CA/Browser Forum
Home » Posts » Ballot SMC09 Pre-Linting, WebTrust for NetSec, and Minor Updates

Ballot SMC09 Pre-Linting, WebTrust for NetSec, and Minor Updates

Ballot SMC09: Pre-Linting, WebTrust for NetSec, and Minor Updates

Summary:

This ballot includes updates for the following:

  • Require pre-linting of leaf end entity Certificates starting September 15, 2025
  • Require WebTrust for Network Security for WebTrust audits starting after April 1, 2025
  • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates
  • Clarify use of organizationIdentifer references
  • Update of Appendix A.2 Natural Person Identifiers

This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

— Motion Begins — This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”), based on Version 1.0.6. MODIFY the Baseline Requirements as specified in the following Redline: https://github.com/cabforum/smime/compare/c66dfe265f5fabf70150af68746d5cb9ba09f942...d295580ad2e1a15c56e786e851d110969a712437 — Motion Ends —

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion (at least 7 days):

• Start time: October 9, 2024 at 19:00:00 UTC • End time: October 16, 2024 at 19:00:00 UTC

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Ballot S/MIME
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).