CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines

Ballot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines

Ballot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines (Withdrawn)

Mads Henriksveen made the following motion, and Inigo Barreira from Izenpe and Kirk Hall from Trend Micro endorsed it:

Motion Begins

Baseline Requirements (BR)

Document History

Implementers’ Note: Version 1.1 of these SSL Baseline Requirements was published on September 14, 2012. Version 1.1 of WebTrust’s SSL Baseline Audit Criteria and ETSI Technical Standard Electronic Signatures and Infrastructures (ESI) 102 042 version 2.3.1 incorporate version 1.1 of these Baseline Requirements and are currently in effect. See http://www.webtrust.org/homepage-documents/item27839.aspx and also http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf .

Section 3. References

ETSI TS 119 403 Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment – General Requirements and Guidance available at: http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf .

ETSI TS 102 042 V2.1.1, Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates.

WebTrust Program for Certification Authorities Version 2.0, available at http://www.webtrust.org/homepage-documents/item27839.aspx.

Section 17.1 Eligible Audit Schemes

The CA SHALL undergo an audit in accordance with one of the following schemes:

  1. WebTrust Program for Certification Authorities v2.0 audit;
  2. A national scheme that audits conformance to ETSI TS 102 042 audit including DVCP, OVCP, EVCP or EVCP+;
  3. A scheme that audits conformance to ISO 21188:2006; or
  4. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements

EV Guidelines(EVG)

Section 8.2.1 Implementation

(B) Implement the requirements of (i) the then-current WebTrust Program for CAs, and (ii) the then-current WebTrust EV Program or (ii) the then-current ETSI TS 102 042 EV Certificate Policies (EVCP or EVCP+) V2.1.1; and

Section 8.2.2 Disclosure

Each CA MUST publicly disclose their EV Policies through an appropriate and readily accessible online means that is available on a 24×7 basis. The CA is also REQUIRED to publicly disclose its CA business practices as required by both WebTrust for CAs and ETSI TS 102 042 V2.1.1. The disclosures MUST be structured in accordance with either RFC 2527 or RFC 3647.

Section 17.1 Eligible Audit Schemes

A CA issuing EV Certificates SHALL undergo an audit in accordance with one of the following schemes: (i) WebTrust Program for Certification Authorites audit and WebTrust EV Program audit, or (ii) ETSI TS 102 042 v2.1.1 audit including EVCP or EVCP+.

Section 17.4 Pre-Issuance Readiness Audit

(2) If the CA has a currently valid ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete a point-in-time readiness assessment audit against ETSI TS 102 042 V2.1.1 EVCP or EVCP+. (3) If the CA does not have a currently valid WebTrust Seal of Assurance for CAs or an ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete either: (i) a point-in-time readiness assessment audit against the WebTrust for CA Program, or (ii) a point-in-time readiness assessment audit against the WebTrust EV Program, or an ETSI TS 102 042 V2.1.1. audit including EVCP or EVCP+.

The review period for this ballot shall commence on July 24th, 2013 and will close on July 31, 2013. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at August 7th, 2013. Votes must be cast by posting an on-list reply to this thread.

Motion Ends

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).