CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 26 – Certificate Reissuance

Ballot 26 – Certificate Reissuance

Ballot 26 – Certificate Reissuance (Passed Unanimously)

Motion

Steve Roylance made the following motion, and Ben Wilson and Jay Schiavo endorsed it:

Motion begins

The Guidelines should be amended by the following erratum.

Erratum begins

  1. Replace this section which was itself previously amended by Errata: “25. EV Certificate Renewal Verification Requirements

(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.

(b) Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY:

(1) EV Certificate previously issued by the CA:”

With: “25. EV Certificate Renewal Verification Requirements

(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.

(b) Validation of Re-issuance requests. A CA may rely on previously verified information to issue a Replacement Certificate, as defined in these Guideline when:

  1. The expiration date of the replacement certificate is the same as the expiration date of the currently valid EV certificate being replaced, and

  2. The certificate subject of the Replacement Certificate is the same as the certificate subject contained in the currently valid EV certificate. (c) Renewal Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY: (1) EV Certificate previously issued by the CA:”

  3. Replace this section from the Definition Section which was itself previously amended by Errata: “EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate.”

With: “EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate but with a new ‘valid to’ date beyond the expiry of the current EV certificate.

EV Certificate Re-issuance. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate but with a matching ‘valid to’ date of the current EV certificate.”

Erratum ends

Motion ends

The ballot review period comes into effect at 1700 EST on 03 Mar 09,and will close at 1700 EDT on 10 Mar 2009. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 1700 EDT on 17 Mar 2009.

Votes must be cast by ‘reply all’ to this email.

A vote in favour of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted.

The latest vote received from any representative of a voting member before the close of the voting period will be counted.

Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Ballot Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).