CA/Browser Forum posts
Ballot SC-75 - Pre-sign linting
June 27, 2024 by Iñigo BarreiraResults of Voting Certificate Issuers 25 votes total, with no abstentions: • 25 Issuers voting YES: Actalis, Buypass, Certum (Asseco), Chunghwa Telecom, D-TRUST, DigiCert, Disig, eMudhra, Fastly, GlobalSign, GoDaddy, HARICA, IdenTrust, iTrusChina, JPRS, Kamu SM, Let’s Encrypt / ISRG, OISTE, SECOM, Sectigo, SwissSign, Telia Company, TrustAsia, TWCA, VikingCloud • 0 Issuers voting NO • 0 Issuers ABSTAIN Certificate Consumers 3 votes total, with no abstentions: • 3 Consumers voting YES: Apple, Google, Mozilla
June 27, 2024 by Iñigo BarreiraResults of Voting Certificate Issuers 25 votes total, with no abstentions: • 25 Issuers voting YES: Actalis, Buypass, Certum (Asseco), Chunghwa Telecom, D-TRUST, DigiCert, Disig, eMudhra, Fastly, GlobalSign, GoDaddy, HARICA, IdenTrust, iTrusChina, JPRS, Kamu SM, Let’s Encrypt / ISRG, OISTE, SECOM, Sectigo, SwissSign, Telia Company, TrustAsia, TWCA, VikingCloud • 0 Issuers voting NO • 0 Issuers ABSTAIN Certificate Consumers 3 votes total, with no abstentions: • 3 Consumers voting YES: Apple, Google, Mozilla
Ballot SC-73: Compromised and weak keys
June 7, 2024 by Iñigo BarreiraVoting Results Certificate Issuers 23 votes total, with no abstentions: 23 Issuers voting YES: Actalis, Certum (Asseco), CFCA, CommScope, D-TRUST, Disig, Entrust, Fastly, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, JPRS, Let’s Encrypt / ISRG, SECOM, Sectigo, SSL.com, SwissSign, Telia Company, TrustAsia, TWCA, VikingCloud 0 Issuers voting NO 0 Issuers ABSTAIN Certificate Consumers 1 votes total, with no abstentions: 1 Consumers voting YES: Mozilla 0 Consumers voting NO 0 Consumers ABSTAIN Bylaws Requirements Bylaw 2.
June 7, 2024 by Iñigo BarreiraVoting Results Certificate Issuers 23 votes total, with no abstentions: 23 Issuers voting YES: Actalis, Certum (Asseco), CFCA, CommScope, D-TRUST, Disig, Entrust, Fastly, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, JPRS, Let’s Encrypt / ISRG, SECOM, Sectigo, SSL.com, SwissSign, Telia Company, TrustAsia, TWCA, VikingCloud 0 Issuers voting NO 0 Issuers ABSTAIN Certificate Consumers 1 votes total, with no abstentions: 1 Consumers voting YES: Mozilla 0 Consumers voting NO 0 Consumers ABSTAIN Bylaws Requirements Bylaw 2.
2024-06-06 Minutes of the Server Certificate Working Group
June 6, 2024 by Iñigo BarreiraAttendance Aaron Gable - (Let’s Encrypt), Aaron Poulsen - (Amazon), Abdul Hakeem Putra - (MSC Trustgate Sdn Bhd), Adam Jones - (Microsoft), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Chad Dandar - (Cisco Systems), Chris Clements - (Google), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Gregory Tomko - (GlobalSign), Inaba Atsushi - (GlobalSign), Jaime Hablutzel - (OISTE Foundation), Janet Hines - (VikingCloud), Jos Purvis - (Fastly), Mads Henriksveen - (Buypass AS), Mahua Chaudhuri - (Microsoft), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Nate Smith - (GoDaddy), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Peter Miskovic - (Disig), Rebecca Kelly - (SSL.
June 6, 2024 by Iñigo BarreiraAttendance Aaron Gable - (Let’s Encrypt), Aaron Poulsen - (Amazon), Abdul Hakeem Putra - (MSC Trustgate Sdn Bhd), Adam Jones - (Microsoft), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Chad Dandar - (Cisco Systems), Chris Clements - (Google), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dean Coclin - (DigiCert), Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Dustin Hollenback - (Microsoft), Enrico Entschew - (D-TRUST), Gregory Tomko - (GlobalSign), Inaba Atsushi - (GlobalSign), Jaime Hablutzel - (OISTE Foundation), Janet Hines - (VikingCloud), Jos Purvis - (Fastly), Mads Henriksveen - (Buypass AS), Mahua Chaudhuri - (Microsoft), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Michelle Coon - (OATI), Nate Smith - (GoDaddy), Nicol So - (CommScope), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Peter Miskovic - (Disig), Rebecca Kelly - (SSL.
2024-06-05 Minutes of the S/MIME Certificate Working Group
June 5, 2024 by Stephen DavidsonMinutes of SMCWG June 5, 2024 These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller - (SwissSign), Andrea Holland - (VikingCloud), Andreas Henschel - (D-TRUST), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dimitris Zacharopoulos - (HARICA), Inaba Atsushi - (GlobalSign), Iñigo Barreira - (Sectigo), Janet Hines - (VikingCloud), Judith Spencer - (CertiPath), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Mrugesh Chandarana - (IdenTrust), Pedro Fuentes - (OISTE Foundation), Rebecca Kelly - (SSL.
June 5, 2024 by Stephen DavidsonMinutes of SMCWG June 5, 2024 These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Adrian Mueller - (SwissSign), Andrea Holland - (VikingCloud), Andreas Henschel - (D-TRUST), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dimitris Zacharopoulos - (HARICA), Inaba Atsushi - (GlobalSign), Iñigo Barreira - (Sectigo), Janet Hines - (VikingCloud), Judith Spencer - (CertiPath), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Mrugesh Chandarana - (IdenTrust), Pedro Fuentes - (OISTE Foundation), Rebecca Kelly - (SSL.
2024-05-30 Minutes of the S/MIME Certificate Working Group
May 30, 2024 by Stephen DavidsonMinutes of SMCWG May 30, 2024 Bergamo F2F #62 These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Aaron Poulsen - (Amazon), Adrian Mueller - (SwissSign), Adriano Santoni - (Actalis S.p.A.), Andrea Holland - (VikingCloud), Andreas Henschel - (D-TRUST), Antti Backman - (Telia Company), An Yin - (iTrusChina), Arvid Vermote - (GlobalSign), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Christophe Bonjean - (GlobalSign), Chya-Hung Tsai - (TWCA), Clemens Wanko - (ACAB Council), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dave Chin - (CPA Canada/WebTrust), Dean Coclin - (DigiCert), Doug Beattie - (GlobalSign), Eva Vansteenberge - (GlobalSign), Inaba Atsushi - (GlobalSign), Iñigo Barreira - (Sectigo), Janet Hines - (VikingCloud), John Sarapata - (Google), Josselin Allemandou - (Certigna (DHIMYOTIS)), Jozef Nigut - (Disig), Kateryna Aleksieieva - (Asseco Data Systems SA (Certum)), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Nargis Mannan - (VikingCloud), Nick France - (Sectigo), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Peter Miskovic - (Disig), Raffaela Achermann - (SwissSign), Rebecca Kelly - (SSL.
May 30, 2024 by Stephen DavidsonMinutes of SMCWG May 30, 2024 Bergamo F2F #62 These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Aaron Poulsen - (Amazon), Adrian Mueller - (SwissSign), Adriano Santoni - (Actalis S.p.A.), Andrea Holland - (VikingCloud), Andreas Henschel - (D-TRUST), Antti Backman - (Telia Company), An Yin - (iTrusChina), Arvid Vermote - (GlobalSign), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Christophe Bonjean - (GlobalSign), Chya-Hung Tsai - (TWCA), Clemens Wanko - (ACAB Council), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dave Chin - (CPA Canada/WebTrust), Dean Coclin - (DigiCert), Doug Beattie - (GlobalSign), Eva Vansteenberge - (GlobalSign), Inaba Atsushi - (GlobalSign), Iñigo Barreira - (Sectigo), Janet Hines - (VikingCloud), John Sarapata - (Google), Josselin Allemandou - (Certigna (DHIMYOTIS)), Jozef Nigut - (Disig), Kateryna Aleksieieva - (Asseco Data Systems SA (Certum)), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Nargis Mannan - (VikingCloud), Nick France - (Sectigo), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Peter Miskovic - (Disig), Raffaela Achermann - (SwissSign), Rebecca Kelly - (SSL.
Ballot CSC-24 - Timestamping Private Key Protection
May 29, 2024 by Corey BonnellResults of Voting Yes No Abstain Certificate Issuers DigiCert, Entrust, Globalsign, HARICA, IdenTrust, Sectigo Certificate Consumers There were not enough Certificate Consumer votes to pass the ballot. Therefore, the ballot FAILS. Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to:
May 29, 2024 by Corey BonnellResults of Voting Yes No Abstain Certificate Issuers DigiCert, Entrust, Globalsign, HARICA, IdenTrust, Sectigo Certificate Consumers There were not enough Certificate Consumer votes to pass the ballot. Therefore, the ballot FAILS. Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to:
Ballot SMC07: Align Logging Requirement and Key Escrow clarification
May 24, 2024 by Stephen DavidsonIPR Review of Ballot SMC07: Align Logging Requirement and Key Escrow clarification This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This 30-day Review Period is for the Final Maintenance Guideline that is attached to this Review Notice. Ballot for Review: Ballot SMC07, redline at https://cabforum.org/posts/2024/2024-06-12-SMCWG-ballot-SMC07/CA-Browser-Forum-SMIMEBR-1.0.5-redline.pdf Start of Review Period: June 12, 2024 End of Review Period: 2359 UTC on July 12, 2024
May 24, 2024 by Stephen DavidsonIPR Review of Ballot SMC07: Align Logging Requirement and Key Escrow clarification This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This 30-day Review Period is for the Final Maintenance Guideline that is attached to this Review Notice. Ballot for Review: Ballot SMC07, redline at https://cabforum.org/posts/2024/2024-06-12-SMCWG-ballot-SMC07/CA-Browser-Forum-SMIMEBR-1.0.5-redline.pdf Start of Review Period: June 12, 2024 End of Review Period: 2359 UTC on July 12, 2024
2024-05-16 Minutes of the Code Signing Certificate Working Group
May 16, 2024 by Corey BonnellAttendees Atsushi INABA - GlobalSign, Ben Dewberry -Keyfactor, Brian Winters - IdenTrust, Brianca Martin - Amazon, Bruce Morton - Entrust, Corey Bonnell-Digicert, Dean Coclin-DigiCert, Dimitris Zacharopoulos - HARICA, Martijn Katerbarg - Sectigo, Mohit Kumar - GlobalSign, Richard Kisley (Guest), Scott Rea - eMudhra Minutes Antitrust statement was read. Meeting Minutes of 2nd-May-24 approved. Following Ballots were discussed. Removing EV Guidelines References: Dimitris removed the Organization Identifier requirements from the updates that had objection from the group.
May 16, 2024 by Corey BonnellAttendees Atsushi INABA - GlobalSign, Ben Dewberry -Keyfactor, Brian Winters - IdenTrust, Brianca Martin - Amazon, Bruce Morton - Entrust, Corey Bonnell-Digicert, Dean Coclin-DigiCert, Dimitris Zacharopoulos - HARICA, Martijn Katerbarg - Sectigo, Mohit Kumar - GlobalSign, Richard Kisley (Guest), Scott Rea - eMudhra Minutes Antitrust statement was read. Meeting Minutes of 2nd-May-24 approved. Following Ballots were discussed. Removing EV Guidelines References: Dimitris removed the Organization Identifier requirements from the updates that had objection from the group.
2024-05-09 Minutes of the Server Certificate Working Group
May 9, 2024 by Iñigo BarreiraAttendance Aaron Gable - (Let’s Encrypt), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Adriano Santoni - (Actalis S.p.A.), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Brittany Randall - (GoDaddy), Bruce Morton - (Entrust), Chad Dandar - (Cisco Systems), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dimitris Zacharopoulos - (HARICA), Dong Wha Shin - (MOIS (Ministry of Interior and Safety) of the republic of Korea), Doug Beattie - (GlobalSign), Enrico Entschew - (D-TRUST), Georgy Sebastian - (Amazon), Gregory Tomko - (GlobalSign), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Jaime Hablutzel - (OISTE Foundation), Johnny Reading - (GoDaddy), Jos Purvis - (Fastly), Keshava Nagaraju - (eMudhra), Kiran Tummala - (Microsoft), Luis Cervantes - (GoDaddy), Mads Henriksveen - (Buypass AS), Marco Schambach - (IdenTrust), Michelle Coon - (OATI), Miguel Sanchez - (Google), Mrugesh Chandarana - (IdenTrust), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Naveen Kumar - (eMudhra), Nicol So - (CommScope), Nome Huang - (TrustAsia), Rebecca Kelly - (SSL.
May 9, 2024 by Iñigo BarreiraAttendance Aaron Gable - (Let’s Encrypt), Abhishek Bhat - (eMudhra), Adam Jones - (Microsoft), Adriano Santoni - (Actalis S.p.A.), Andrea Holland - (VikingCloud), Ben Wilson - (Mozilla), Brianca Martin - (Amazon), Brittany Randall - (GoDaddy), Bruce Morton - (Entrust), Chad Dandar - (Cisco Systems), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Corey Rasmussen - (OATI), Dimitris Zacharopoulos - (HARICA), Dong Wha Shin - (MOIS (Ministry of Interior and Safety) of the republic of Korea), Doug Beattie - (GlobalSign), Enrico Entschew - (D-TRUST), Georgy Sebastian - (Amazon), Gregory Tomko - (GlobalSign), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Jaime Hablutzel - (OISTE Foundation), Johnny Reading - (GoDaddy), Jos Purvis - (Fastly), Keshava Nagaraju - (eMudhra), Kiran Tummala - (Microsoft), Luis Cervantes - (GoDaddy), Mads Henriksveen - (Buypass AS), Marco Schambach - (IdenTrust), Michelle Coon - (OATI), Miguel Sanchez - (Google), Mrugesh Chandarana - (IdenTrust), Nargis Mannan - (VikingCloud), Nate Smith - (GoDaddy), Naveen Kumar - (eMudhra), Nicol So - (CommScope), Nome Huang - (TrustAsia), Rebecca Kelly - (SSL.
2024-05-08 Minutes of the S/MIME Certificate Working Group
May 8, 2024 by Stephen DavidsonMinutes of SMCWG May 8, 2024 These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Abhishek Bhat - (eMudhra), Adriano Santoni - (Actalis S.p.A.), Aggie Wang - (TrustAsia), Andrea Holland - (VikingCloud), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dimitris Zacharopoulos - (HARICA), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Janet Hines - (VikingCloud), Judith Spencer - (CertiPath), Keshava Nagaraju - (eMudhra), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Morad Abou Nasser - (TeleTrust), Mrugesh Chandarana - (IdenTrust), Nome Huang - (TrustAsia), Rebecca Kelly - (SSL.
May 8, 2024 by Stephen DavidsonMinutes of SMCWG May 8, 2024 These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. Attendees Abhishek Bhat - (eMudhra), Adriano Santoni - (Actalis S.p.A.), Aggie Wang - (TrustAsia), Andrea Holland - (VikingCloud), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dimitris Zacharopoulos - (HARICA), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Janet Hines - (VikingCloud), Judith Spencer - (CertiPath), Keshava Nagaraju - (eMudhra), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Morad Abou Nasser - (TeleTrust), Mrugesh Chandarana - (IdenTrust), Nome Huang - (TrustAsia), Rebecca Kelly - (SSL.