CA/Browser Forum posts
Posts by tag Code Signing
Ballot CSCWG-3: Election of Code Signing Certificate Working Group Chair
September 23, 2020 by Jos PurvisBallot ResultsVoting on Ballot CSCWG-3 has ended and the results are below: Certificate Issuers Votes in Favor: (9) Actalis, DigiCert, eMudhra, Entrust, GDCA, GlobalSign, HARICA, SSL.com, SecureTrust (former Trustwave) Votes opposed: None Abstentions: None Certificate Consumers Votes in Favor: (1) Microsoft Votes Opposed: None Abstentions: None Therefore the Ballot passes. Ballot ContentThe following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Chair of the Code Signing Certificate Working Group.
September 23, 2020 by Jos PurvisBallot ResultsVoting on Ballot CSCWG-3 has ended and the results are below: Certificate Issuers Votes in Favor: (9) Actalis, DigiCert, eMudhra, Entrust, GDCA, GlobalSign, HARICA, SSL.com, SecureTrust (former Trustwave) Votes opposed: None Abstentions: None Certificate Consumers Votes in Favor: (1) Microsoft Votes Opposed: None Abstentions: None Therefore the Ballot passes. Ballot ContentThe following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Chair of the Code Signing Certificate Working Group.
Ballot CSCWG-2: Combine Baseline and EV Code Signing Documents
July 21, 2020 by Jos PurvisBallot Results Voting on Ballot CSCWG-2 has ended and the results are below: Certificate Issuers Votes in Favor: (10) Actalis, Sectigo, DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, SSL.com Votes opposed: None Abstentions: None Certificate Consumers Votes in Favor: (1) Microsoft Votes Opposed: None Abstentions: None Results Therefore the Ballot passes. Dean Coclin CSCWG Chair Ballot Content Purpose of Ballot The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates.
July 21, 2020 by Jos PurvisBallot Results Voting on Ballot CSCWG-2 has ended and the results are below: Certificate Issuers Votes in Favor: (10) Actalis, Sectigo, DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, SSL.com Votes opposed: None Abstentions: None Certificate Consumers Votes in Favor: (1) Microsoft Votes Opposed: None Abstentions: None Results Therefore the Ballot passes. Dean Coclin CSCWG Chair Ballot Content Purpose of Ballot The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates.
Ballot CSC-1: Adopt Baseline Requirements version 1.2
June 11, 2019 by Ben Wilson*NOTICE OF REVIEW PERIOD* ** This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Guideline (60 day Review Period). Attached is a complete Draft Guideline subject of this Review Notice. Ballot for Review: Ballot CSCWG-1 /pipermail/cscwg-public/2019-June/000043.html Start of Review Period: June 13, 2019 at 11:00am Eastern Time End of Review Period: August 13, 2019 at 11:00am Eastern Time ------------------ Voting on Ballot CSCWG-1 has ended and the results are as follows: 11 Certificate Issuers voting YES: Actalis, Sectigo (former Comodo CA), DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, SSL.
June 11, 2019 by Ben Wilson*NOTICE OF REVIEW PERIOD* ** This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Guideline (60 day Review Period). Attached is a complete Draft Guideline subject of this Review Notice. Ballot for Review: Ballot CSCWG-1 /pipermail/cscwg-public/2019-June/000043.html Start of Review Period: June 13, 2019 at 11:00am Eastern Time End of Review Period: August 13, 2019 at 11:00am Eastern Time ------------------ Voting on Ballot CSCWG-1 has ended and the results are as follows: 11 Certificate Issuers voting YES: Actalis, Sectigo (former Comodo CA), DigiCert, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, SSL.
Ballot FORUM-8: Establishment of a Code Signing Working Group
March 9, 2019 by Jos PurvisResults The voting period for Ballot Forum-8 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers 24 votes total including abstentions **24 Yes votes: **Actalis, Amazon, Buypass, Camerfirma, Certinomis, Certum (Asseco), Chunghwa Telecom, D-Trust, DarkMatter, DigiCert, Disig, eMudhra, Entrust Datacard, E-Tugra, GlobalSign, HARICA, SHECA, SSL.com, SSC, TrustCor, SecureTrust, TurkTrust, Visa 0 No vote: 0 Abstain: 100% of voting Certificate Issuers voted in favor. Voting by Certificate Consumers 3 votes total including abstentions
March 9, 2019 by Jos PurvisResults The voting period for Ballot Forum-8 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers 24 votes total including abstentions **24 Yes votes: **Actalis, Amazon, Buypass, Camerfirma, Certinomis, Certum (Asseco), Chunghwa Telecom, D-Trust, DarkMatter, DigiCert, Disig, eMudhra, Entrust Datacard, E-Tugra, GlobalSign, HARICA, SHECA, SSL.com, SSC, TrustCor, SecureTrust, TurkTrust, Visa 0 No vote: 0 Abstain: 100% of voting Certificate Issuers voted in favor. Voting by Certificate Consumers 3 votes total including abstentions
Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
January 7, 2017 by Ben WilsonBallot 180 has passed – see results below. Ballot 180 Results CAs – 18 yes, 0 no, 3 abstain (plus one yes vote on the Management list, which will not be counted) Browsers – 5 yes, 0 no, 0 abstain Result: Ballot 180 passes (requires 2/3 affirmative vote by CAs and majority affirmative vote by browsers). Quorum is 10 votes – quorum achieved. CA Votes on Ballot 180: 18 yes on Public list – Amazon, ANF Autoridad de Certif.
January 7, 2017 by Ben WilsonBallot 180 has passed – see results below. Ballot 180 Results CAs – 18 yes, 0 no, 3 abstain (plus one yes vote on the Management list, which will not be counted) Browsers – 5 yes, 0 no, 0 abstain Result: Ballot 180 passes (requires 2/3 affirmative vote by CAs and majority affirmative vote by browsers). Quorum is 10 votes – quorum achieved. CA Votes on Ballot 180: 18 yes on Public list – Amazon, ANF Autoridad de Certif.
Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines
July 5, 2016 by Ben WilsonVoting on Ballot 172, “Removal of Permanent Identifier” has now closed. The results are as follows: From the CAs, we received 9 YES votes, 1 NO vote and 7 Abstentions From the Browsers, we received 1 YES vote, 0 NO votes and 0 Abstentions Therefore the ballot passes. Full results can be seen on the ballot tracker: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 Dean Coclin CA/B Forum Chair Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines The following motion has been proposed by Bruce Morton of Entrust and endorsed by Rick Andrews of Symantec and Jeremy Rowley of DigiCert:
July 5, 2016 by Ben WilsonVoting on Ballot 172, “Removal of Permanent Identifier” has now closed. The results are as follows: From the CAs, we received 9 YES votes, 1 NO vote and 7 Abstentions From the Browsers, we received 1 YES vote, 0 NO votes and 0 Abstentions Therefore the ballot passes. Full results can be seen on the ballot tracker: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 Dean Coclin CA/B Forum Chair Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines The following motion has been proposed by Bruce Morton of Entrust and endorsed by Rick Andrews of Symantec and Jeremy Rowley of DigiCert:
Ballot 158 – Adoption of Code Signing Baseline Requirements
December 17, 2015 by Ben WilsonVoting on Ballot 158 (Code Signing BRs) closed on 17 December 2015. The results are as follows: In the CA category, 17 CAs voted YES, 1 voted NO and 3 Abstained In the Browser category, 2 browsers voted YES, 3 browsers voted NO and none Abstained Therefore the ballot fails. Detailed results can be seen here: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 After a 2 week pre-ballot, the Code Signing Working Group has now prepared the formal ballot below:
December 17, 2015 by Ben WilsonVoting on Ballot 158 (Code Signing BRs) closed on 17 December 2015. The results are as follows: In the CA category, 17 CAs voted YES, 1 voted NO and 3 Abstained In the Browser category, 2 browsers voted YES, 3 browsers voted NO and none Abstained Therefore the ballot fails. Detailed results can be seen here: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 After a 2 week pre-ballot, the Code Signing Working Group has now prepared the formal ballot below:
Forum Releases Final Code Signing Baseline Requirements for Vote
August 11, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the ballot of the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first and second rounds of public review, comments from WebTrust auditors, and an additional three months of editing by the Working Group. Code Signing Requirements 2015-11-19 This is ballot 158 which begins on December 3, 2015 Dean Coclin CA/B Forum Chair
August 11, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the ballot of the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first and second rounds of public review, comments from WebTrust auditors, and an additional three months of editing by the Working Group. Code Signing Requirements 2015-11-19 This is ballot 158 which begins on December 3, 2015 Dean Coclin CA/B Forum Chair
CA/B Forum Releases Code Signing Baseline Requirements – Final Draft for Public Exposure
February 5, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first round of public review as well as comments from WebTrust auditors. Additional changes/corrections were incorporated by the working group over the past 3 months. Baseline requirements for codesigning – Feb 4 2015 This version is being sent out to the public mailing list and will be posted on the CA/B Forum website for final comments until March 6th, 2015.
February 5, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first round of public review as well as comments from WebTrust auditors. Additional changes/corrections were incorporated by the working group over the past 3 months. Baseline requirements for codesigning – Feb 4 2015 This version is being sent out to the public mailing list and will be posted on the CA/B Forum website for final comments until March 6th, 2015.
Ballot 132 – EV Code Signing Timestamp Validity Period (passed)
September 16, 2014 by Ben WilsonVoting on Ballot 132 (amending the EV Code Signing Timestamp Validity Period) closed 16 September 2014. Voting in favor were: Actalis, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, Symantec, Trend Micro, WoSign, ANF, Certum, Mozilla and Microsoft. There were no votes against and no abstentions. Therefore, Ballot 132 passed. Ballot 132 – EV Code Signing Timestamp Validity Period Rationale for Ballot 132 Ideally, TSA services should be consistent across the multiple services that rely on them (Code Signing, EV Code Signing, AATLs, etc.
September 16, 2014 by Ben WilsonVoting on Ballot 132 (amending the EV Code Signing Timestamp Validity Period) closed 16 September 2014. Voting in favor were: Actalis, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, Symantec, Trend Micro, WoSign, ANF, Certum, Mozilla and Microsoft. There were no votes against and no abstentions. Therefore, Ballot 132 passed. Ballot 132 – EV Code Signing Timestamp Validity Period Rationale for Ballot 132 Ideally, TSA services should be consistent across the multiple services that rely on them (Code Signing, EV Code Signing, AATLs, etc.