CA/Browser Forum posts
Posts by tag Code Signing
Ballot CSC-7v2: Update to merge EV and Non-EV clauses
February 2, 2021 by Ben WilsonVoting has closed on this ballot and the results are as follows: CAs voting in favor (7): Actalis, DigiCert, Entrust, GDCA, GlobalSign, GoDaddy, HARICA CAs opposed: None CAs abstaining: None Certificate Consumers voting in favor (1): Microsoft Certificate Consumers opposed: None Certificate Consumers abstaining: None Therefore the ballot CSC-7 passes. Purpose of the Ballot: The CSC-2 merger of the Code Signing BRs and the EV Code Signing Guidelines was done without technical changes. The result is that we have some sections where there is different text for Non-EV and EV Code Signing certificates. In many cases there was no reason to have two different requirements. In other cases, it made sense that they both have the same requirement. There were of course some items where EV is different and these clauses were not touched for now. These items were all discussed in our bi-weekly meetings. Other minor changes were the adding in a table for document revision and history and another table for effective dates within the BRs. There were also some errors corrected from the merger.
February 2, 2021 by Ben WilsonVoting has closed on this ballot and the results are as follows: CAs voting in favor (7): Actalis, DigiCert, Entrust, GDCA, GlobalSign, GoDaddy, HARICA CAs opposed: None CAs abstaining: None Certificate Consumers voting in favor (1): Microsoft Certificate Consumers opposed: None Certificate Consumers abstaining: None Therefore the ballot CSC-7 passes. Purpose of the Ballot: The CSC-2 merger of the Code Signing BRs and the EV Code Signing Guidelines was done without technical changes. The result is that we have some sections where there is different text for Non-EV and EV Code Signing certificates. In many cases there was no reason to have two different requirements. In other cases, it made sense that they both have the same requirement. There were of course some items where EV is different and these clauses were not touched for now. These items were all discussed in our bi-weekly meetings. Other minor changes were the adding in a table for document revision and history and another table for effective dates within the BRs. There were also some errors corrected from the merger.
Special Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair
October 29, 2020 by Ben WilsonSpecial Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair The following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Vice Chair of the Code Signing Certificate Working Group. Motion begins In accordance with Bylaw 4.1©, Bruce Morton representing Entrust is hereby elected Vice Chair of the Code Signing Certificate Working Group for a term commencing on November 1, 2020 and continuing through October 31, 2022.
October 29, 2020 by Ben WilsonSpecial Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair The following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Vice Chair of the Code Signing Certificate Working Group. Motion begins In accordance with Bylaw 4.1©, Bruce Morton representing Entrust is hereby elected Vice Chair of the Code Signing Certificate Working Group for a term commencing on November 1, 2020 and continuing through October 31, 2022.
Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2 timestamp tokens
October 7, 2020 by Ben WilsonVoting on this ballot has closed. The results are below: 7 CAs voting in favor: Actalis, DigiCert, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA 0 CAs opposed 0 CAs abstaining 1 Certificate Consumer voting in favor: Microsoft 0 Certificate Consumers opposed 0 Certificate Consumers abstaining Therefore the ballot passes. Dean Coclin CSCWG Chair Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2 timestamp tokens Purpose of the Ballot: The current deadline for moving from RSA-2048 to RSA-3072 and from SHA-1 to SHA-2 for timestamp tokens falls on January 1, 2021, which is inconvenient due to code freezes due to the winter holidays. This ballot delays the deadline to June 1, 2021 for RSA-3072 and April 30, 2022 for SHA-2 timestamp tokens.
October 7, 2020 by Ben WilsonVoting on this ballot has closed. The results are below: 7 CAs voting in favor: Actalis, DigiCert, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA 0 CAs opposed 0 CAs abstaining 1 Certificate Consumer voting in favor: Microsoft 0 Certificate Consumers opposed 0 Certificate Consumers abstaining Therefore the ballot passes. Dean Coclin CSCWG Chair Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2 timestamp tokens Purpose of the Ballot: The current deadline for moving from RSA-2048 to RSA-3072 and from SHA-1 to SHA-2 for timestamp tokens falls on January 1, 2021, which is inconvenient due to code freezes due to the winter holidays. This ballot delays the deadline to June 1, 2021 for RSA-3072 and April 30, 2022 for SHA-2 timestamp tokens.
Ballot CSCWG-3: Election of Code Signing Certificate Working Group Chair
September 23, 2020 by Jos PurvisBallot ResultsVoting on Ballot CSCWG-3 has ended and the results are below: Certificate Issuers Votes in Favor: (9) Actalis, DigiCert, eMudhra, Entrust, GDCA, GlobalSign, HARICA, SSL.com, SecureTrust (former Trustwave)
September 23, 2020 by Jos PurvisBallot ResultsVoting on Ballot CSCWG-3 has ended and the results are below: Certificate Issuers Votes in Favor: (9) Actalis, DigiCert, eMudhra, Entrust, GDCA, GlobalSign, HARICA, SSL.com, SecureTrust (former Trustwave)
Ballot CSCWG-2: Combine Baseline and EV Code Signing Documents
July 21, 2020 by Jos PurvisBallot Results Voting on Ballot CSCWG-2 has ended and the results are below:
July 21, 2020 by Jos PurvisBallot Results Voting on Ballot CSCWG-2 has ended and the results are below:
Ballot CSC-1: Adopt Baseline Requirements version 1.2
June 11, 2019 by Ben Wilson*NOTICE OF REVIEW PERIOD* ** This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Guideline (60 day Review Period). Attached is a complete Draft Guideline subject of this Review Notice. Ballot for Review: Ballot CSCWG-1 /pipermail/cscwg-public/2019-June/000043.html Start of Review Period: June 13, 2019 at 11:00am Eastern Time End of Review Period: August 13, 2019 at 11:00am Eastern Time ------------------ Voting on Ballot CSCWG-1 has ended and the results are as follows: 11 Certificate Issuers voting YES: Actalis, Sectigo (former Comodo CA), DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, SSL.com, SecureTrust (former Trustwave) 0 Certificate Issuers voting No or Abstain 1 Certificate Consumer voting YES: Microsoft 0 Certificate Consumers voting No or Abstain Quorum calculator requires 6 to meet quorum. This was met. Therefore, the Ballot passes. Dean Coclin Code Signing Certificate Working Group Chair Purpose of Ballot: Adoption of this ballot will: (i) adopt written findings concerning the provenance of the Baseline Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates; and (ii) adopt version 1.2 of such Baseline Requirements, subject to completion of the 60-day “Notice of Review Period” pursuant to Section 4.1 of Forum’s IPR Policy.
June 11, 2019 by Ben Wilson*NOTICE OF REVIEW PERIOD* ** This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Guideline (60 day Review Period). Attached is a complete Draft Guideline subject of this Review Notice. Ballot for Review: Ballot CSCWG-1 /pipermail/cscwg-public/2019-June/000043.html Start of Review Period: June 13, 2019 at 11:00am Eastern Time End of Review Period: August 13, 2019 at 11:00am Eastern Time ------------------ Voting on Ballot CSCWG-1 has ended and the results are as follows: 11 Certificate Issuers voting YES: Actalis, Sectigo (former Comodo CA), DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, SSL.com, SecureTrust (former Trustwave) 0 Certificate Issuers voting No or Abstain 1 Certificate Consumer voting YES: Microsoft 0 Certificate Consumers voting No or Abstain Quorum calculator requires 6 to meet quorum. This was met. Therefore, the Ballot passes. Dean Coclin Code Signing Certificate Working Group Chair Purpose of Ballot: Adoption of this ballot will: (i) adopt written findings concerning the provenance of the Baseline Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates; and (ii) adopt version 1.2 of such Baseline Requirements, subject to completion of the 60-day “Notice of Review Period” pursuant to Section 4.1 of Forum’s IPR Policy.
Ballot FORUM-8: Establishment of a Code Signing Working Group
March 9, 2019 by Jos PurvisResults The voting period for Ballot Forum-8 has ended and the Ballot has Passed. Here are the results:
March 9, 2019 by Jos PurvisResults The voting period for Ballot Forum-8 has ended and the Ballot has Passed. Here are the results:
Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
January 7, 2017 by Ben WilsonBallot 180 has passed – see results below. Ballot 180 Results CAs – 18 yes, 0 no, 3 abstain (plus one yes vote on the Management list, which will not be counted)
January 7, 2017 by Ben WilsonBallot 180 has passed – see results below. Ballot 180 Results CAs – 18 yes, 0 no, 3 abstain (plus one yes vote on the Management list, which will not be counted)
Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines
July 5, 2016 by Ben WilsonVoting on Ballot 172, “Removal of Permanent Identifier” has now closed. The results are as follows: From the CAs, we received 9 YES votes, 1 NO vote and 7 Abstentions From the Browsers, we received 1 YES vote, 0 NO votes and 0 Abstentions Therefore the ballot passes. Full results can be seen on the ballot tracker: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 Dean Coclin CA/B Forum Chair Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines The following motion has been proposed by Bruce Morton of Entrust and endorsed by Rick Andrews of Symantec and Jeremy Rowley of DigiCert:
July 5, 2016 by Ben WilsonVoting on Ballot 172, “Removal of Permanent Identifier” has now closed. The results are as follows: From the CAs, we received 9 YES votes, 1 NO vote and 7 Abstentions From the Browsers, we received 1 YES vote, 0 NO votes and 0 Abstentions Therefore the ballot passes. Full results can be seen on the ballot tracker: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 Dean Coclin CA/B Forum Chair Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines The following motion has been proposed by Bruce Morton of Entrust and endorsed by Rick Andrews of Symantec and Jeremy Rowley of DigiCert: