CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot Forum-7: Update ETSI requirements in SCWG Charter

Ballot Forum-7: Update ETSI requirements in SCWG Charter

The voting period for Ballot Forum-7 has ended and the ballot has passed. Here are the results.

Voting by CAs – 10 votes total including abstentions 10 Yes votes: Buypass, Certinomis, D-TRUST, Disig, Entrust Datacard, HARICA, Logius PKIoverheid, QuoVadis, SSC 0 No votes: 1 Abstain: Visa 100% of voting CAs voted in favor

Voting by browsers – 3 votes total including abstentions 3 Yes votes: Microsoft, Mozilla, 360 0 No votes: 0 Abstain: 100% of voting browsers voted in favor

Under Bylaw 2.2(g), a ballot result will be considered valid only when more than half of the number of currently active Members has participated. Votes to abstain are counted in determining a quorum. Half of currently active Members as of the start of voting is 11, so quorum was 12 votes – quorum was met.

Bylaw 2.2(f) requires a yes vote by two-thirds of CA votes and 50%-plus-one browser votes for approval. Votes to abstain are not counted for this purpose. This requirement was met for both CAs and browsers.

At least one CA Member and one browser Member must vote in favor of a ballot for the ballot to be adopted. This requirement was met.

The ballot passes.

The following motion has been proposed by Dimitris Zacharopoulos of HARICA and endorsed by Moudrick M. Dadashov of SSC and Mads Egil Henriksveen from Bypass.

Background:

Section 3 of the SCWG Charter describes the qualifying criteria for “Certificate Issuers” and “Root Certificate Issuers”. This ballot attempts to remove references to the old ETSI TS documents.

Motion begins

In Section 3 of the SCWG Charter, update the ETSI references:

Replace “ETSI TS 102042, ETSI 101456, or ETSI EN 319 411-1”

with

“or ETSI EN 319 411-1”.

Motion ends

Here is a red-line of these particular changes.

(1) Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit, or ETSI TS 102042, ETSI 101456, or ETSI EN 319 411-1 audit report prepared by a properly-qualified auditor, and that actively issues certificates to Web servers that are openly accessible from the Internet, such certificates being treated as valid when using a browser created by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum.

(2) Root Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs, or ETSI TS 102042, ETSI TS 101456, ETSI EN 319 411-1 audit report prepared by a properly-qualified auditor, and that actively issues certificates to subordinate CAs that, in turn, actively issue certificates to Web servers that are openly accessible from the Internet, such certificates being treated as valid when using a browser created by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum.

The procedure for approval of this ballot is as follows:

Forum-7 – Update ETSI requirements in the SCWG Charter

Start time (22:00 UTC)End time (22:00 UTC)
Discussion (7 days)21 September 201828 September 2018
Vote for approval (7 days)28 September 20185 October 2018
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).