CA/Browser Forum
Home » Posts » Ballot CSC-1: Adopt Baseline Requirements version 1.2

Ballot CSC-1: Adopt Baseline Requirements version 1.2

*NOTICE OF REVIEW PERIOD*

**

This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's
Intellectual Property Rights Policy (v1.3). This Review Period is for a
Final Guideline (60 day Review Period). Attached is a complete Draft
Guideline subject of this Review Notice.

Ballot for Review: Ballot CSCWG-1 

/pipermail/cscwg-public/2019-June/000043.html

Start of Review Period: June 13, 2019 at 11:00am Eastern Time

End of Review Period: August 13, 2019 at 11:00am Eastern Time

------------------ 

Voting on Ballot CSCWG-1 has ended and the results are as follows:

11 Certificate Issuers voting YES: Actalis, Sectigo (former Comodo CA), DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, SSL.com, SecureTrust (former Trustwave)

0 Certificate Issuers voting No or Abstain 

1 Certificate Consumer voting YES: Microsoft

0 Certificate Consumers voting No or Abstain

Quorum calculator requires 6 to meet quorum. This was met.

Therefore, the Ballot passes.

Dean Coclin 

Code Signing Certificate Working Group Chair

Purpose of Ballot: Adoption of this ballot will: (i) adopt written findings concerning the provenance of the Baseline Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates; and (ii) adopt version 1.2 of such Baseline Requirements, subject to completion of the 60-day “Notice of Review Period” pursuant to Section 4.1 of Forum’s IPR Policy.

The following motion has been proposed by Ben Wilson of DigiCert and endorsed by Jason Cooper of Microsoft and Rich Smith of Sectigo.

Ballot begins:

Whereas between February 2013 and December 2015 members of the CA/Browser Forum developed a set of requirements for Certification Authorities issuing Code Signing Certificates (the “Baseline Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates” – referred to herein as the “Baseline-Requirements-CSC”), and

Whereas Ballot 158 from December 2015 failed to formally adopt the Baseline-Requirements-CSC as Final Guidelines of the CA/B Forum, and

Whereas the Code Signing Certificate Working Group (CSCWG) of the CA/Browser Forum was duly chartered on March 8, 2019 by Ballot FORUM-8, and

Whereas the Charter specifies that the CSCWG would continue to work on the Baseline-Requirements-CSC, subject to the CSCWG making a written finding that the provenance of such document is sufficiently covered by the Forum’s IPR Policy, and

Whereas there is sufficient evidence to establish that the Baseline-Requirements-CSC are covered by the Forum’s IPR Policy, and

Whereas, in order to continue such work, it is advisable that the CSCWG adopt the Baseline-Requirements-CSC pursuant to procedures set forth in CA/B Forum IPR Policy v.1.3 (“IPR 1.3”), which include a 60-day Review Period during which a Draft Guideline may be reviewed for licensing obligations with respect to any Essential Claims that may be encompassed by such Draft Guideline.

Now therefore, the CSCWG hereby makes the following written findings and, pursuant to IPR 1.3, adopts the attached Baseline-Requirements-CSC, version 1.2, as a Forum Guideline.

Findings

  1. On April 8, 2012, the CA/B Forum adopted Intellectual Rights Policy, v. 1.0. (“IPR 1.0”) under which a contributor grants members a copyright license to its Contributions for the purpose of developing and publishing Draft Guidelines.

  2. Section 8.3 of IPR 1.0 defines “Contribution” as “material, including Draft Guidelines, Draft Guideline text, and modifications to other Contributions, made verbally or in a tangible form of expression (including in electronic media) which is provided by a Participant in the process of developing a Draft Guideline for the purpose of incorporating such material into a Draft Guideline …” and “Draft Guideline” as “a version of a CAB Forum guideline that has not been approved as a Final Guideline or Final Maintenance Guideline, regardless of whether or not the Draft Guideline has been published.”

  3. Beginning with the February 2013 Face-to-Face meeting of the CA/B Forum, the Forum started work on the Baseline-Requirements-CSC as a Draft Guideline.

  4. From the period of March 2013 through November 2015, the group worked on the Baseline-Requirements-CSC during bi-weekly teleconferences, at F2F meetings, and over email. Reports of the effort were provided at CA/B Forum meetings.

  5. The base document from which the Baseline-Requirements-CSC were developed was the CA/Browser Forum’s “Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates,” licensed under a Creative Commons Attribution 4.0 International license.

  6. The entire work on the Baseline-Requirements-CSC was performed by members of the CA/Browser Forum, as members of the CA/Browser Forum, all of whom were bound by IPR 1.0.

  7. Any contributions from non-members of the CA/Browser Forum were subject to IPR 1.0 because there is an IPR Agreement on file with the CA/Browser Forum that covers the contribution by such entity.

  8. At the conclusion of the Review Period and adoption by the Forum of the Baseline-Requirements-CSC as a Forum Guideline, the provenance and rights to the Baseline-Requirements-CSC will be sufficiently established such that they will be clearly covered by the Forum’s IPR Policy.

Furthermore, upon adoption by the CSCWG of this ballot, the Chair of the CA/Browser Forum shall publish a “Notice of Review Period” (60 days) pursuant to Section 4.1 of IPR 1.3 and attach a copy of the Baseline-Requirements-CSC to such notice.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 2019-05-XX 12:00 Eastern End Time: Not before 2019-05-XX 12:00 Eastern

Vote for approval (7 days)

Start Time: 2019-06-XX 18:00 Eastern End Time: 2019-06-XX 18:00 Eastern

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).