at cabforum.org>
> > Subject: Re: [cabfpub] Ballot 173 - Removal of requirement to cease use of
> private key due to incorrect certificate info
> >
> > To clarify, my YES vote includes the 45-day waiting period before the
> changes take effect.
> >
> > All votes from this point on should be for the ballot as originally proposed
> but with a 45 day waiting period before the changes take effect. Thanks.
> >
> >> On Fri, Jul 22, 2016 at 4:30 PM, Josh Aas <josh at letsencrypt.org> wrote:
> >> Let's Encrypt votes YES
> >>
> >>> On Thu, Jul 14, 2016 at 9:17 AM, Josh Aas <josh at letsencrypt.org> wrote:
> >>> Ballot 173 - Removal of requirement to cease use of private key due
> >>> to incorrect certificate info
> >>>
> >>> The following motion has been proposed by Josh Aas of ISRG / Let's
> >>> Encrypt. Ben Wilson of Digicert and Chris Bailey of Entrust endorse.
> >>>
> >>> Background:
> >>>
> >>> BR Section 9.6.3 point 5 says:
> >>>
> >>> "Reporting and Revocation: An obligation and warranty to promptly
> >>> cease using a Certificate and its associated Private Key, and
> >>> promptly request the CA to revoke the Certificate, in the event that:
> >>> (a) any information in the Certificate is, or becomes, incorrect or
> >>> inaccurate, or (b) there is any actual or suspected misuse or
> >>> compromise of the Subscriber’s Private Key associated with the Public
> >>> Key included in the Certificate;"
> >>>
> >>> There is a problem here, which is that this requires a subscriber to
> >>> stop using a private key just because information in a certificate is
> >>> inaccurate or incorrect. People should stop using a cert with
> >>> inaccurate or incorrect information, but they shouldn't be required
> >>> to stop using a key pair unless there is known or suspected compromise.
> >>>
> >>> This is particularly problematic for HPKP.
> >>>
> >>> --Motion Begins--
> >>>
> >>> Effective upon the date of passage, the following modifications are
> >>> made to the Baseline Requirements:
> >>>
> >>> Change the following text in Section 9.6.3:
> >>> =======================
> >>> Reporting and Revocation: An obligation and warranty to promptly
> >>> cease using a Certificate and its associated Private Key, and
> >>> promptly request the CA to revoke the Certificate, in the event that:
> >>> (a) any information in the Certificate is, or becomes, incorrect or
> >>> inaccurate, or (b) there is any actual or suspected misuse or
> >>> compromise of the Subscriber’s Private Key associated with the Public
> >>> Key included in the Certificate; =======================
> >>>
> >>> To:
> >>> =======================
> >>> Reporting and Revocation: An obligation and warranty to: (a) promptly
> >>> request revocation of the Certificate, and cease using it and its
> >>> associated Private Key, if there is any actual or suspected misuse or
> >>> compromise of the Subscriber’s Private Key associated with the Public
> >>> Key included in the Certificate; and (b) promptly request revocation
> >>> of the Certificate, and cease using it, if any information in the
> >>> Certificate is or becomes incorrect or inaccurate.
> >>> =======================
> >>>
> >>> --Motion Ends--
> >>>
> >>> The review period for this ballot shall commence at 2200 UTC on 14
> >>> July 2016, and will close at 2200 UTC on 21 July 2016. Unless the
> >>> motion is withdrawn during the review period, the voting period will
> >>> start immediately thereafter and will close at 2200 UTC on 28 July
> >>> 2016. Votes must be cast by posting an on-list reply to this thread.
> >>>
> >>> A vote in favor of the motion must indicate a clear 'yes' in the
> >>> response. A vote against must indicate a clear 'no' in the response.
> >>> A vote to abstain must indicate a clear 'abstain' in the response.
> >>> Unclear responses will not be counted. The latest vote received from
> >>> any representative of a voting member before the close of the voting
> >>> period will be counted. Voting members are listed here:
> >>> https://cabforum.org/members/
> >>>
> >>> In order for the motion to be adopted, two thirds or more of the
> >>> votes cast by members in the CA category and greater than 50% of the
> >>> votes cast by members in the browser category must be in favor.
> >>> Quorum is currently ten (10) members– at least ten members must
> >>> participate in the ballot, either by voting in favor, voting against, or
> abstaining.
> >>>
> >>> --
> >>> Josh Aas
> >>> Executive Director
> >>> Internet Security Research Group
> >>> Let's Encrypt: A Free, Automated, and Open CA
> >>
> >>
> >>
> >> --
> >> Josh Aas
> >> Executive Director
> >> Internet Security Research Group
> >> Let's Encrypt: A Free, Automated, and Open CA
> >
> >
> >
> > --
> > Josh Aas
> > Executive Director
> > Internet Security Research Group
> > Let's Encrypt: A Free, Automated, and Open CA
> _______________________________________________
> > Public mailing list
> > Public at cabforum.org
> > https://cabforum.org/mailman/listinfo/public
> > _______________________________________________
> > Public mailing list
> > Public at cabforum.org
> > https://cabforum.org/mailman/listinfo/public
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5152 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160727/6e860c16/attachment-0001.p7s>


More information about the Public mailing list