CA/Browser Forum posts
Ballot 118 – SHA-1 Sunset (passed)
October 16, 2014 by Ben WilsonVoting on Ballot 118 – SHA-1 Sunset closed on 16 October 2014. The Chair received “yes” votes from Actalis, ANF, Buypass, Certinomis, Chunghwa Telecom, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, Google, Izenpe, Kamu Sertifikasyon Merkezi, Logius PKIoverheid, Microsoft, Mozilla, Opentrust, Opera, QuoVadis, SSC, StartCom, Symantec, Trend Micro, TURKTRUST, TWCA, and WoSign. SECOM Trust Systems voted no. There were no abstentions. Therefore, Ballot 118 passed. Kelvin Yiu of Microsoft made the following motion, and Kirk Hall from Trend Micro and Ryan Sleevi from Google have endorsed it.
October 16, 2014 by Ben WilsonVoting on Ballot 118 – SHA-1 Sunset closed on 16 October 2014. The Chair received “yes” votes from Actalis, ANF, Buypass, Certinomis, Chunghwa Telecom, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, Google, Izenpe, Kamu Sertifikasyon Merkezi, Logius PKIoverheid, Microsoft, Mozilla, Opentrust, Opera, QuoVadis, SSC, StartCom, Symantec, Trend Micro, TURKTRUST, TWCA, and WoSign. SECOM Trust Systems voted no. There were no abstentions. Therefore, Ballot 118 passed. Kelvin Yiu of Microsoft made the following motion, and Kirk Hall from Trend Micro and Ryan Sleevi from Google have endorsed it.
2014-10-16 Minutes
October 16, 2014 by Ben WilsonMinutes of CA/Browser Forum, 16 October 2014 Antitrust Statement was read. Roll Call: Aaron Kornblum, Atilla Biler, Ben Wilson, Dean Coclin, Atsushi Inaba, Phillip Hallam Baker, Doug Beattie, Eddy Nigg, Mads Henriksveen, Jeremy Rowley, Kelvin Yiu, Erwann Abalea, Robin Alden, Wayne Thayer, Tim Shirley, Gerv Markham, Patrick Tronnier and Tim Hollebeek Agenda reviewed. Minutes of 2 October 2014 were approved. Ballot Review. Ballot 136 – Dean Coclin of Symantec has been elected incoming Chair of the CA/B Forum. Dean and Ben will work together on the transition over the next few weeks. Please let Dean know if you would like to volunteer to help on any ongoing logistical items or CABF operations tasks.
October 16, 2014 by Ben WilsonMinutes of CA/Browser Forum, 16 October 2014 Antitrust Statement was read. Roll Call: Aaron Kornblum, Atilla Biler, Ben Wilson, Dean Coclin, Atsushi Inaba, Phillip Hallam Baker, Doug Beattie, Eddy Nigg, Mads Henriksveen, Jeremy Rowley, Kelvin Yiu, Erwann Abalea, Robin Alden, Wayne Thayer, Tim Shirley, Gerv Markham, Patrick Tronnier and Tim Hollebeek Agenda reviewed. Minutes of 2 October 2014 were approved. Ballot Review. Ballot 136 – Dean Coclin of Symantec has been elected incoming Chair of the CA/B Forum. Dean and Ben will work together on the transition over the next few weeks. Please let Dean know if you would like to volunteer to help on any ongoing logistical items or CABF operations tasks.
Ballot 136 – Chair Election
October 15, 2014 by Ben WilsonBallot 136 – Chair Election Voting on Ballot 136 – Chair Election closed on 15 October 2014.
October 15, 2014 by Ben WilsonBallot 136 – Chair Election Voting on Ballot 136 – Chair Election closed on 15 October 2014.
Ballot 125 – CAA Records (passed)
October 14, 2014 by Ben WilsonBallot 125 – CAA Records Voting on Ballot 125 – CAA Records closed on 14 October 2014.
October 14, 2014 by Ben WilsonBallot 125 – CAA Records Voting on Ballot 125 – CAA Records closed on 14 October 2014.
2014-10-02 Minutes
October 2, 2014 by Ben WilsonMinutes of CA/Browser Forum, 2 October 2014 1. Antitrust Statement was read.
October 2, 2014 by Ben WilsonMinutes of CA/Browser Forum, 2 October 2014 1. Antitrust Statement was read.
Minutes of the F2F 33 Meeting in Beijing, China, 16-18 September 2014
September 16, 2014 by Ben WilsonMeeting 33 – Beijing ChinaThe antitrust statement was read. Present: Annabel Lewis, Arno Fiedler, Atilla Biler, Atsushi Inaba, Ben Wilson, Blues Lin, Bruce Morton, Cecilia Kam, Chris Bailey, Cui Jiu Qiang, David Chen, Dean Coclin, Don Sheehy, Doug Beattie, Gervase Markham, Haochun Li, Iñigo Barreira, Jeremy Rowley, John Johansen, Kirk Hall, Li-Chun Chen, Moudrick Dadashov, Patricia Forsyth, Richard Wang, Rick Andrews, Ryan Sleevi (by telephone), Tom Albertson, Wayne Thayer, Hanrui Gao (Day 2)
September 16, 2014 by Ben WilsonMeeting 33 – Beijing ChinaThe antitrust statement was read. Present: Annabel Lewis, Arno Fiedler, Atilla Biler, Atsushi Inaba, Ben Wilson, Blues Lin, Bruce Morton, Cecilia Kam, Chris Bailey, Cui Jiu Qiang, David Chen, Dean Coclin, Don Sheehy, Doug Beattie, Gervase Markham, Haochun Li, Iñigo Barreira, Jeremy Rowley, John Johansen, Kirk Hall, Li-Chun Chen, Moudrick Dadashov, Patricia Forsyth, Richard Wang, Rick Andrews, Ryan Sleevi (by telephone), Tom Albertson, Wayne Thayer, Hanrui Gao (Day 2)
Ballot 132 – EV Code Signing Timestamp Validity Period (passed)
September 16, 2014 by Ben WilsonVoting on Ballot 132 (amending the EV Code Signing Timestamp Validity Period) closed 16 September 2014. Voting in favor were: Actalis, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, Symantec, Trend Micro, WoSign, ANF, Certum, Mozilla and Microsoft. There were no votes against and no abstentions. Therefore, Ballot 132 passed. Ballot 132 – EV Code Signing Timestamp Validity Period Rationale for Ballot 132 Ideally, TSA services should be consistent across the multiple services that rely on them (Code Signing, EV Code Signing, AATLs, etc.)
September 16, 2014 by Ben WilsonVoting on Ballot 132 (amending the EV Code Signing Timestamp Validity Period) closed 16 September 2014. Voting in favor were: Actalis, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, Symantec, Trend Micro, WoSign, ANF, Certum, Mozilla and Microsoft. There were no votes against and no abstentions. Therefore, Ballot 132 passed. Ballot 132 – EV Code Signing Timestamp Validity Period Rationale for Ballot 132 Ideally, TSA services should be consistent across the multiple services that rely on them (Code Signing, EV Code Signing, AATLs, etc.)
Ballot 131 – Update to Verified Method of Communication (passed)
September 12, 2014 by Ben WilsonVoting on Ballot 131 (Update to Verified Method of Communication) closed last Friday. Voting in favor were: Actalis, Buypass, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustwave, Trustis, TURKTRUST, WoSign and Mozilla. There were no votes against and no abstentions. Therefore, Ballot 131 passed. Ballot 131 – Update to Verified Method of Communication The EV Guidelines Working Group has revisited Section 11.4 of the EV Guidelines (Applicant’s Physical Existence) and has decided that it is best to split it into two separate sections. Section 11.4.1 would remain as is for “Address of Applicant’s Place of Business.” Section 11.4.2 would be moved to its own section–a new 11.5, and all subsequent section numbers in 11 would be renumbered accordingly. The new Section 11.5 will focus on a verified means for communicating with the organization to be named as the subject in the certificate (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request).
September 12, 2014 by Ben WilsonVoting on Ballot 131 (Update to Verified Method of Communication) closed last Friday. Voting in favor were: Actalis, Buypass, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustwave, Trustis, TURKTRUST, WoSign and Mozilla. There were no votes against and no abstentions. Therefore, Ballot 131 passed. Ballot 131 – Update to Verified Method of Communication The EV Guidelines Working Group has revisited Section 11.4 of the EV Guidelines (Applicant’s Physical Existence) and has decided that it is best to split it into two separate sections. Section 11.4.1 would remain as is for “Address of Applicant’s Place of Business.” Section 11.4.2 would be moved to its own section–a new 11.5, and all subsequent section numbers in 11 would be renumbered accordingly. The new Section 11.5 will focus on a verified means for communicating with the organization to be named as the subject in the certificate (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request).
2014-09-04 Minutes
September 4, 2014 by Ben WilsonMinutes of CA/B Forum Teleconference – 4 Sept. 2014 1. Antitrust Statement: Read.
September 4, 2014 by Ben WilsonMinutes of CA/B Forum Teleconference – 4 Sept. 2014 1. Antitrust Statement: Read.
CA/Browser Forum Releases Code Signing Baseline Requirements Public Comment Draft
August 25, 2014 by Ben WilsonIn 2013, the CA/Browser Forum voted to create a Code Signing Working Group whose sole purpose was to come up with a set of Baseline Requirements for the issuance of Code Signing Certificates. The result of that effort is the: Baseline Requirements for Code Signing Certificates, Public Comment Draft (doc) Baseline Requirements for Code Signing Certificates, Public Comment Draft (pdf) Once approved by the CA/B Forum and subsequent audit standards are created, all Certificate Authorities will be obligated to follow these Requirements when issuing and managing code signing certificates.
August 25, 2014 by Ben WilsonIn 2013, the CA/Browser Forum voted to create a Code Signing Working Group whose sole purpose was to come up with a set of Baseline Requirements for the issuance of Code Signing Certificates. The result of that effort is the: Baseline Requirements for Code Signing Certificates, Public Comment Draft (doc) Baseline Requirements for Code Signing Certificates, Public Comment Draft (pdf) Once approved by the CA/B Forum and subsequent audit standards are created, all Certificate Authorities will be obligated to follow these Requirements when issuing and managing code signing certificates.