Ballot SC044: Clarify Acceptable Status Codes

Ballot overview

• Ballot SC044, Clarify Acceptable Status Codes, was a Server Certificate Working Group ballot.
• The ballot clarified the allowed HTTP status codes used for following redirects in domain validation methods 18 and 19.
• It also specified that the target URI must come from the final value of the Location response header.

Outcome

• The ballot completed voting and passed.
• Voting results showed 21 yes votes from Certificate Issuers, 0 no votes, and 0 abstentions.
• Voting results showed 5 yes votes from Certificate Consumers, 0 no votes, and 0 abstentions.
• The ballot met the Bylaw 2.3(f) voting thresholds for both Certificate Issuers and Certificate Consumers.
• The ballot met the Bylaw 2.3(g) quorum requirement.
• The ballot entered the IP Rights Review Period after voting.

Requirements added to the Baseline Requirements

• For validations performed on or after July 1, 2021, redirects must be the result of a 301, 302, 307, or 308 HTTP status code response.
• For validations performed on or after July 1, 2021, redirects must go to the final value of the Location HTTP response header.
• For validations performed prior to July 1, 2021, redirects must be the result of an HTTP status code within the 3xx Redirection class.
• CAs should limit accepted status codes and resource URLs to those defined for the on-or-after July 1, 2021 case.
• Redirects must be to resource URLs using the http or https scheme.
• Redirects must be to resource URLs accessed via Authorized Ports.

Effective date and phasing

• The redline shows a compliance date of 2021-07-01 for the redirect-status-code and Location-header requirements.
• The ballot text applies different rules based on whether validations are performed on or after July 1, 2021 or prior to July 1, 2021.