CA/Browser Forum
Home » All CA/Browser Forum Posts » NOTICE OF REVIEW PERIOD – BALLOT SC6

NOTICE OF REVIEW PERIOD – BALLOT SC6

This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for Final Maintenance Guidelines (30 day Review Period). A complete draft of the Draft Guideline that is the subject of this Review Notice is attached.

Date Review Notice Sent: Sept. 14, 2018

Ballot for Review: Ballot SC6 – Revocation Timeline Extension

Start of Review Period: September 14, 2018 at 8:00 pm Eastern Time

End of Review Period: October 14, 2018 at 8:00 pm Eastern Time

A version of the most recent Baseline Requirements including the changes made by the Ballot is attached. I also attach a version in “showing changes” mode to help with your review.

Please forward any Exclusion Notice relating to Essential Claims to the Chair by email to kirk.hall@entrustdatacard.com before the end of the Review Period. See current version of CA/Browser Forum Intellectual Property Rights Policy for details.

(Optional form of Exclusion Notice is attached)

Latest releases
Server Certificate Requirements
SC095v3: Clean-up 2025 - Apr 2, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Ballot
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).