CA/Browser Forum posts
Posts by author Ben Wilson
Ballot CSC-10 – WebTrust CSBR v2.0 Audit Criteria
August 13, 2021 by Ben WilsonResults of IPR Review (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2021-09-13, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, GlobalSign, HARICA, Sectigo Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot For Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
August 13, 2021 by Ben WilsonResults of IPR Review (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2021-09-13, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, GlobalSign, HARICA, Sectigo Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot For Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
Ballot SC43 – Clarify Acceptable Status Codes
April 8, 2021 by Ben WilsonThe voting on SC43v2 has completed, and the ballot has failed. Voting Results Certificate Issuers 8 votes total, with no abstentions · 0 Yes votes: · 8 No Votes: DigiCert, Entrust, GlobalSign, HARICA, Let’s Encrypt / ISRG, Telia Company, TrustCor, SecureTrust · 0 Abstentions Certificate Consumers 1 vote total, with no abstentions 0 Yes votes 1 No votes: Google 0 Abstentions Bylaw Requirements Bylaw 2.3(f) requires: o A “yes” vote by two-thirds of Certificate Issuer votes and by 50%-plus-one of Certificate Consumer votes.
April 8, 2021 by Ben WilsonThe voting on SC43v2 has completed, and the ballot has failed. Voting Results Certificate Issuers 8 votes total, with no abstentions · 0 Yes votes: · 8 No Votes: DigiCert, Entrust, GlobalSign, HARICA, Let’s Encrypt / ISRG, Telia Company, TrustCor, SecureTrust · 0 Abstentions Certificate Consumers 1 vote total, with no abstentions 0 Yes votes 1 No votes: Google 0 Abstentions Bylaw Requirements Bylaw 2.3(f) requires: o A “yes” vote by two-thirds of Certificate Issuer votes and by 50%-plus-one of Certificate Consumer votes.
Ballot CSC-8 v3: Update to Revocation response mechanisms. key protection for EV certificates, and clean-up of 11.2.1 & Appendix B
April 2, 2021 by Ben WilsonThe voting period for Ballot CSC-8 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers – 7 votes total including abstentions – 6 Yes votes: Certum (Asseco), DigiCert, Entrust, GlobalSign, HARICA, Sectigo – 0 No votes – 1 Abstain: GoDaddy 87% of voting Certificate Issuers voted in favor. Voting by Certificate Consumers – 1 vote total including abstentions – 1 Yes votes: Microsoft – 0 No votes
April 2, 2021 by Ben WilsonThe voting period for Ballot CSC-8 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers – 7 votes total including abstentions – 6 Yes votes: Certum (Asseco), DigiCert, Entrust, GlobalSign, HARICA, Sectigo – 0 No votes – 1 Abstain: GoDaddy 87% of voting Certificate Issuers voted in favor. Voting by Certificate Consumers – 1 vote total including abstentions – 1 Yes votes: Microsoft – 0 No votes
Ballot SC40 – Security Requirements for Air-Gapped CA Systems
February 9, 2021 by Ben WilsonThis ballot was withdrawn and/or failed to go to a vote. This is a continuation of discussion on the air-gapped CA ballot. (As noted below, this formally continues the discussion for this ballot, as of 2021-02-08 17:00 UTC. This discussion period will continue until initiation of the Voting Period (TBD) unless extended or as otherwise determined, pursuant to the CA/Browser Forum Bylaws. I renumbered the sections - 5.1 for logical security and 5.
February 9, 2021 by Ben WilsonThis ballot was withdrawn and/or failed to go to a vote. This is a continuation of discussion on the air-gapped CA ballot. (As noted below, this formally continues the discussion for this ballot, as of 2021-02-08 17:00 UTC. This discussion period will continue until initiation of the Voting Period (TBD) unless extended or as otherwise determined, pursuant to the CA/Browser Forum Bylaws. I renumbered the sections - 5.1 for logical security and 5.
Ballot CSC-7v2: Update to merge EV and Non-EV clauses
February 2, 2021 by Ben WilsonVoting has closed on this ballot and the results are as follows: CAs voting in favor (7): Actalis, DigiCert, Entrust, GDCA, GlobalSign, GoDaddy, HARICA CAs opposed: None CAs abstaining: None Certificate Consumers voting in favor (1): Microsoft Certificate Consumers opposed: None Certificate Consumers abstaining: None Therefore the ballot CSC-7 passes. Purpose of the Ballot: The CSC-2 merger of the Code Signing BRs and the EV Code Signing Guidelines was done without technical changes.
February 2, 2021 by Ben WilsonVoting has closed on this ballot and the results are as follows: CAs voting in favor (7): Actalis, DigiCert, Entrust, GDCA, GlobalSign, GoDaddy, HARICA CAs opposed: None CAs abstaining: None Certificate Consumers voting in favor (1): Microsoft Certificate Consumers opposed: None Certificate Consumers abstaining: None Therefore the ballot CSC-7 passes. Purpose of the Ballot: The CSC-2 merger of the Code Signing BRs and the EV Code Signing Guidelines was done without technical changes.
Ballot SC38: Alignment of Record Archival
December 16, 2020 by Ben WilsonThis ballot failed to go to a vote and failed pursuant to the Bylaws. This begins the discussion period for Ballot SC38: Alignment of Record Archival (which I circulated a little while ago). The following ballot is proposed by Neil Dunbar of TrustCor Systems and endorsed by David Kluge of Google Trust Services and Ben Wilson of Mozilla. Purpose of Ballot: After the updated language included in SC28 Sections 5.4.3 and 5.
December 16, 2020 by Ben WilsonThis ballot failed to go to a vote and failed pursuant to the Bylaws. This begins the discussion period for Ballot SC38: Alignment of Record Archival (which I circulated a little while ago). The following ballot is proposed by Neil Dunbar of TrustCor Systems and endorsed by David Kluge of Google Trust Services and Ben Wilson of Mozilla. Purpose of Ballot: After the updated language included in SC28 Sections 5.4.3 and 5.
Ballot Forum 16 – Election of CA/Browser Forum Vice Chair
November 1, 2020 by Ben WilsonVoting on Special Ballot Forum 16 has now closed and the ballot has passed. Results are as follow: CAs voting in favor: Actalis, Buypass, Certum (Asseco), CFCA, Chunghwa Telecom, D-TRUST, Disig, eMudhra, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, Kamu SM, OATI, OISTE, SECOM, SHECA, SSL.com, TWCA, TrustCor, SecureTrust CAs voting against: None CAs voting to abstain: None Browsers voting in favor: Apple, Cisco, Google, Microsoft, Mozilla, 360 Browsers voting against: None
November 1, 2020 by Ben WilsonVoting on Special Ballot Forum 16 has now closed and the ballot has passed. Results are as follow: CAs voting in favor: Actalis, Buypass, Certum (Asseco), CFCA, Chunghwa Telecom, D-TRUST, Disig, eMudhra, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, Kamu SM, OATI, OISTE, SECOM, SHECA, SSL.com, TWCA, TrustCor, SecureTrust CAs voting against: None CAs voting to abstain: None Browsers voting in favor: Apple, Cisco, Google, Microsoft, Mozilla, 360 Browsers voting against: None
Special Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair
October 29, 2020 by Ben WilsonSpecial Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair The following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Vice Chair of the Code Signing Certificate Working Group. Motion begins In accordance with Bylaw 4.1©, Bruce Morton representing Entrust is hereby elected Vice Chair of the Code Signing Certificate Working Group for a term commencing on November 1, 2020 and continuing through October 31, 2022.
October 29, 2020 by Ben WilsonSpecial Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair The following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Vice Chair of the Code Signing Certificate Working Group. Motion begins In accordance with Bylaw 4.1©, Bruce Morton representing Entrust is hereby elected Vice Chair of the Code Signing Certificate Working Group for a term commencing on November 1, 2020 and continuing through October 31, 2022.
Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2 timestamp tokens
October 7, 2020 by Ben WilsonVoting on this ballot has closed. The results are below: 7 CAs voting in favor: Actalis, DigiCert, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA 0 CAs opposed 0 CAs abstaining 1 Certificate Consumer voting in favor: Microsoft 0 Certificate Consumers opposed 0 Certificate Consumers abstaining Therefore the ballot passes. Dean Coclin CSCWG Chair Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2 timestamp tokens Purpose of the Ballot: The current deadline for moving from RSA-2048 to RSA-3072 and from SHA-1 to SHA-2 for timestamp tokens falls on January 1, 2021, which is inconvenient due to code freezes due to the winter holidays.
October 7, 2020 by Ben WilsonVoting on this ballot has closed. The results are below: 7 CAs voting in favor: Actalis, DigiCert, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA 0 CAs opposed 0 CAs abstaining 1 Certificate Consumer voting in favor: Microsoft 0 Certificate Consumers opposed 0 Certificate Consumers abstaining Therefore the ballot passes. Dean Coclin CSCWG Chair Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2 timestamp tokens Purpose of the Ballot: The current deadline for moving from RSA-2048 to RSA-3072 and from SHA-1 to SHA-2 for timestamp tokens falls on January 1, 2021, which is inconvenient due to code freezes due to the winter holidays.