[Servercert-wg] Voting Begins on Ballot SC43 Version 2: Clarify Acceptable Status Codes
Ryan Sleevi
sleevi at google.com
Thu Apr 1 18:28:19 UTC 2021
Like HARICA, we share concerns that the understandably reasonable attempt
to add an effective date has created significant issues for this. This is
further expanded upon in
https://archive.cabforum.org/pipermail/servercert-wg/2021-April/002604.html
, and these are hopefully easily fixed and will result in a resubmission of
this ballot.
However, because we didn't catch these during the discussion period, for
Ballot SC43v2, Google votes NO.
On Thu, Apr 1, 2021 at 1:35 PM Dimitris Zacharopoulos (HARICA) via
Servercert-wg <servercert-wg at cabforum.org> wrote:
>
> I just saw that the effective date of the acceptable status codes
> (1-Jul-2021) was added to section 1.2.1 in the revisions table which is
> incorrect. In my understanding this is not a place to add normative
> requirements and besides, it only captures the effective date of the full
> version of the document, not a specific requirement.
>
> Therefore, I'm afraid HARICA must vote NO to this ballot.
>
>
> Dimitris.
>
>
>
> On 1/4/2021 7:01 μ.μ., Niko Carpenter via Servercert-wg wrote:
>
> Purpose of Ballot:
>
>
>
> This ballot clarifies the allowed HTTP status codes used for following
> redirects in domain validation methods 18 and 19, and specifies that the
> target URI must come from the Location response header.
>
> In Section 3.2.2.4.18 and 3.2.2.4.19, it replaces
>
> "Redirects MUST be the result of an HTTP status code result within the 3xx
> Redirection class of status codes, as defined in RFC 7231, Section 6.4."
> with the following:
>
>
>
> * "Redirects MUST be the result of a 301, 302, 307, or 308 HTTP status
> code response."
>
> * "Redirects MUST be to resource URLs contained in the Location HTTP
> response header."
>
>
>
> The following motion has been proposed by Niko Carpenter of SecureTrust
> and endorsed by Corey Bonnell of DigiCert and Ryan Sleevi of Google.
>
>
>
> --MOTION BEGINS--
>
>
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as defined in the following
> redline, based on Version 1.7.3:
>
>
>
>
> https://github.com/cabforum/servercert/compare/2b7720f7821764f0ea9d0d583ec5c61896a3f4cd..bd7915249a0360a28fe37b785c367d70645c7e8f
> <https://scanmail.trustwave.com/?c=4062&d=9LHc4Ck8YCR0KMOI3EcCF7H8pVIBPn0qiNiZpinsag&s=5&u=https%3a%2f%2fgithub%2ecom%2fcabforum%2fservercert%2fcompare%2f2b7720f7821764f0ea9d0d583ec5c61896a3f4cd%2e%2ebd7915249a0360a28fe37b785c367d70645c7e8f>
>
>
>
> --MOTION ENDS--
>
>
>
> This ballot proposes a Final Maintenance Guideline.
>
>
>
> The procedure for approval of this ballot is as follows:
>
>
>
> Discussion (7+ days)
>
>
>
> Start Time: 11-March 2021 21:30 UTC
>
>
>
> End Time: 01-April 2021 16:00 UTC
>
>
>
> Vote for approval (7 days)
>
>
>
> Start Time: 01-April 2021 16:00 UTC
>
>
>
> End Time: 08-April 2021 16:00 UTC
>
>
>
>
> *Niko Carpenter *Software Engineer
>
> www.securetrust.com
> <http://scanmail.trustwave.com/?c=4062&d=9LHc4Ck8YCR0KMOI3EcCF7H8pVIBPn0qiIrO8S3hag&s=5&u=http%3a%2f%2fwww%2esecuretrust%2ecom>
>
>
>
> *2020 Best PCI Compliance Provider Winner – Card Not Present Awards*
>
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
> received this transmission in error, please immediately contact the sender
> and destroy the material in its entirety, whether in electronic or hard
> copy format.
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
> received this transmission in error, please immediately contact the sender
> and destroy the material in its entirety, whether in electronic or hard
> copy format.
>
> _______________________________________________
> Servercert-wg mailing listServercert-wg at cabforum.orghttps://lists.cabforum.org/mailman/listinfo/servercert-wg
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210401/9a85787e/attachment-0001.html>
More information about the Servercert-wg
mailing list