[Servercert-wg] Draft Ballot for Cleanups

Ryan Sleevi sleevi at google.com
Thu Oct 17 17:14:08 MST 2019


On Thu, Oct 17, 2019 at 7:59 PM Jacob Hoffman-Andrews via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> I'm working my way through the diffs, and overall this looks great. Thanks
> for putting it together. I do notice there's one important Effective Date
> that's in the past but you haven't removed: 1 July 2012, the overall
> effective date of the BRs. Is there any reason not to remove this one as
> well?
>

Nope! No strong view.


> There are also some effective dates in 6.1.5. Key Sizes, such as "Validity
> period ending on or before 31 Dec 2013 / Validity period ending after 31
> Dec 2013" (for Subscriber certificates). I think we can get rid of that one
> (but not necessarily the ones for Root CA Certificates and Subordinate CA
> Certificates, because those can have very long lifetimes).
>

Er, I'm looking at
https://github.com/cabforum/documents/compare/master...sleevi:2019-07-Cleanups
and 6.1.5 and not seeing that. That is,
https://github.com/cabforum/documents/commit/89f738b02545b63febbc89e5fbfb4a7ac5cf20ed
tried
to comprehensively fix that (minus a little formatting snafu the next one
fixed)


>
> In the same vein, 4.2.2. Approval or Rejection of Certificate Applications
> has a long section that starts with: "CAs SHOULD NOT issue Certificates
> containing a new gTLD under consideration by ICANN." I believe this whole
> section is irrelevant since 2015, because gTLDs that don't yet exist are
> "Internal Names" (i.e. not rooted in the global DNS), and are forbidden for
> that reason. We can remove the whole section and replace the first sentence
> with a MUST NOT. But this should probably be a separate ballot because it
> touches a fair bit of normative language.
>

Same question - wrong branch?
https://github.com/cabforum/documents/commit/5ec37f13dc5783549c8ddfbb52658c3d2190999c
should
have covered that?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/00bdb7f6/attachment-0001.html>


More information about the Servercert-wg mailing list