CA/Browser Forum posts
Ballot 126 – Operational Existence (passed)
July 24, 2014 by Ben WilsonVoting on Ballot 126 closed on 24 July 2014. Voting in favor were Comodo, DigiCert, Network Solutions, QuoVadis, Symantec, Trend Micro, WoSign, and Mozilla. Visa abstained. Quorum was met and Ballot 126 passed, resulting in EV SSL Certificate Guidelines Version 1.5.0. Ballot 126 – Operational Existence Jeremy Rowley of Digicert made the following motion and Cecilia Kam of Symantec and Doug Beattie of GlobalSign have endorsed it:
July 24, 2014 by Ben WilsonVoting on Ballot 126 closed on 24 July 2014. Voting in favor were Comodo, DigiCert, Network Solutions, QuoVadis, Symantec, Trend Micro, WoSign, and Mozilla. Visa abstained. Quorum was met and Ballot 126 passed, resulting in EV SSL Certificate Guidelines Version 1.5.0. Ballot 126 – Operational Existence Jeremy Rowley of Digicert made the following motion and Cecilia Kam of Symantec and Doug Beattie of GlobalSign have endorsed it:
Baseline Requirements 1.1.7 and 1.1.8 Re-Posted
July 22, 2014 by Ben WilsonA couple of formatting errors were identified in the Baseline Requirements, and versions 1.1.7 and 1.1.8 have been replaced with corrected versions. Appendix A in versions prior to version 1.1.7 had parts of RSA public key exponent requirements as superscript. It should have read: “The CA SHALL confirm that the value of the public exponent is an odd number equal to 3 or more. Additionally, the public exponent SHOULD be in the range between 216+1 and 2256-1.” That is corrected in version 1.1.7. Also, versions 1.1.7 and 1.1.8 had combined the text at the end of section 11.1.4 as part of the title of section 11.2. That has been corrected in those two versions.
July 22, 2014 by Ben WilsonA couple of formatting errors were identified in the Baseline Requirements, and versions 1.1.7 and 1.1.8 have been replaced with corrected versions. Appendix A in versions prior to version 1.1.7 had parts of RSA public key exponent requirements as superscript. It should have read: “The CA SHALL confirm that the value of the public exponent is an odd number equal to 3 or more. Additionally, the public exponent SHOULD be in the range between 216+1 and 2256-1.” That is corrected in version 1.1.7. Also, versions 1.1.7 and 1.1.8 had combined the text at the end of section 11.1.4 as part of the title of section 11.2. That has been corrected in those two versions.
Ballot 127 – Verification of Agency in EV Guidelines 11.7.2 (passes)
July 17, 2014 by Ben WilsonVoting on Ballot 127 We received Yes votes from Actalis, Buypass, DigiCert, GlobalSign, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM, Symantec, Trend Micro, Trustwave, TurkTrust, WoSign, and Mozilla.
July 17, 2014 by Ben WilsonVoting on Ballot 127 We received Yes votes from Actalis, Buypass, DigiCert, GlobalSign, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM, Symantec, Trend Micro, Trustwave, TurkTrust, WoSign, and Mozilla.
2014-07-10 Minutes
July 10, 2014 by Ben WilsonMinutes of Teleconference held Thursday, 10 July 2014 Antitrust Statement: Read by Ben.
July 10, 2014 by Ben WilsonMinutes of Teleconference held Thursday, 10 July 2014 Antitrust Statement: Read by Ben.
Ballot 128 – CP Review Working Group (passes)
July 9, 2014 by Ben WilsonVoting closed on July 9, 2014. In Favor: Buypass, DigiCert, GlobalSign, OPENTRUST, QuoVadis, SECOM, Symantec, Trend Micro, TURKTRUST, WoSign, Opera, Mozilla and Microsoft. Abstaining: Actalis Result: Ballot passes. Ballot 128 – CP Review Working Group During the CAB Forum face-to-face meeting, we discussed creating a working group to compare the NIST IR proposal and various with the existing CAB Forum work product. The group will also continue our contemplation on converting to a 3647 format to make future comparisons easier.
July 9, 2014 by Ben WilsonVoting closed on July 9, 2014. In Favor: Buypass, DigiCert, GlobalSign, OPENTRUST, QuoVadis, SECOM, Symantec, Trend Micro, TURKTRUST, WoSign, Opera, Mozilla and Microsoft. Abstaining: Actalis Result: Ballot passes. Ballot 128 – CP Review Working Group During the CAB Forum face-to-face meeting, we discussed creating a working group to compare the NIST IR proposal and various with the existing CAB Forum work product. The group will also continue our contemplation on converting to a 3647 format to make future comparisons easier.
Notice of IPR Review Period for Amendment to the EV Code Signing Guidelines by Ballot 117
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Code Signing Guidelines by Ballot 117. Ballot 117 clarified what is allowed in the Common Name and Subject Alternative Name fields, as set forth in sections 9.2.2 and 9.2.3 of the EV Code Signing Guidelines.
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Code Signing Guidelines by Ballot 117. Ballot 117 clarified what is allowed in the Common Name and Subject Alternative Name fields, as set forth in sections 9.2.2 and 9.2.3 of the EV Code Signing Guidelines.
Notice of IPR Review Period for Amendments Made to the EV Guidelines by Ballots 113, 114, 119, 120, and 124
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Guidelines by Ballots 113, 114, 119, 120, and 124. Ballot 113 revised the definition of a Qualified Independent Information Source in Section 11.10.5 of the EV Guidelines. Ballot 114 revised the definition of Business Entity, Private Organization, and Incorporating Agency in the EV Guidelines.
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Guidelines by Ballots 113, 114, 119, 120, and 124. Ballot 113 revised the definition of a Qualified Independent Information Source in Section 11.10.5 of the EV Guidelines. Ballot 114 revised the definition of Business Entity, Private Organization, and Incorporating Agency in the EV Guidelines.
Notice of IPR Review Period for Amendments to Baseline Requirements per Ballots 112 and 120
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the Baseline Requirements by Ballots 112 and 120. Ballot 112 replaced “Internal Server Name” with use of the term “Internal Name” in the Baseline Requirements Ballot 120 made certain changes to the Baseline Requirements concerning the ability of Affiliates to verify domain registration, ownership, or control on behalf of an Applicant.
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the Baseline Requirements by Ballots 112 and 120. Ballot 112 replaced “Internal Server Name” with use of the term “Internal Name” in the Baseline Requirements Ballot 120 made certain changes to the Baseline Requirements concerning the ability of Affiliates to verify domain registration, ownership, or control on behalf of an Applicant.
2014-06-26 Minutes
June 26, 2014 by Ben WilsonAntitrust Statement: Read by Ben. Roll Call: Atsushi Inaba, Ben Wilson, Stephen Davidson, Doug Beattie, Kirk Hall, Eddy Nigg, Mads Henriksveen, Sissel Hoel, Chris Casciano, Wayne Thayer, Gerv Markham, Rick Andrews, Dave Barnet, John Amaral, and Ryan Sleevi Application of OATI: We have reviewed OATI’s application. The OATI root certificate is trusted only in Internet Explorer. Kirk noted that they do not have a Baseline Requirements WebTrust audit. Gerv said that membership requirements are defined by our bylaws, which do not specifically require a WebTrust Baseline Requirements audit. Kirk said that the BRs are almost more important than a regular WebTrust audit now. Ben said that we’ve talked about creating a bugzilla tracking system and that issue could be put in there as a future task. Wayne said he has someone at GoDaddy helping to set up bugzilla. OATI’s application was approved.
June 26, 2014 by Ben WilsonAntitrust Statement: Read by Ben. Roll Call: Atsushi Inaba, Ben Wilson, Stephen Davidson, Doug Beattie, Kirk Hall, Eddy Nigg, Mads Henriksveen, Sissel Hoel, Chris Casciano, Wayne Thayer, Gerv Markham, Rick Andrews, Dave Barnet, John Amaral, and Ryan Sleevi Application of OATI: We have reviewed OATI’s application. The OATI root certificate is trusted only in Internet Explorer. Kirk noted that they do not have a Baseline Requirements WebTrust audit. Gerv said that membership requirements are defined by our bylaws, which do not specifically require a WebTrust Baseline Requirements audit. Kirk said that the BRs are almost more important than a regular WebTrust audit now. Ben said that we’ve talked about creating a bugzilla tracking system and that issue could be put in there as a future task. Wayne said he has someone at GoDaddy helping to set up bugzilla. OATI’s application was approved.