Ballot 182 – Readopting BR 3.2.2.4 (Part 2)

Ballot overview

• Ballot 182, Readopting BR 3.2.2.4 (Part 2), was a Server Certificate Working Group ballot.
• The ballot page states that Ballot 182 has failed.
• The result section says the ballot fails because it requires a 2/3 affirmative vote by CAs and a majority affirmative vote by browsers, and quorum was not achieved.
• The vote totals shown are CAs: 0 votes and Browsers: 0 votes.

What the ballot proposed

• The ballot text says it maintained consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097.
• It proposed a carve-out of logging requirements for DNSSEC, stating those requirements are not in scope.
• It proposed that, for audit purposes, change management logging can confirm whether the appropriate controls are in effect.
• It proposed sunsetting all remaining use of SHA-1 signatures in Certificates and CRLs.
• It noted that most uses of SHA-1 signatures were already deprecated by SC097.
• It stated that all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked.
• It also stated that the proposal does not prohibit use of SHA-1 to generate issuerKeyHash or issuerNameHash values as required by RFC 5019.
• The ballot included minor formatting corrections.

Dates

• No discussion, voting, IPR, or effective dates are provided in the supplied evidence.
• Because the ballot failed, no compliance date took effect.