← CABF Ballot Browser
Ballot-93 passed

Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21)

Server Certificate Working Group

Key dates

Effective date
02 Nov 2012 13 years ago
Voting opened
02 Nov 2012 13 years ago
Voting closed
07 Nov 2012 13 years ago
Discussion opened
17 Oct 2012 13 years ago
Discussion closed
31 Oct 2012 13 years ago

Resources

Document http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November2006.pdf http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November2006.pdf

AI Summary

Generated 2026-06-23 21:36 UTC

Ballot overview

  • Ballot 93, Reasons for Revocation, covers BR issues 6, 8, 10, and 21.
  • The ballot page states it passed unanimously.
  • The motion says the changes are effective immediately, except for Part E.

What the ballot changes

  • Issue 8 adds a new section on subordinate CA private keys:
    • Parties other than the Subordinate CA must not archive the Subordinate CA private keys.
    • If the Issuing CA generated the key for the Subordinate CA, it must encrypt the private key for transport.
    • If the Issuing CA learns that a Subordinate CA private key was communicated to an unauthorized person or an organization not affiliated with the Subordinate CA, it must revoke all certificates containing the corresponding public key.
  • Issue 8 also adds a new section requiring the Issuing CA to revoke a Subordinate CA Certificate within seven days if any listed revocation condition occurs, including unauthorized request, key compromise, misuse, noncompliance, inaccurate information, cessation of operations without revocation support, loss or termination of issuance rights, policy or CPS requirements, or unacceptable technical content or format.
  • Issue 6 revises subscriber certificate revocation language and expands the definition of key compromise.
  • Issue 21 adds a certificate suspension rule stating that the repository must not include entries indicating that a certificate is suspended.
  • Issue 10 adds a NIST reference and new public key requirements after Appendix A, table (3).

Date and timing details

  • The review period commenced at 21:00 UTC on 17 October 2012.
  • A voting period of seven days began and was suspended on 31 October 2012.
  • Voting was to begin again at 21:00 UTC on 2 November 2012.
  • Voting was to close at 21:00 UTC on Wednesday, 7 November 2012.
  • Part E includes a stated effective date of 1 January 2013 for the new general requirements for public keys.

Compliance impact

  • CAs had to apply the non-Part-E changes immediately once the ballot took effect.
  • For the Part E public key requirements, CAs had to confirm the RSA public exponent is an odd number equal to 3 or more, with the stated SHOULD guidance on exponent range and modulus characteristics, effective 1 January 2013.
Model: gpt-5.4-mini Confidence: 0.93 Result: passed
Effective date
2012-11-02
Voting opened
2012-11-02
Voting closed
2012-11-07
Discussion opened
2012-10-17
Applicability and conditions

2013-01-01 — CAs must apply the RSA public key requirements, including the public exponent rule, by this date Part E only: general requirements for public keys added after Appendix A, table (3)

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21)Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21)Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21) (Passed Unanimously)

View on cabforum.org → Last fetched 16 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action