[Servercert-wg] Ballot SC15: Remove Validation Method Number 9

Ryan Sleevi sleevi at google.com
Thu Jan 17 12:43:25 MST 2019


Doug:

What about previously completed validations? Can/should they be reused? I
don't think so, and that certainly aligns with various root program
requirements, but I'm curious if it was intentional.

On Thu, Jan 17, 2019 at 2:21 PM Bruce Morton via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> I will endorse.
>
>
>
> Bruce.
>
>
>
> *From:* Servercert-wg [mailto:servercert-wg-bounces at cabforum.org] *On
> Behalf Of *Doug Beattie via Servercert-wg
> *Sent:* January 17, 2019 2:21 PM
> *To:* servercert-wg at cabforum.org
> *Subject:* [EXTERNAL][Servercert-wg] Ballot SC15: Remove Validation
> Method Number 9
>
>
>
>
>
> I’m looking for 2 endorsers.
>
>
>
>
>
> Ballot SC15: Remove Validation Method Number 9
>
>
>
> Purpose of Ballot:  Method 9, Test Certificate, is insecure when web
> hosting platforms use a single IP address for more than one Domain Name, so
> this method must not be used.
>
>
>
> The following motion has been proposed by Doug Beattie of GlobalSign and
> endorsed by XXX and YYY
>
>
>
> --- MOTION BEGINS ---
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as follows, based on Version
> 1.6.2:
>
>
>
> Replace the content of section 3.2.2.4.9 with:
>
>
>
> This method has been retired and MUST NOT be used.
>
>
>
>
>
> --- MOTION ENDS ---
>
>
>
> *** WARNING ***: USE AT YOUR OWN RISK.  THE REDLINE BELOW IS NOT THE
> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
>
>
> A comparison of the changes can be found at:
> https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC15---Remove-Method-9
>
>
>
>
>
> The procedure for approval of this ballot is as follows:
>
>
>
> Discussion (7+ days)
>
>
>
> Start Time: TBD
>
>
>
> End Time: TBD
>
>
>
> Vote for approval (7 days)
>
>
>
> Start Time: TBD
>
>
>
> End Time: TBD
>
>
>
>
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190117/6b375632/attachment.html>


More information about the Servercert-wg mailing list