Home » Proceedings » Ballots » Ballot CSC-12 – CRL Revocation Date Clarification

Ballot CSC-12 – CRL Revocation Date Clarification

Notice of Review Period

(Mailing list post is available here.)

This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.2).  This Review Period is for Final Maintenance Guidelines (30 day Review Period).  A complete draft of the Draft Guideline that is the subject of this Review Notice is available here.

Date Review Notice Sent:           November 3, 2021

Ballot for Review:                        Ballot CSC-12: CRL Revocation Date Clarification

Start of Review Period:                November 3, 2021 at 15:40 UTC

End of Review Period:                 December 3, 2021 at 15:40 UTC

Please forward any Exclusion Notice relating to Essential Claims to the Chair by email to dean.coclin@digicert.com before the end of the Review Period.  See current version of CA/Browser Forum Intellectual Property Rights Policy for details.

Results of Voting

(Mailing list post is available here.)

YesNoAbstain
Certificate IssuersCertum (Asseco)
DigiCert
Entrust
E-TUGRA
GlobalSign
HARICA
Sectigo
SSL.com
Certificate ConsumersMicrosoft
The ballot has PASSED.

Purpose of the Ballot

While RFC 5280, section 5.3.2 specifies that it is best practice to include the Invalidity Date CRL entry extension to denote when a certificate first became invalid, Certificate Consumer software commonly ignores this extension in favor of using the time encoded in the CRL entry revocationDate field for this purpose. This ballot clarifies that CAs shall use the revocationDate to denote when a certificate first became invalid even if that time precedes issuance of the latest CRL. Additionally, this ballot clarifies that if the CA is becomes aware of a more appropriate revocation date for a revoked Code Signing Certificate, then the CA may include this date in subsequently issued CRLs and OCSP responses pertaining to that revoked Code Signing Certificate.

Motion

This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” version 2.5 according to the attached redline which includes:

  • Add the effective date of the CRL profile change in section 1.3.
  • Modification of the third paragraph of section 13.2.1.
  • Addition of two paragraphs after the third paragraph of section 13.2.1.
  • Add explanatory footnote to the bottom of the last page of section 13.2.1.