[Servercert-wg] [Voting Begins] Ballot SC-75 v3 - Pre-sign linting

Adrian Mueller adrian.mueller at swisssign.com
Tue Jun 25 15:09:03 UTC 2024


SwissSign votes YES on Ballot SC-75 v3.

 

 

Best regards



Adrian

 

Adrian Michael Mueller

Product Manager Certificate Services

 

+41 43 811 05 97

 <mailto:adrian.mueller at swisssign.com> adrian.mueller at swisssign.com

 

 

Von: Servercert-wg < <mailto:servercert-wg-bounces at cabforum.org>
servercert-wg-bounces at cabforum.org> Im Auftrag von Dimitris Zacharopoulos
(HARICA) via Servercert-wg
Gesendet: Wednesday, June 19, 2024 12:13 PM
An: CA/B Forum Server Certificate WG Public Discussion List <
<mailto:servercert-wg at cabforum.org> servercert-wg at cabforum.org>
Betreff: [Servercert-wg] [Voting Begins] Ballot SC-75 v3 - Pre-sign linting

 

Voting begins for this ballot.


SC-75 v3 Pre-sign linting


Summary


There have been numerous compliance incidents publicly disclosed by CAs in
which they failed to comply with the technical requirements described in
standards associated with the issuance and management of publicly-trusted
TLS Certificates. However, the industry has developed open-source tools,
linters, that are free to use and can help CAs avoid certificate
misissuance. Using such linters before issuing a precertificate from a
Publicly-Trusted CA (pre-issuance linting) can prevent the mis-issuance in a
wide variety of cases.

The following motion has been proposed by Dimitris Zacharopoulos of HARICA
and endorsed by Corey Bonnell of Digicert and Ben Wilson of Mozilla.

You can view the GitHub pull request representing this ballot here
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fcabforum%2Fservercert%2Fpull%2F518&data=05%7C02%7Cadrian.mueller%40swiss
sign.com%7C2f47bf241f75431067d208dc9454b41d%7C21322582607f404c82d950ddb1eca5
c9%7C1%7C0%7C638548338739419912%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=PwayD0etgl
vMvhcYvzqnNGl1oZM%2FKKxdCNmpJQnU7pQ%3D&reserved=0> . 


Motion Begins


MODIFY the "Baseline Requirements for the Issuance and Management of
Publicly-Trusted TLS Server Certificates" based on Version 2.0.5 as
specified in the following redline:

*
https://github.com/cabforum/servercert/compare/20af1b271f2b689344ae353d3e78d
c6b772199db...d809c41bc063109e15d46bfe1b5ad6403d823381 


Motion Ends


This ballot proposes a Final Maintenance Guideline. The procedure for
approval of this ballot is as follows:


Discussion (at least 7 days)


*	Start time: 2024-06-12 06:30:00 UTC
*	End time: on or after 2024-06-19 06:30:00 UTC


Vote for approval (7 days)


*	Start time: 2024-06-19 10:00:00 UTC
*	End time: 2024-06-26 10:00:00 UTC

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240625/b180eedd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7790 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240625/b180eedd/attachment-0001.p7s>


More information about the Servercert-wg mailing list