CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot CSCWG-2: Combine Baseline and EV Code Signing Documents

Ballot CSCWG-2: Combine Baseline and EV Code Signing Documents

Ballot Results

Voting on Ballot CSCWG-2 has ended and the results are below:

Certificate Issuers

Votes in Favor: (10) Actalis, Sectigo, DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, SSL.com

Votes opposed: None

Abstentions: None

Certificate Consumers

Votes in Favor: (1) Microsoft

Votes Opposed: None

Abstentions: None

Results

Therefore the Ballot passes.

Dean Coclin CSCWG Chair

Ballot Content

Purpose of Ballot

The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates. The two documents are in similar format and cover many of the same requirements. CAs which issue both types of certificates must adhere to both documents and must be audited to two sets of criteria. CA/Browser Forum members also need to manage two sets of criteria. Auditors need to manage two sets of audit criteria.

The greater goal is to 1) migrate the documents into one document which will manage the requirements of both EV and non-EV code signing certificates, 2) reformat the document to be in the RFC 3647 format which will be in line with CPS format requirements and 3) change and manage the requirements in an ongoing process.

This ballot addresses item 1 of the process. The migration started with using the Baseline Requirements for Code Signing and adding in the EV Code Signing Requirements. The process was to minimize technical change although there was some change to allow merging. The process was not to correct issues, but a “parking lot” list was created to capture changes to be addressed in the future.

The following motion has been proposed by Bruce Morton of Entrust and endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.

Motion begins

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” based on Version 1.2 and removes the requirements for “Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates” based on Version 1.4. A redline update is attached.

Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates version 2.0 effective upon adoption.

Motion ends

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).