CA/Browser Forum

CA/Browser Forum posts

Posts by tag Code Signing

    Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
    January 7, 2017 by Ben WilsonBallot 180 has passed – see results below. Ballot 180 Results CAs – 18 yes, 0 no, 3 abstain (plus one yes vote on the Management list, which will not be counted) Browsers – 5 yes, 0 no, 0 abstain Result: Ballot 180 passes (requires 2/3 affirmative vote by CAs and majority affirmative vote by browsers). Quorum is 10 votes – quorum achieved. CA Votes on Ballot 180: 18 yes on Public list – Amazon, ANF Autoridad de Certif.
    Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines
    July 5, 2016 by Ben WilsonVoting on Ballot 172, “Removal of Permanent Identifier” has now closed. The results are as follows: From the CAs, we received 9 YES votes, 1 NO vote and 7 Abstentions From the Browsers, we received 1 YES vote, 0 NO votes and 0 Abstentions Therefore the ballot passes. Full results can be seen on the ballot tracker: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 Dean Coclin CA/B Forum Chair Ballot 172 – Removal of permanentIdentifier from EV Code Signing Guidelines The following motion has been proposed by Bruce Morton of Entrust and endorsed by Rick Andrews of Symantec and Jeremy Rowley of DigiCert:
    Ballot 158 – Adoption of Code Signing Baseline Requirements
    December 17, 2015 by Ben WilsonVoting on Ballot 158 (Code Signing BRs) closed on 17 December 2015. The results are as follows: In the CA category, 17 CAs voted YES, 1 voted NO and 3 Abstained In the Browser category, 2 browsers voted YES, 3 browsers voted NO and none Abstained Therefore the ballot fails. Detailed results can be seen here: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI/edit#gid=4 After a 2 week pre-ballot, the Code Signing Working Group has now prepared the formal ballot below:
    Forum Releases Final Code Signing Baseline Requirements for Vote
    August 11, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the ballot of the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first and second rounds of public review, comments from WebTrust auditors, and an additional three months of editing by the Working Group. Code Signing Requirements 2015-11-19 This is ballot 158 which begins on December 3, 2015 Dean Coclin CA/B Forum Chair
    CA/B Forum Releases Code Signing Baseline Requirements – Final Draft for Public Exposure
    February 5, 2015 by Ben WilsonThe Code Signing Working Group of the CA/Browser Forum announces the final draft of the Code Signing Baseline Requirements. This version takes into account comments received in the first round of public review as well as comments from WebTrust auditors. Additional changes/corrections were incorporated by the working group over the past 3 months. Baseline requirements for codesigning – Feb 4 2015 This version is being sent out to the public mailing list and will be posted on the CA/B Forum website for final comments until March 6th, 2015.
    Ballot 132 – EV Code Signing Timestamp Validity Period (passed)
    September 16, 2014 by Ben WilsonVoting on Ballot 132 (amending the EV Code Signing Timestamp Validity Period) closed 16 September 2014. Voting in favor were: Actalis, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, Symantec, Trend Micro, WoSign, ANF, Certum, Mozilla and Microsoft. There were no votes against and no abstentions. Therefore, Ballot 132 passed. Ballot 132 – EV Code Signing Timestamp Validity Period Rationale for Ballot 132 Ideally, TSA services should be consistent across the multiple services that rely on them (Code Signing, EV Code Signing, AATLs, etc.
    CA/Browser Forum Releases Code Signing Baseline Requirements Public Comment Draft
    August 25, 2014 by Ben WilsonIn 2013, the CA/Browser Forum voted to create a Code Signing Working Group whose sole purpose was to come up with a set of Baseline Requirements for the issuance of Code Signing Certificates. The result of that effort is the: Baseline Requirements for Code Signing Certificates, Public Comment Draft (doc) Baseline Requirements for Code Signing Certificates, Public Comment Draft (pdf) Once approved by the CA/B Forum and subsequent audit standards are created, all Certificate Authorities will be obligated to follow these Requirements when issuing and managing code signing certificates.
    Notice of IPR Review Period for Amendment to the EV Code Signing Guidelines by Ballot 117
    July 7, 2014 by Ben WilsonPursuant to Section 4.1 of the CA/Browser Forum’s IPR Policy, this is notice of the commencement of a 30-day IPR maintenance-guideline review period by which certain provisions of the IPR will become applicable to these recent changes made to the EV Code Signing Guidelines by Ballot 117. Ballot 117 clarified what is allowed in the Common Name and Subject Alternative Name fields, as set forth in sections 9.2.2 and 9.2.3 of the EV Code Signing Guidelines.
    Ballot 117 – EV Code Signing Guidelines Corrections(passed)
    March 24, 2014 by Ben WilsonBallot 117 – EV Code Signing Guidelines Corrections Yea: ANF, Certinomis, DigiCert, GlobalSign, Izenpe, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustis, WoSign, Microsoft, and Mozilla. Nay: Comodo, Network Solutions, and Google. Abstain: Buypass Results: Ballot passed Updated version is posted here on the EV Code Signing page. Jeremy Rowley of DigiCert made the following motion, and Iñigo Barreira of Izenpe and Rick Andrews of Symantec endorsed it.
    Announcing the formation of the Code Signing Working Group – Call for Participants
    April 22, 2013 by Ben WilsonThe CA/Browser Forum has chartered a Code Signing Working Group, the purpose of which is to come up with Baseline Requirements to reduce the incidences of signed malware. The CA/Browser Forum would like to invite interested third parties to participate. The working group meets bi-weekly by phone and had its first face to face meeting in Munich on June 13th coinciding with the regular CA/Browser Forum meeting. Interested parties will need to:
    The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).