CA/Browser Forum posts
Posts by tag Code Signing
CA/Browser Forum Releases Code Signing Baseline Requirements Public Comment Draft
August 25, 2014 by Ben WilsonIn 2013, the CA/Browser Forum voted to create a Code Signing Working Group whose sole purpose was to come up with a set of Baseline Requirements for the issuance of Code Signing Certificates. The result of that effort is the: Baseline Requirements for Code Signing Certificates, Public Comment Draft (doc) Baseline Requirements for Code Signing Certificates, Public Comment Draft (pdf) Once approved by the CA/B Forum and subsequent audit standards are created, all Certificate Authorities will be obligated to follow these Requirements when issuing and managing code signing certificates.
August 25, 2014 by Ben WilsonIn 2013, the CA/Browser Forum voted to create a Code Signing Working Group whose sole purpose was to come up with a set of Baseline Requirements for the issuance of Code Signing Certificates. The result of that effort is the: Baseline Requirements for Code Signing Certificates, Public Comment Draft (doc) Baseline Requirements for Code Signing Certificates, Public Comment Draft (pdf) Once approved by the CA/B Forum and subsequent audit standards are created, all Certificate Authorities will be obligated to follow these Requirements when issuing and managing code signing certificates.
Notice of IPR Review Period for Amendment to the EV Code Signing Guidelines by Ballot 117
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Code Signing Guidelines by Ballot 117. Ballot 117 clarified what is allowed in the Common Name and Subject Alternative Name fields, as set forth in sections 9.2.2 and 9.2.3 of the EV Code Signing Guidelines.
July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Code Signing Guidelines by Ballot 117. Ballot 117 clarified what is allowed in the Common Name and Subject Alternative Name fields, as set forth in sections 9.2.2 and 9.2.3 of the EV Code Signing Guidelines.
Ballot 117 – EV Code Signing Guidelines Corrections(passed)
March 24, 2014 by Ben WilsonBallot 117 – EV Code Signing Guidelines Corrections Yea: ANF, Certinomis, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Microsoft, and Mozilla. Nay: Comodo, Network Solutions, and Google. Abstain: Buypass Results: Ballot passed Updated version is posted here on the EV Code Signing page. Jeremy Rowley of DigiCert made the following motion, and Iñigo Barreira of Izenpe and Rick Andrews of Symantec endorsed it.
March 24, 2014 by Ben WilsonBallot 117 – EV Code Signing Guidelines Corrections Yea: ANF, Certinomis, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Microsoft, and Mozilla. Nay: Comodo, Network Solutions, and Google. Abstain: Buypass Results: Ballot passed Updated version is posted here on the EV Code Signing page. Jeremy Rowley of DigiCert made the following motion, and Iñigo Barreira of Izenpe and Rick Andrews of Symantec endorsed it.
Announcing the formation of the Code Signing Working Group – Call for Participants
April 22, 2013 by Ben WilsonThe CA/Browser Forum has chartered a Code Signing Working Group, the purpose of which is to come up with Baseline Requirements to reduce the incidences of signed malware. The CA/Browser Forum would like to invite interested third parties to participate. The working group meets bi-weekly by phone and had its first face to face meeting in Munich on June 13th coinciding with the regular CA/Browser Forum meeting. Interested parties will need to:
April 22, 2013 by Ben WilsonThe CA/Browser Forum has chartered a Code Signing Working Group, the purpose of which is to come up with Baseline Requirements to reduce the incidences of signed malware. The CA/Browser Forum would like to invite interested third parties to participate. The working group meets bi-weekly by phone and had its first face to face meeting in Munich on June 13th coinciding with the regular CA/Browser Forum meeting. Interested parties will need to:
Ballot 70 – EV Code Signing Identifier
May 8, 2012 by Ben WilsonBallot 70 – EV Code Signing Identifier (Passed Unanimously) Motion Jeremy Rowley made the following motion, and Tom Albertson and Bruce Morton endorsed it: … Motion begins…. Effective immediately. Erratum begins DELETE the following text from the EV Guidelines Appendix H: “(3) Certificate Content. EV Code Signing Certificates MUST meet the minimum content requirements of Section 8.1 and Appendix B -Extensions for EV Certificates Intended for use with SSL/TLS – of these Guidelines, except that the Domain Name SHALL be omitted and the keyUsage extension SHALL be set as follows: “(A) keyUsage.
May 8, 2012 by Ben WilsonBallot 70 – EV Code Signing Identifier (Passed Unanimously) Motion Jeremy Rowley made the following motion, and Tom Albertson and Bruce Morton endorsed it: … Motion begins…. Effective immediately. Erratum begins DELETE the following text from the EV Guidelines Appendix H: “(3) Certificate Content. EV Code Signing Certificates MUST meet the minimum content requirements of Section 8.1 and Appendix B -Extensions for EV Certificates Intended for use with SSL/TLS – of these Guidelines, except that the Domain Name SHALL be omitted and the keyUsage extension SHALL be set as follows: “(A) keyUsage.