CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 138 – Security Information Sharing Working Group

Ballot 138 – Security Information Sharing Working Group

Ballot 138 – Security Information Sharing Working Group

Voting on Ballot 138 – Information Sharing Working Group closed on 16 October 2014.

The Chair received “yes” votes from Actalis, ANF, Buypass, Certinomis, Chunghwa Telecom, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, Izenpe, Kamu Sertifikasyon Merkezi, Logius PKIoverheid, Microsoft, Mozilla, Opentrust, Opera, SECOM, SSC, StartCom, Symantec, Trend Micro, TURKTRUST, TWCA, and WoSign.

Google abstained.

Therefore, Ballot 138 passed.

Kirk Hall of Trend Micro made the following motion and Ben Wilson of Digicert and Dean Coclin of Symantec have endorsed it:

Reason

During face-to-face Meeting 33, and on previous occasions, there were discussions about how members of the Forum might be able to share security-related information. One of the conclusions of these discussions is that the issue needs further study. Additional details are found in the scope statement in Ballot 138, which proposes the chartering a Security Information Sharing Group.

Motion begins

The CA-Browser Forum shall create a Working Group, to be known as the Security Information Sharing Working Group.

Scope: the Working Group shall consider all matters relating to voluntary information sharing among Forum Members relating to possible enhanced risk from identified individuals, entities, identities, locations, domains, IP addresses, and other data to be determined in order to allow Members to determine, in their own judgment, whether to undertake additional authentication or other steps before providing products or services to customers. The Working Group will consider such issues as legal limitations, privacy concerns, methods for updating or correcting information, and other factors that may arise from such information sharing.

Deliverables: The Working Group shall produce one or more documents offering options to the Forum for voluntary information sharing within the scope defined above.

Expiration Date: The Working Group’s mandate shall expire twenty-four months from the date this resolution passes, unless extended by a further ballot of the Members, such a ballot to specify the extension period and any necessarily modifications of the scope and deliverables.

Motion ends

The review period for this ballot shall commence at 2200 UTC on Thursday, 2 October 2014, and will close at 2200 UTC on Thursday, 9 October 2014. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Thursday, 16 October 2014. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here:

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).