CA/Browser Forum posts
Ballot 146 – Convert Baseline Requirements to RFC 3647 Framework
April 16, 2015 by Ben WilsonBallot 146 – Convert Baseline Requirements to RFC 3647 Framework Voting has closed on Ballot 146, “Convert Baseline Requirements”
April 16, 2015 by Ben WilsonBallot 146 – Convert Baseline Requirements to RFC 3647 Framework Voting has closed on Ballot 146, “Convert Baseline Requirements”
2015-04-02 Minutes
April 2, 2015 by Ben WilsonMinutes of CA-Browser Forum Meeting – 2 April 2015 Attendees: Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Bruce Morton (Entrust), Burak Kalkan (TurkTrust), Davut Tokgöz (e-Tugra), Doug Beattie (Globalsign), Eddy Nigg (Startcom), Gervase Markham (Mozilla), Jeremy Rowley (Digicert), Kirk Hall (Trend Micro), Moudrick Dadashov (SSC), Patrick Tronnier (OATI), Rick Andrews (Symantec), Ryan Sleevi (Google), Wayne Thayer (GoDaddy).
April 2, 2015 by Ben WilsonMinutes of CA-Browser Forum Meeting – 2 April 2015 Attendees: Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Bruce Morton (Entrust), Burak Kalkan (TurkTrust), Davut Tokgöz (e-Tugra), Doug Beattie (Globalsign), Eddy Nigg (Startcom), Gervase Markham (Mozilla), Jeremy Rowley (Digicert), Kirk Hall (Trend Micro), Moudrick Dadashov (SSC), Patrick Tronnier (OATI), Rick Andrews (Symantec), Ryan Sleevi (Google), Wayne Thayer (GoDaddy).
Ballot 148 – Issuer Field Correction
April 2, 2015 by Ben WilsonVoting on Ballot 148, Issuer Field Correction, closed on 2 April 2015. We received 13 YES votes from CAs, 0 NO votes and 0 Abstentions We received 1 YES vote from Browsers, 0 NO votes and 0 Abstentions Therefore the ballot passes. Several votes were received after the ballot closed and were not counted. Full details are on the ballot tracking wiki. Ballot 148 resulted in the adoption of BRv1.2.5
April 2, 2015 by Ben WilsonVoting on Ballot 148, Issuer Field Correction, closed on 2 April 2015. We received 13 YES votes from CAs, 0 NO votes and 0 Abstentions We received 1 YES vote from Browsers, 0 NO votes and 0 Abstentions Therefore the ballot passes. Several votes were received after the ballot closed and were not counted. Full details are on the ballot tracking wiki. Ballot 148 resulted in the adoption of BRv1.2.5
2015-03-19 Minutes
March 19, 2015 by Ben WilsonMinutes of March 19th CA/B Forum Meeting Attendees: Dean Coclin (Symantec), Tyler Myers (GoDaddy), Tim Shirley (Trustwave), Doug Beattie (GlobalSign), Patrick Tronnier (OATI), Kirk Hall (Trend Micro), Ben Wilson (DigiCert), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Billy VanCannon (Trustwave), Tim Hollebeek (Trustwave), Atilla Biler (TurkTrust), Volkan Nergiz (TurkTrust), Eddy Nigg (Startcom), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Wayne Thayer (GoDaddy), Burak Kalkan (TurkTrust), Tyrone Welsh (Trustis), Ryan Sleevi (Google), Mat Caughron (Apple).
March 19, 2015 by Ben WilsonMinutes of March 19th CA/B Forum Meeting Attendees: Dean Coclin (Symantec), Tyler Myers (GoDaddy), Tim Shirley (Trustwave), Doug Beattie (GlobalSign), Patrick Tronnier (OATI), Kirk Hall (Trend Micro), Ben Wilson (DigiCert), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Billy VanCannon (Trustwave), Tim Hollebeek (Trustwave), Atilla Biler (TurkTrust), Volkan Nergiz (TurkTrust), Eddy Nigg (Startcom), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Wayne Thayer (GoDaddy), Burak Kalkan (TurkTrust), Tyrone Welsh (Trustis), Ryan Sleevi (Google), Mat Caughron (Apple).
Minutes of the F2F 34 Meeting in Cupertino, California, 10-12 March 2015
March 11, 2015 by Ben WilsonMeeting 34 Minutes Attending at various times over 3 days: Dean Coclin (Symantec), Kirk Hall (Trend Micro), Wayne Thayer (GoDaddy), Robin Alden (Comodo), Michael Whittam (Comodo), Arno Fiedler (representing ETSI), Iñigo Barreira (IZENPE), Rashmi Tabada (Symantec), Tim Hollebeek (Trustwave), Li-Chun Chen (Chunghwa Telecom), Doug Beattie (Globalsign), Atsushi Inaba (Globalsign), Robert Ikeoka (E&Y), Ryan Sleevi (Google), Billy VanCannon (Trustwave), Bruce Morton (Entrust), Gervase Markham (Mozilla), Richard Barnes (Mozilla), Moudrick Dadashov (SSC), Cecilia Kam (Symantec), Jeremy Rowley (Digicert), Ben Wilson (Digicert), Rick Andrews (Symantec), Stephen Davidson (QuoVadis), Richard Wang (WoSign), Mat Caughron (Apple), John Wilander (Apple), Don Sheehy (representing WebTrust), Jeff Ward (representing WebTrust), Kathleen Wilson (Mozilla), Stephen Hillier (Trend Micro), Chris Bailey (Trend Micro), John Noll (Apple), Gigi Wang (Apple), Curt Spann (Apple), Anoosh Saboori (Microsoft), Deron O’Brien (Apple)
March 11, 2015 by Ben WilsonMeeting 34 Minutes Attending at various times over 3 days: Dean Coclin (Symantec), Kirk Hall (Trend Micro), Wayne Thayer (GoDaddy), Robin Alden (Comodo), Michael Whittam (Comodo), Arno Fiedler (representing ETSI), Iñigo Barreira (IZENPE), Rashmi Tabada (Symantec), Tim Hollebeek (Trustwave), Li-Chun Chen (Chunghwa Telecom), Doug Beattie (Globalsign), Atsushi Inaba (Globalsign), Robert Ikeoka (E&Y), Ryan Sleevi (Google), Billy VanCannon (Trustwave), Bruce Morton (Entrust), Gervase Markham (Mozilla), Richard Barnes (Mozilla), Moudrick Dadashov (SSC), Cecilia Kam (Symantec), Jeremy Rowley (Digicert), Ben Wilson (Digicert), Rick Andrews (Symantec), Stephen Davidson (QuoVadis), Richard Wang (WoSign), Mat Caughron (Apple), John Wilander (Apple), Don Sheehy (representing WebTrust), Jeff Ward (representing WebTrust), Kathleen Wilson (Mozilla), Stephen Hillier (Trend Micro), Chris Bailey (Trend Micro), John Noll (Apple), Gigi Wang (Apple), Curt Spann (Apple), Anoosh Saboori (Microsoft), Deron O’Brien (Apple)
2015-03-05 Minutes
March 5, 2015 by Ben WilsonMinutes of March 5, 2015 Attendees: Dean Coclin (Symantec), Doug Beattie (GlobalSign), Kirk Hall (Trend Micro), Bruce Morton (Entrust), Rick Andrews (Symantec), Ben Wilson (DigiCert), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Billy VanCannon (Trustwave), Chris (didn’t catch last name) (Trustwave), Tim Hollebeek (Trustwave), Cornelia Enke (SwissSign), Atilla Biler (TurkTrust), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Kubra Zeray (TurkTrust), Burak Kalkan (TurkTrust), Cecilia Kam (Symantec), Jody Cloutier (Microsoft), Anoosh Saboori (Microsoft), Ryan Sleevi (Google)
March 5, 2015 by Ben WilsonMinutes of March 5, 2015 Attendees: Dean Coclin (Symantec), Doug Beattie (GlobalSign), Kirk Hall (Trend Micro), Bruce Morton (Entrust), Rick Andrews (Symantec), Ben Wilson (DigiCert), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Billy VanCannon (Trustwave), Chris (didn’t catch last name) (Trustwave), Tim Hollebeek (Trustwave), Cornelia Enke (SwissSign), Atilla Biler (TurkTrust), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Kubra Zeray (TurkTrust), Burak Kalkan (TurkTrust), Cecilia Kam (Symantec), Jody Cloutier (Microsoft), Anoosh Saboori (Microsoft), Ryan Sleevi (Google)
2015-02-19 Minutes
February 19, 2015 by Ben WilsonAttendees: Dean Coclin (Symantec), Doug Beattie (GlobalSign), Kirk Hall (Trend Micro), Bruce Morton (Entrust), Rick Andrews (Symantec), Ben Wilson (DigiCert), Eddy Nigg (Startcom), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Tim Shirley (Trustwave), Wayne Thayer (GoDaddy), Cornelia Enke (SwissSign), Atilla Biler (TurkTrust), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Sissel Hoel (BuyPass), Kubra Zeray (TurkTrust), Davut Tokgöz (E-Tugra), Cecilia Kam (Symantec). Antitrust Statement was read. Minutes of Feb 5th meeting were approved. Ben to post to website Ballot Status: Ballots 143 and 144 were approved. Ben will update the website to reflect the new working group name. Ballot 144 requires changes to the EV Guidelines which Jeremy will amend and update. There were a large number of abstentions on ballot 144. Jeremy said that many people may have used that to help the ballot meet quorum and that they didn’t have a strong interest in the ballot. IPv6: Ryan put out a draft ballot on this topic. Dean sent out the results of a survey of CASC members on this topic which Gerv said was very useful. Gerv said it would be good for the Internet for the Forum to support IPv6 and that the ballot provides a generous amount of time to do this. Jeremy said some CAs use a CDN and that may not support IPv6. Wayne updated the group stating that GoDaddy can now support it. Rick stated that for the sake of a complete argument, why not let market forces control this? Let people choose a CA that supports it if they want. Gerv said that doesn’t work because a user or third party doesn’t have that choice. Rick said most browsers don’t fail on OCSP failure so it’s not blocking anything. Membership Application of TrustCor Systems: The Forum received an application for membership from this entity. They have a WebTrust report from Princeton Audit Group which stated they are not actively issuing certificates yet. Dean sent the applicant a note asking for a site that uses one of their certs. He also sent a note to Don Sheehy about the auditor qualifications. Kirk asked if they have a BR audit which Dean will ask the applicant. Kirk suggested that if they don’t fully qualify, they could be granted observer status. Wayne asked if we should update the membership rules to require a BR audit. Jeremy agreed that this should be updated and that when we do a bylaw update, this should be undertaken. Wayne also said that everyone on the Management list is also on the Questions list. New Ballots: Operational Existence (145) and pre-ballot Domain Validation (146). Cecilia and Kirk said that the EV Working group proposed ballot 145 for Government entity purposes. Discussion period for 145 starts today. Ballot 146 is a proposal to eliminate the “any other method (7)” for domain validation. Jeremy said they are soliciting comments and should have a proposal ready by the face to face meeting. Kirk encouraged others to bring forward any other verification methods for domain validation. Jeremy said there is another ballot coming forward on using attorney opinion letters for legal existence. This should be out before the face to face meeting. Working group publicity: To date, the working group mailing lists have not been public. The bylaws state (in one place) that minutes and agendas of working groups should be made public and (in another place) that the lists should be managed in the same fashion as the public list. Gerv said that some working groups weren’t public because they were in existence before the bylaws. But we should make the archives publicly accessible. Wayne said we can publish the URL to subscribe to the list. Gerv said that when groups are re-chartered, we should create a new list to not violate anyone’s expectation of privacy from the old list. Regarding the new Validation Working Group, Gerv suggested we re-subscribe all the old members to the new list and state that it would be made public. It has to be clear that active participation is limited to those that have signed the IPR. EV WG update: Per #6 above. Code Signing update: Public draft of BR issued. Some comments received which the working group will address before the face to face meeting. Policy Review WG: A ballot will be proposed for the reconfiguration of the BRs to RFC 3647 format. Info Sharing WG: Hasn’t met in a while but needs to get back together soon. Members have had conflicts during the meeting time. Any other business: Kirk said we have 32 members coming to the F2F meeting. Send agenda items to Dean. Next meeting will be March 5th. Dean Coclin CA/B Forum Chair
February 19, 2015 by Ben WilsonAttendees: Dean Coclin (Symantec), Doug Beattie (GlobalSign), Kirk Hall (Trend Micro), Bruce Morton (Entrust), Rick Andrews (Symantec), Ben Wilson (DigiCert), Eddy Nigg (Startcom), Volkan Nergiz (TurkTrust), Robin Alden (Comodo), Mads Henriksveen (BuyPass), Tim Shirley (Trustwave), Wayne Thayer (GoDaddy), Cornelia Enke (SwissSign), Atilla Biler (TurkTrust), Gerv Markham (Mozilla), Jeremy Rowley (DigiCert), Atsushi Inaba (GlobalSign), Sissel Hoel (BuyPass), Kubra Zeray (TurkTrust), Davut Tokgöz (E-Tugra), Cecilia Kam (Symantec). Antitrust Statement was read. Minutes of Feb 5th meeting were approved. Ben to post to website Ballot Status: Ballots 143 and 144 were approved. Ben will update the website to reflect the new working group name. Ballot 144 requires changes to the EV Guidelines which Jeremy will amend and update. There were a large number of abstentions on ballot 144. Jeremy said that many people may have used that to help the ballot meet quorum and that they didn’t have a strong interest in the ballot. IPv6: Ryan put out a draft ballot on this topic. Dean sent out the results of a survey of CASC members on this topic which Gerv said was very useful. Gerv said it would be good for the Internet for the Forum to support IPv6 and that the ballot provides a generous amount of time to do this. Jeremy said some CAs use a CDN and that may not support IPv6. Wayne updated the group stating that GoDaddy can now support it. Rick stated that for the sake of a complete argument, why not let market forces control this? Let people choose a CA that supports it if they want. Gerv said that doesn’t work because a user or third party doesn’t have that choice. Rick said most browsers don’t fail on OCSP failure so it’s not blocking anything. Membership Application of TrustCor Systems: The Forum received an application for membership from this entity. They have a WebTrust report from Princeton Audit Group which stated they are not actively issuing certificates yet. Dean sent the applicant a note asking for a site that uses one of their certs. He also sent a note to Don Sheehy about the auditor qualifications. Kirk asked if they have a BR audit which Dean will ask the applicant. Kirk suggested that if they don’t fully qualify, they could be granted observer status. Wayne asked if we should update the membership rules to require a BR audit. Jeremy agreed that this should be updated and that when we do a bylaw update, this should be undertaken. Wayne also said that everyone on the Management list is also on the Questions list. New Ballots: Operational Existence (145) and pre-ballot Domain Validation (146). Cecilia and Kirk said that the EV Working group proposed ballot 145 for Government entity purposes. Discussion period for 145 starts today. Ballot 146 is a proposal to eliminate the “any other method (7)” for domain validation. Jeremy said they are soliciting comments and should have a proposal ready by the face to face meeting. Kirk encouraged others to bring forward any other verification methods for domain validation. Jeremy said there is another ballot coming forward on using attorney opinion letters for legal existence. This should be out before the face to face meeting. Working group publicity: To date, the working group mailing lists have not been public. The bylaws state (in one place) that minutes and agendas of working groups should be made public and (in another place) that the lists should be managed in the same fashion as the public list. Gerv said that some working groups weren’t public because they were in existence before the bylaws. But we should make the archives publicly accessible. Wayne said we can publish the URL to subscribe to the list. Gerv said that when groups are re-chartered, we should create a new list to not violate anyone’s expectation of privacy from the old list. Regarding the new Validation Working Group, Gerv suggested we re-subscribe all the old members to the new list and state that it would be made public. It has to be clear that active participation is limited to those that have signed the IPR. EV WG update: Per #6 above. Code Signing update: Public draft of BR issued. Some comments received which the working group will address before the face to face meeting. Policy Review WG: A ballot will be proposed for the reconfiguration of the BRs to RFC 3647 format. Info Sharing WG: Hasn’t met in a while but needs to get back together soon. Members have had conflicts during the meeting time. Any other business: Kirk said we have 32 members coming to the F2F meeting. Send agenda items to Dean. Next meeting will be March 5th. Dean Coclin CA/B Forum Chair
Ballot 145 – Operational Existence for Government Entities
February 19, 2015 by Ben WilsonBallot 145 – Operational Existence for Government Entities Reason Because government entities aren’t operating as businesses, they are often not listed with a QIIS, especially immediately after the entity is created by either statute or order. The legal existence of these entities is verifiable through a QGIS, but this source in many countries (especially Arabic and African countries) does not always list a date of creation of these entities. Operational existence exists to ensure organizations aren’t fly-by-night scams/phishing entities. With government entities, these same risks are not present as they are created directly by government action.
February 19, 2015 by Ben WilsonBallot 145 – Operational Existence for Government Entities Reason Because government entities aren’t operating as businesses, they are often not listed with a QIIS, especially immediately after the entity is created by either statute or order. The legal existence of these entities is verifiable through a QGIS, but this source in many countries (especially Arabic and African countries) does not always list a date of creation of these entities. Operational existence exists to ensure organizations aren’t fly-by-night scams/phishing entities. With government entities, these same risks are not present as they are created directly by government action.
Ballot 144 – Validation rules for .onion names
February 18, 2015 by Ben WilsonBallot 144 – Validation Rules for .onion Names – passed with 6 Yes votes, 2 No votes and 13 Abstentions from the CAs and 3 Yes votes from the browsers. Detailed results are on the Forum’s ballot tracker (Ballot Results – Vote Tally at the bottom of the Ballots page on the Forum’s wiki). Ballot 144 reads as follows: Applicants want a CA-signed .onion address for several reasons, including: – Powerful web platform features are restricted to secure origins, which are currently not available to onion names (in part, because of the lack of IANA registration). Permitting EV certs for onion names will help provide a secure origin for the service, moving onion towards use of powerful web platform features.
February 18, 2015 by Ben WilsonBallot 144 – Validation Rules for .onion Names – passed with 6 Yes votes, 2 No votes and 13 Abstentions from the CAs and 3 Yes votes from the browsers. Detailed results are on the Forum’s ballot tracker (Ballot Results – Vote Tally at the bottom of the Ballots page on the Forum’s wiki). Ballot 144 reads as follows: Applicants want a CA-signed .onion address for several reasons, including: – Powerful web platform features are restricted to secure origins, which are currently not available to onion names (in part, because of the lack of IANA registration). Permitting EV certs for onion names will help provide a secure origin for the service, moving onion towards use of powerful web platform features.
Ballot 143 – Formalization of Validation Working Group
February 18, 2015 by Ben WilsonBallot 143 – Formalization of Validation Working Group Reason In order to address validation issues and inconsistencies in both the SSL Baseline Requirements and the EV Guidelines, the CAB Forum has held an informal working group previously referred to as the Extended Validation Working Group now known as the Validation Working Group, would like to modify its scope to include validation in the Baseline Requirements as well as the EV Guidelines.
February 18, 2015 by Ben WilsonBallot 143 – Formalization of Validation Working Group Reason In order to address validation issues and inconsistencies in both the SSL Baseline Requirements and the EV Guidelines, the CAB Forum has held an informal working group previously referred to as the Extended Validation Working Group now known as the Validation Working Group, would like to modify its scope to include validation in the Baseline Requirements as well as the EV Guidelines.