[Servercert-wg] Ballot SC15 version 1: Remove Validation Method Number 9
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Mon Jan 21 01:42:06 MST 2019
"Prior validations using this method and validation data gathered
according to this method may not be used to issue certificates."
If the intent is to prohibit re-use of this validation information for
new Certificates once the BRs incorporating this ballot become
effective, then "MAY NOT" is probably weak here. "MUST NOT" or "SHALL
NOT" seems more appropriate.
Dimitris.
On 17/1/2019 10:17 μ.μ., Doug Beattie via Servercert-wg wrote:
>
> **
>
> Ballot SC15: Remove Validation Method Number 9
>
> Purpose of Ballot: Method 9, Test Certificate, is insecure when web
> hosting platforms use a single IP address for more than one Domain
> Name, so this method must not be used.
>
> The following motion has been proposed by Doug Beattie of GlobalSign
> and endorsed by Bruce Morton of Entrust Datacard and Ryan Sleevi of
> Google.
>
> --- MOTION BEGINS ---
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as follows, based on
> Version 1.6.2:
>
> Replace the content of section 3.2.2.4.9 with:
>
> This method has been retired and MUST NOT be used. Prior validations
> using this method and validation data gathered according to this
> method may not be used to issue certificates.
>
> --- MOTION ENDS ---
>
> *** WARNING ***: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE
> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
> A comparison of the changes can be found at:
> https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC15---Remove-Method-9
>
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: 2019-01-17 15:30 Eastern
>
> End Time: 2019-01-24 15:30 Eastern
>
> Vote for approval (7 days)
>
> Start Time: TBD
>
> End Time: TBD
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190121/b1f427f5/attachment.html>
More information about the Servercert-wg
mailing list