CA/Browser Forum posts
Version 1.1.6 Baseline Requirements Now Posted
September 4, 2013 by Ben WilsonVersion 1.1.6 Baseline Requirements has now been posted to the CA/Browser Forum website. You can find a link to the updated version here.
September 4, 2013 by Ben WilsonVersion 1.1.6 Baseline Requirements has now been posted to the CA/Browser Forum website. You can find a link to the updated version here.
CA/B Forum Welcomes New Members
September 2, 2013 by Ben WilsonSince May 2013, five new Certificate Authorities have joined the CA/Browser Forum. We welcome the following global companies: AS Sertifitseerimiskeskus Disig, a.s. Firmaprofesional Prvni certifikacni autorita, a.s. WoSign Each new member has met the CA/B Forum requirements in issuing publicly trusted SSL certificates, undergoing a 3rd party audit, and has signed the Intellectual Property Rights (IPR) policy. The new members represent geographically diverse Certificate Authorities from Estonia, Slovakia, Spain, Czech Republic and China. We look forward to enhancing the overall knowledge base of the CA/B Forum with these additional members. This brings the total membership to 45 Certificate Authorities and Browsers.
September 2, 2013 by Ben WilsonSince May 2013, five new Certificate Authorities have joined the CA/Browser Forum. We welcome the following global companies: AS Sertifitseerimiskeskus Disig, a.s. Firmaprofesional Prvni certifikacni autorita, a.s. WoSign Each new member has met the CA/B Forum requirements in issuing publicly trusted SSL certificates, undergoing a 3rd party audit, and has signed the Intellectual Property Rights (IPR) policy. The new members represent geographically diverse Certificate Authorities from Estonia, Slovakia, Spain, Czech Republic and China. We look forward to enhancing the overall knowledge base of the CA/B Forum with these additional members. This brings the total membership to 45 Certificate Authorities and Browsers.
Welcome to the CA/Browser Forum
September 2, 2013 by Ben WilsonWelcome to the CA/Browser Forum. Organized in 2005, we are a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing. The CA/Browser Forum began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to Internet users about the websites they visit by leveraging the capabilities of SSL/TLS certificates. In June 2007, the CA/Browser Forum adopted version 1.0 of the Extended Validation (EV) Guidelines. EV certificates are issued after extended steps to verify the identity of the entity behind the domain receiving the certificate. Internet browser software displays enhanced indication of that identity by changing the appearance of its display (i.e. colors, icons, animation, and/or additional website information).
September 2, 2013 by Ben WilsonWelcome to the CA/Browser Forum. Organized in 2005, we are a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing. The CA/Browser Forum began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to Internet users about the websites they visit by leveraging the capabilities of SSL/TLS certificates. In June 2007, the CA/Browser Forum adopted version 1.0 of the Extended Validation (EV) Guidelines. EV certificates are issued after extended steps to verify the identity of the entity behind the domain receiving the certificate. Internet browser software displays enhanced indication of that identity by changing the appearance of its display (i.e. colors, icons, animation, and/or additional website information).
Ballot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines
August 9, 2013 by Ben WilsonBallot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines (Withdrawn) Mads Henriksveen made the following motion, and Inigo Barreira from Izenpe and Kirk Hall from Trend Micro endorsed it: Motion Begins Baseline Requirements (BR)
August 9, 2013 by Ben WilsonBallot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines (Withdrawn) Mads Henriksveen made the following motion, and Inigo Barreira from Izenpe and Kirk Hall from Trend Micro endorsed it: Motion Begins Baseline Requirements (BR)
Ballot 108 – Defining the Scope of the Baseline Requirements
August 6, 2013 by Ben WilsonBallot 108 – Defining the Scope of the Baseline Requirements (Withdrawn) Motion Jeremy Rowley made the following motion, and Stephen Davidson and Geoff Keating endorsed it: Motion Begins Amend Section 1 of the Baseline Requirements as follows: The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates describe a subset of the requirements that a Certification Authority must meet in order to issue Publicly Trusted Certificates. Except where explicitly stated otherwise, these requirements apply only to relevant events that occur on or after the Effective Date.
August 6, 2013 by Ben WilsonBallot 108 – Defining the Scope of the Baseline Requirements (Withdrawn) Motion Jeremy Rowley made the following motion, and Stephen Davidson and Geoff Keating endorsed it: Motion Begins Amend Section 1 of the Baseline Requirements as follows: The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates describe a subset of the requirements that a Certification Authority must meet in order to issue Publicly Trusted Certificates. Except where explicitly stated otherwise, these requirements apply only to relevant events that occur on or after the Effective Date.
Ballot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates
August 6, 2013 by Ben WilsonBallot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates (Withdrawn) Motion Given that several CAs have notified the CA/Browser Forum that they will be unable to comply with the 1-August-2013 deadline by which OCSP responders MUST NOT respond with a “good” status for unissued certificates, and that a one-year extension of this deadline is an appropriate timeframe by which these CAs should be able to come into compliance;
August 6, 2013 by Ben WilsonBallot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates (Withdrawn) Motion Given that several CAs have notified the CA/Browser Forum that they will be unable to comply with the 1-August-2013 deadline by which OCSP responders MUST NOT respond with a “good” status for unissued certificates, and that a one-year extension of this deadline is an appropriate timeframe by which these CAs should be able to come into compliance;
Ballot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption.
July 29, 2013 by Ben WilsonBallot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption. (Passed) Motion Steve Roylance made the following motion, and Gervase Markham from Mozilla and Stephen Davidson from QuoVadis endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, this ballot provides clarity to the language covering external audits for Subordinate CAs, removing ambiguity as well as providing better alignment of the Baseline Requirements to the Mozilla CA Root program where the subject is already covered and accepted by the wider PKI community. In addition, the proposal sets out to aid wider and broader PKI adoption by Subordinate CAs by defining the use of Technical Constraints and highlighting how additional barriers to adoption within the guidelines can be optional when using Name Constraints, specifically the requirement for ‘OCSP Good’ responses originally proposed in Ballot 100. We propose amending the Baseline Requirements Guidelines as follows:
July 29, 2013 by Ben WilsonBallot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption. (Passed) Motion Steve Roylance made the following motion, and Gervase Markham from Mozilla and Stephen Davidson from QuoVadis endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, this ballot provides clarity to the language covering external audits for Subordinate CAs, removing ambiguity as well as providing better alignment of the Baseline Requirements to the Mozilla CA Root program where the subject is already covered and accepted by the wider PKI community. In addition, the proposal sets out to aid wider and broader PKI adoption by Subordinate CAs by defining the use of Technical Constraints and highlighting how additional barriers to adoption within the guidelines can be optional when using Name Constraints, specifically the requirement for ‘OCSP Good’ responses originally proposed in Ballot 100. We propose amending the Baseline Requirements Guidelines as follows: