New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Baseline Requirements: Update CAA from 6844 to 8659 #168
Comments
We can also remove the verbiage added by ballot 219 ("CAs MAY treat a non-empty CAA Resource Record Set that does not contain any issue property tags (and also does not contain any issuewild property tags when performing CAA processing for a Wildcard Domain Name) as permission to issue, provided that no records in the CAA Resource Record Set otherwise prohibit issuance."), since RFC 8659 explicitly specifies the handling of that scenario. |
* Cleanup typos and issues from SC17 Closes #152 * Fix an incorrect reference from 3.2.5 to 3.2.2.5 Closes #155 * Fix typo: compliancy -> compliance Closes #159 * Cleanup old effective date for CP/CPSes Closes #161 * Update effective date for 3.2.2.4.6 Closes #163 * Move weak key lookups into 24-hour revocation Closes #164 * Align Section 6.1.1.3 with 4.9.1.1 Closes #171 * Replace RFC 6844 with RFC 8659 Closes #168 * Clarify that revocation is permitted if required by CP/CPS/BRs Closes #172 * Correct links to US gov't denial lists Closes #76 * Add a definition for CA Key Pair #127 * Clarify CA Key Pair generation (#23) Close #184 * Attempt to clarify policy OIDs (#21) Attempts to resolve #179 by introducing the term "Server Certificate" to distinguish from Subscriber Certificate (which may include Subordinate CAs), and to scope the requirements around identity information to only Server Certificates * Fixup formatting issues in the PDF * Fix issues spotted by Corey Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Cleanup EVG terminology * Clarify organizationIdentifier contents As requested by Mads from Buypass in https://archive.cabforum.org/pipermail/servercert-wg/2020-August/002148.html * Apply further suggestions from Corey Correct Subscriber -> Applicant in additional places Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Spelling, formatting, punctuation improvements (#31) * Where a word was spelling multiple ways (e.g. organization & organisation) consolidate on whichever form is the majority used * MD formatting improvements (e.g. 5 numeral headings updated to have 5 '#' instead of 4) * More consistent punctuation in section headings (e.g. '3.2.2.4.*:' vs '3.2.2.4.*') * More correct - I hope - extension values (e.g. extKeyUsage instead of extendedKeyUsage) * Improved, but identical - I hope - terminology (e.g. key purposes instead of usages where context is id-kp-*) * Various minor spelling corrections (e.g. jursidiction -> jurisdiction, Certifiation -> Certification, etc.) Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com>
* Cleanup typos and issues from SC17 Closes #152 * Fix an incorrect reference from 3.2.5 to 3.2.2.5 Closes #155 * Fix typo: compliancy -> compliance Closes #159 * Cleanup old effective date for CP/CPSes Closes #161 * Update effective date for 3.2.2.4.6 Closes #163 * Move weak key lookups into 24-hour revocation Closes #164 * Align Section 6.1.1.3 with 4.9.1.1 Closes #171 * Replace RFC 6844 with RFC 8659 Closes #168 * Clarify that revocation is permitted if required by CP/CPS/BRs Closes #172 * Correct links to US gov't denial lists Closes #76 * Add a definition for CA Key Pair #127 * Clarify CA Key Pair generation (#23) Close #184 * Attempt to clarify policy OIDs (#21) Attempts to resolve #179 by introducing the term "Server Certificate" to distinguish from Subscriber Certificate (which may include Subordinate CAs), and to scope the requirements around identity information to only Server Certificates * Fixup formatting issues in the PDF * Fix issues spotted by Corey Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Cleanup EVG terminology * Clarify organizationIdentifier contents As requested by Mads from Buypass in https://archive.cabforum.org/pipermail/servercert-wg/2020-August/002148.html * Apply further suggestions from Corey Correct Subscriber -> Applicant in additional places Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Spelling, formatting, punctuation improvements (#31) * Where a word was spelling multiple ways (e.g. organization & organisation) consolidate on whichever form is the majority used * MD formatting improvements (e.g. 5 numeral headings updated to have 5 '#' instead of 4) * More consistent punctuation in section headings (e.g. '3.2.2.4.*:' vs '3.2.2.4.*') * More correct - I hope - extension values (e.g. extKeyUsage instead of extendedKeyUsage) * Improved, but identical - I hope - terminology (e.g. key purposes instead of usages where context is id-kp-*) * Various minor spelling corrections (e.g. jursidiction -> jurisdiction, Certifiation -> Certification, etc.) Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com> Co-authored-by: sleevi <ryan.sleevi@gmail.com> Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com>
* Cleanup typos and issues from SC17 Closes #152 * Fix an incorrect reference from 3.2.5 to 3.2.2.5 Closes #155 * Fix typo: compliancy -> compliance Closes #159 * Cleanup old effective date for CP/CPSes Closes #161 * Update effective date for 3.2.2.4.6 Closes #163 * Move weak key lookups into 24-hour revocation Closes #164 * Align Section 6.1.1.3 with 4.9.1.1 Closes #171 * Replace RFC 6844 with RFC 8659 Closes #168 * Clarify that revocation is permitted if required by CP/CPS/BRs Closes #172 * Correct links to US gov't denial lists Closes #76 * Add a definition for CA Key Pair #127 * Clarify CA Key Pair generation (#23) Close #184 * Attempt to clarify policy OIDs (#21) Attempts to resolve #179 by introducing the term "Server Certificate" to distinguish from Subscriber Certificate (which may include Subordinate CAs), and to scope the requirements around identity information to only Server Certificates * Fixup formatting issues in the PDF * Fix issues spotted by Corey Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Cleanup EVG terminology * Clarify organizationIdentifier contents As requested by Mads from Buypass in https://archive.cabforum.org/pipermail/servercert-wg/2020-August/002148.html * Apply further suggestions from Corey Correct Subscriber -> Applicant in additional places Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Spelling, formatting, punctuation improvements (#31) * Where a word was spelling multiple ways (e.g. organization & organisation) consolidate on whichever form is the majority used * MD formatting improvements (e.g. 5 numeral headings updated to have 5 '#' instead of 4) * More consistent punctuation in section headings (e.g. '3.2.2.4.*:' vs '3.2.2.4.*') * More correct - I hope - extension values (e.g. extKeyUsage instead of extendedKeyUsage) * Improved, but identical - I hope - terminology (e.g. key purposes instead of usages where context is id-kp-*) * Various minor spelling corrections (e.g. jursidiction -> jurisdiction, Certifiation -> Certification, etc.) Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com> Co-authored-by: sleevi <ryan.sleevi@gmail.com> Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com>
* Ballot SC28v6: Logging and Log Retention (#222) Add SC28 * SC35: Cleanups and Clarifications (#208) (#223) * Cleanup typos and issues from SC17 Closes #152 * Fix an incorrect reference from 3.2.5 to 3.2.2.5 Closes #155 * Fix typo: compliancy -> compliance Closes #159 * Cleanup old effective date for CP/CPSes Closes #161 * Update effective date for 3.2.2.4.6 Closes #163 * Move weak key lookups into 24-hour revocation Closes #164 * Align Section 6.1.1.3 with 4.9.1.1 Closes #171 * Replace RFC 6844 with RFC 8659 Closes #168 * Clarify that revocation is permitted if required by CP/CPS/BRs Closes #172 * Correct links to US gov't denial lists Closes #76 * Add a definition for CA Key Pair #127 * Clarify CA Key Pair generation (#23) Close #184 * Attempt to clarify policy OIDs (#21) Attempts to resolve #179 by introducing the term "Server Certificate" to distinguish from Subscriber Certificate (which may include Subordinate CAs), and to scope the requirements around identity information to only Server Certificates * Fixup formatting issues in the PDF * Fix issues spotted by Corey Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Cleanup EVG terminology * Clarify organizationIdentifier contents As requested by Mads from Buypass in https://archive.cabforum.org/pipermail/servercert-wg/2020-August/002148.html * Apply further suggestions from Corey Correct Subscriber -> Applicant in additional places Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Spelling, formatting, punctuation improvements (#31) * Where a word was spelling multiple ways (e.g. organization & organisation) consolidate on whichever form is the majority used * MD formatting improvements (e.g. 5 numeral headings updated to have 5 '#' instead of 4) * More consistent punctuation in section headings (e.g. '3.2.2.4.*:' vs '3.2.2.4.*') * More correct - I hope - extension values (e.g. extKeyUsage instead of extendedKeyUsage) * Improved, but identical - I hope - terminology (e.g. key purposes instead of usages where context is id-kp-*) * Various minor spelling corrections (e.g. jursidiction -> jurisdiction, Certifiation -> Certification, etc.) Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com> Co-authored-by: sleevi <ryan.sleevi@gmail.com> Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com> * Update version numbers and cover pages. * Update effective date to 2020-10-19. * Update version for the cover page Co-authored-by: sleevi <ryan.sleevi@gmail.com> Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Clint Wilson <clint@wilsonovi.com>
The Baseline Requirements currently refer to RFC 6844 as modified by Errata.
This should be updated to depen on RFC 8659, which can be done without errata.
The text was updated successfully, but these errors were encountered: