CA/Browser Forum posts
Posts by author Ben Wilson
Ballot SC32 – NCSSRs Zones
July 23, 2020 by Ben WilsonThis ballot failed pursuant to the Bylaws. This email begins the discussion period for Ballot SC32. Purpose of Ballot: To remove ambiguity and delineate requirements for physical security and logical security. The Network and Certificate System Security Requirements (NCSSRs) were drafted with the concept of physical and logical “Zones” (Secure Zones, High Security Zones, and everything else outside those zones). However, the approach did not clearly separate the physical security aspects from the logical security aspects. “Zone” was defined as a “subset of Certificate Systems created by the logical or physical partitioning of systems from other Certificate Systems,” and “Secure Zone” was defined as an “area (physical or logical) protected by physical and logical controls that appropriately protect the confidentiality, integrity, and availability of Certificate Systems.” “High Security Zone” was defined as a physical area- “A physical location where a CA’s or Delegated Third Party’s Private Key or cryptographic hardware is located”.
July 23, 2020 by Ben WilsonThis ballot failed pursuant to the Bylaws. This email begins the discussion period for Ballot SC32. Purpose of Ballot: To remove ambiguity and delineate requirements for physical security and logical security. The Network and Certificate System Security Requirements (NCSSRs) were drafted with the concept of physical and logical “Zones” (Secure Zones, High Security Zones, and everything else outside those zones). However, the approach did not clearly separate the physical security aspects from the logical security aspects. “Zone” was defined as a “subset of Certificate Systems created by the logical or physical partitioning of systems from other Certificate Systems,” and “Secure Zone” was defined as an “area (physical or logical) protected by physical and logical controls that appropriately protect the confidentiality, integrity, and availability of Certificate Systems.” “High Security Zone” was defined as a physical area- “A physical location where a CA’s or Delegated Third Party’s Private Key or cryptographic hardware is located”.
Ballot Forum-14 – Creation of S/MIME Certificates Working Group v2
June 15, 2020 by Ben WilsonVoting has ended on Ballot Forum-14, Creation of S/MIME Working Group. The results are as follows: Certificate Issuers: 22 votes in favor: Actalis, Buypass, Certigna (DHIMYOTIS), Certum (Asseco), Chunghwa Telecom, Sectigo (former Comodo CA), D-TRUST, DigiCert, Disig, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, Kamu SM, OISTE, SHECA, SSL.com, SwissSign, TrustCor, SecureTrust (former Trustwave) 0 No votes 0 Abstention Certificate Consumers: 5 votes in favor: Apple, Cisco, Google, Microsoft, Mozilla
June 15, 2020 by Ben WilsonVoting has ended on Ballot Forum-14, Creation of S/MIME Working Group. The results are as follows: Certificate Issuers: 22 votes in favor: Actalis, Buypass, Certigna (DHIMYOTIS), Certum (Asseco), Chunghwa Telecom, Sectigo (former Comodo CA), D-TRUST, DigiCert, Disig, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, Kamu SM, OISTE, SHECA, SSL.com, SwissSign, TrustCor, SecureTrust (former Trustwave) 0 No votes 0 Abstention Certificate Consumers: 5 votes in favor: Apple, Cisco, Google, Microsoft, Mozilla
Ballot Forum-12: Update CA/B Forum Bylaws
May 25, 2020 by Ben WilsonVoting on Ballot Forum-12, Update CA/B Forum Bylaws, had ended. Here are the results: 21 Certificate Issuers voting in favor: Buypass, Camerfirma, Certum (Asseco), Chunghwa Telecom, D-TRUST, DigiCert, Disig, eMudhra, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, Kamu SM, OISTE, SSL.com, SwissSign, TrustCor, SecureTrust (former Trustwave) 0 No votes 0 Abstain votes 100% of voting Certificate Issuers voted in favor. 4 Certificate Consumers voting in favor: Cisco, Microsoft, Mozilla, 360
May 25, 2020 by Ben WilsonVoting on Ballot Forum-12, Update CA/B Forum Bylaws, had ended. Here are the results: 21 Certificate Issuers voting in favor: Buypass, Camerfirma, Certum (Asseco), Chunghwa Telecom, D-TRUST, DigiCert, Disig, eMudhra, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, Kamu SM, OISTE, SSL.com, SwissSign, TrustCor, SecureTrust (former Trustwave) 0 No votes 0 Abstain votes 100% of voting Certificate Issuers voted in favor. 4 Certificate Consumers voting in favor: Cisco, Microsoft, Mozilla, 360
Ballot SC20: System Configuration Management
March 23, 2020 by Ben WilsonThis ballot failed. Purpose of Ballot Section 1(h) of the Network and Certification Systems Security Requirements provides that CAs shall:
March 23, 2020 by Ben WilsonThis ballot failed. Purpose of Ballot Section 1(h) of the Network and Certification Systems Security Requirements provides that CAs shall:
Ballot CSC-1: Adopt Baseline Requirements version 1.2
June 11, 2019 by Ben Wilson*NOTICE OF REVIEW PERIOD* ** This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Guideline (60 day Review Period). Attached is a complete Draft Guideline subject of this Review Notice. Ballot for Review: Ballot CSCWG-1 /pipermail/cscwg-public/2019-June/000043.html Start of Review Period: June 13, 2019 at 11:00am Eastern Time End of Review Period: August 13, 2019 at 11:00am Eastern Time ------------------ Voting on Ballot CSCWG-1 has ended and the results are as follows: 11 Certificate Issuers voting YES: Actalis, Sectigo (former Comodo CA), DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, SSL.com, SecureTrust (former Trustwave) 0 Certificate Issuers voting No or Abstain 1 Certificate Consumer voting YES: Microsoft 0 Certificate Consumers voting No or Abstain Quorum calculator requires 6 to meet quorum. This was met. Therefore, the Ballot passes. Dean Coclin Code Signing Certificate Working Group Chair Purpose of Ballot: Adoption of this ballot will: (i) adopt written findings concerning the provenance of the Baseline Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates; and (ii) adopt version 1.2 of such Baseline Requirements, subject to completion of the 60-day “Notice of Review Period” pursuant to Section 4.1 of Forum’s IPR Policy.
June 11, 2019 by Ben Wilson*NOTICE OF REVIEW PERIOD* ** This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Guideline (60 day Review Period). Attached is a complete Draft Guideline subject of this Review Notice. Ballot for Review: Ballot CSCWG-1 /pipermail/cscwg-public/2019-June/000043.html Start of Review Period: June 13, 2019 at 11:00am Eastern Time End of Review Period: August 13, 2019 at 11:00am Eastern Time ------------------ Voting on Ballot CSCWG-1 has ended and the results are as follows: 11 Certificate Issuers voting YES: Actalis, Sectigo (former Comodo CA), DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, SSL.com, SecureTrust (former Trustwave) 0 Certificate Issuers voting No or Abstain 1 Certificate Consumer voting YES: Microsoft 0 Certificate Consumers voting No or Abstain Quorum calculator requires 6 to meet quorum. This was met. Therefore, the Ballot passes. Dean Coclin Code Signing Certificate Working Group Chair Purpose of Ballot: Adoption of this ballot will: (i) adopt written findings concerning the provenance of the Baseline Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates; and (ii) adopt version 1.2 of such Baseline Requirements, subject to completion of the 60-day “Notice of Review Period” pursuant to Section 4.1 of Forum’s IPR Policy.
2019-02-07 Minutes of Server Certificate Working Group Teleconference
February 7, 2019 by Ben WilsonAttendees (in alphabetical order) Arno Fiedler (D-TRUST), Bruce Morton (Entrust Datacard), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (SecureTrust), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mahmud Khair (SecureTrust), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Sissel Hoel (Buypass AS), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
February 7, 2019 by Ben WilsonAttendees (in alphabetical order) Arno Fiedler (D-TRUST), Bruce Morton (Entrust Datacard), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (SecureTrust), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mahmud Khair (SecureTrust), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Sissel Hoel (Buypass AS), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
2019-02-07 Minutes of CA/Browser Forum Teleconference
February 7, 2019 by Ben WilsonAttendees (in alphabetical order) Arno Fiedler (D-TRUST), Bruce Morton (Entrust Datacard), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (SecureTrust), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mahmud Khair (SecureTrust), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Sissel Hoel (Buypass AS), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
February 7, 2019 by Ben WilsonAttendees (in alphabetical order) Arno Fiedler (D-TRUST), Bruce Morton (Entrust Datacard), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Fotis Loukos (SSL.com), Frank Corday (SecureTrust), Geoff Keating (Apple), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Kirk Hall (Entrust Datacard), Leo Grove (SSL.com), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Mahmud Khair (SecureTrust), Marcelo Silva (Visa), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), Scott Rea (Dark Matter), Sissel Hoel (Buypass AS), Tim Hollebeek (Digicert), Tim Shirley (SecureTrust), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
2019-01-10 Minutes for Server Certificate Working Group Teleconference
January 10, 2019 by Ben WilsonAttendees (in alphabetical order) Ben Wilson (Digicert), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Michelle Coon (OATI), Neil Dunbar (TrustCor Systems), Niko Carpenter (Trustwave), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Tim Callan (Sectigo), Tim Shirley (Trustwave), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
January 10, 2019 by Ben WilsonAttendees (in alphabetical order) Ben Wilson (Digicert), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Michelle Coon (OATI), Neil Dunbar (TrustCor Systems), Niko Carpenter (Trustwave), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Tim Callan (Sectigo), Tim Shirley (Trustwave), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
2019-01-10 Minutes for CA/Browser Forum Teleconference
January 10, 2019 by Ben WilsonAttendees (in alphabetical order) Ben Wilson (Digicert), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Michelle Coon (OATI), Neil Dunbar (TrustCor Systems), Niko Carpenter (Trustwave), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Tim Callan (Sectigo), Tim Shirley (Trustwave), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).
January 10, 2019 by Ben WilsonAttendees (in alphabetical order) Ben Wilson (Digicert), Chris Kemmerer (SSL.com), Daymion Reynolds (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fotis Loukos (SSL.com), Frank Corday (Trustwave), Gordon Bock (Microsoft), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Joanna Fox (GoDaddy), Jos Purvis (Cisco Systems), Kenneth Myers (US Federal PKI Management Authority), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Michelle Coon (OATI), Neil Dunbar (TrustCor Systems), Niko Carpenter (Trustwave), Peter Miskovic (Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Tim Callan (Sectigo), Tim Shirley (Trustwave), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority).