CA/Browser Forum posts
Posts by tag Server Certificates
2021-02-18 Minutes of the Server Certificate Working Group
March 3, 2021 by Jos PurvisAttendees (in alphabetical order) Aaron Gable (Let’s Encrypt), Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)
March 3, 2021 by Jos PurvisAttendees (in alphabetical order) Aaron Gable (Let’s Encrypt), Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)
Ballot SC041: Reformatting the BRs, EVGs, and NCSSRs
February 26, 2021 by Jos PurvisThe voting period for Ballot SC41v2 has concluded and the Ballot has Passed. Voting Results Certificate Issuers 2****1 votes total, with no abstentions
February 26, 2021 by Jos PurvisThe voting period for Ballot SC41v2 has concluded and the Ballot has Passed. Voting Results Certificate Issuers 2****1 votes total, with no abstentions
2021-02-04 Minutes of the Server Certificate Working Group
February 18, 2021 by Jos PurvisAttendees (in alphabetical order) Ali Gholami (Telia), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Digicert), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (DigiCert), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Eusebio Herrera (AC Camerfirma), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Jim Gorz (GoDaddy), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Juan-Angel Martin (AC Camerfirma SA), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Noorul Halimin Mansol (PoS Digicert), Patrick Nohe (GlobalSign), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Wendy Brown (US Federal PKI Management Authority)
February 18, 2021 by Jos PurvisAttendees (in alphabetical order) Ali Gholami (Telia), Andrea Holland (SecureTrust), Arno Fiedler (D-TRUST), Ben Wilson (Digicert), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Clint Wilson (Apple), Corey Bonnell (DigiCert), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Eusebio Herrera (AC Camerfirma), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Jeff Ward (CPA Canada/WebTrust), Jim Gorz (GoDaddy), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Juan-Angel Martin (AC Camerfirma SA), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Noorul Halimin Mansol (PoS Digicert), Patrick Nohe (GlobalSign), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Ryan Sleevi (Google), Sebastian Schulz (GlobalSign), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Wendy Brown (US Federal PKI Management Authority)
Ballot SC037: Election of Server Certificate Working Group Vice Chair
February 10, 2021 by Wayne ThayerThe voting period for Special Ballot SC37 has ended and the Ballot has Passed. Congratulations Wayne! Here are the results: Voting by Certificate Issuers – 20 votes total including abstentions – 20 Yes votes: Actalis, Buypass, Certum (Asseco), CFCA, Chunghwa Telecom, D-TRUST, Disig, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, Kamu SM, OATI, OISTE, SSL.com, TrustCor, SecureTrust. – 0 No votes: – 0 Abstain: 100% of voting Certificate Issuers voted in favor.
February 10, 2021 by Wayne ThayerThe voting period for Special Ballot SC37 has ended and the Ballot has Passed. Congratulations Wayne! Here are the results: Voting by Certificate Issuers – 20 votes total including abstentions – 20 Yes votes: Actalis, Buypass, Certum (Asseco), CFCA, Chunghwa Telecom, D-TRUST, Disig, eMudhra, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, iTrusChina, Kamu SM, OATI, OISTE, SSL.com, TrustCor, SecureTrust. – 0 No votes: – 0 Abstain: 100% of voting Certificate Issuers voted in favor.
Ballot SC309v3: Definition of Critical Vulnerability
February 10, 2021 by Wayne ThayerThe voting period for Ballot SC39v3 has concluded and the Ballot has Passed. Voting Results Certificate Issuers 22 votes total, with no abstentions
February 10, 2021 by Wayne ThayerThe voting period for Ballot SC39v3 has concluded and the Ballot has Passed. Voting Results Certificate Issuers 22 votes total, with no abstentions
Ballot SC040: Security Requirements for Air-Gapped CA Systems
February 9, 2021 by Ben WilsonThis ballot was withdrawn and/or failed to go to a vote. This is a continuation of discussion on the air-gapped CA ballot. (As noted below, this formally continues the discussion for this ballot, as of 2021-02-08 17:00 UTC. This discussion period will continue until initiation of the Voting Period (TBD) unless extended or as otherwise determined, pursuant to the CA/Browser Forum Bylaws. I renumbered the sections - 5.1 for logical security and 5.2 for physical security. I have not attempted yet to address the comments between Aaron and Ryan re: accessing the air-gapped CA for checking configuration. Maybe that section needs to remain “as is” or with clarification that a desktop review of CA configuration would be satisfactory if the air-gapped CA has not been physically touched.
February 9, 2021 by Ben WilsonThis ballot was withdrawn and/or failed to go to a vote. This is a continuation of discussion on the air-gapped CA ballot. (As noted below, this formally continues the discussion for this ballot, as of 2021-02-08 17:00 UTC. This discussion period will continue until initiation of the Voting Period (TBD) unless extended or as otherwise determined, pursuant to the CA/Browser Forum Bylaws. I renumbered the sections - 5.1 for logical security and 5.2 for physical security. I have not attempted yet to address the comments between Aaron and Ryan re: accessing the air-gapped CA for checking configuration. Maybe that section needs to remain “as is” or with clarification that a desktop review of CA configuration would be satisfactory if the air-gapped CA has not been physically touched.
2020-01-07 Minutes of the Server Certificate Working Group
January 21, 2021 by Jos PurvisAttendees Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Digicert), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Christy Berghoff (Federal PKI), Clint Wilson (Apple), Corey Bonnell (DigiCert), Christy Berghoff (Federal PKI), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Nazril Bin Mohd Gahni (PoS Digicert), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Noorul Halimin Mansol (PoS Digicert), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Redha Hamzah (PoS Digicert), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla)
January 21, 2021 by Jos PurvisAttendees Adrian Mueller (SwissSign), Ali Gholami (Telia), Andrea Holland (SecureTrust), Ben Wilson (Digicert), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Chris McMillan (Visa), Christy Berghoff (Federal PKI), Clint Wilson (Apple), Corey Bonnell (DigiCert), Christy Berghoff (Federal PKI), Corey Rasmussen (OATI), Curt Spann (Apple), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Mads Henriksveen (Buypass AS), Mike Reilly (Microsoft), Nazril Bin Mohd Gahni (PoS Digicert), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Noorul Halimin Mansol (PoS Digicert), Paul van Brouwershaven (Entrust), Peter Miskovic (Disig), Redha Hamzah (PoS Digicert), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Mozilla)
Ballot SC038: Alignment of Record Archival
December 16, 2020 by Ben WilsonThis ballot failed to go to a vote and failed pursuant to the Bylaws. This begins the discussion period for Ballot SC38: Alignment of Record Archival (which I circulated a little while ago). The following ballot is proposed by Neil Dunbar of TrustCor Systems and endorsed by David Kluge of Google Trust Services and Ben Wilson of Mozilla. Purpose of Ballot: After the updated language included in SC28 Sections 5.4.3 and 5.5.2 (of the BRs) could be in conflict. Section 5.5.2 requires all documentation relating to certificate requests and the verification thereof, and all Certificates and revocation thereof be retained for seven years after certificates cease to to be valid. Section 5.4.3 requires all audit logs of Subscriber Certificate lifecycle management event records be maintained for two years after the revocation or expiration of the Subscriber Certificate. These sections intersect at the retention requirements for audit logs and archived records, as they relate to subscriber certificate lifecycle events. The retention periods are in conflict as to the length of retention.
December 16, 2020 by Ben WilsonThis ballot failed to go to a vote and failed pursuant to the Bylaws. This begins the discussion period for Ballot SC38: Alignment of Record Archival (which I circulated a little while ago). The following ballot is proposed by Neil Dunbar of TrustCor Systems and endorsed by David Kluge of Google Trust Services and Ben Wilson of Mozilla. Purpose of Ballot: After the updated language included in SC28 Sections 5.4.3 and 5.5.2 (of the BRs) could be in conflict. Section 5.5.2 requires all documentation relating to certificate requests and the verification thereof, and all Certificates and revocation thereof be retained for seven years after certificates cease to to be valid. Section 5.4.3 requires all audit logs of Subscriber Certificate lifecycle management event records be maintained for two years after the revocation or expiration of the Subscriber Certificate. These sections intersect at the retention requirements for audit logs and archived records, as they relate to subscriber certificate lifecycle events. The retention periods are in conflict as to the length of retention.
2020-12-11 Minutes of the Server Certificate Working Group
December 10, 2020 by Jos PurvisAttendees (in alphabetical order) Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Christy Berghoff (Federal PKI), Curt Spann (Apple), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)
December 10, 2020 by Jos PurvisAttendees (in alphabetical order) Adrian Mueller (SwissSign), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Christy Berghoff (Federal PKI), Curt Spann (Apple), Daniela Hood (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Hazhar Ismail (MSC Trustgate), Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Joanna Fox (GoDaddy), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Michelle Coon (OATI), Mike Reilly (Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe (GlobalSign), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Rich Smith (Sectigo), Ryan Sleevi (Google), Shelley Brewer (Digicert), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management Authority)
Special Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair
October 29, 2020 by Ben WilsonSpecial Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair The following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Vice Chair of the Code Signing Certificate Working Group. Motion begins In accordance with Bylaw 4.1©, Bruce Morton representing Entrust is hereby elected Vice Chair of the Code Signing Certificate Working Group for a term commencing on November 1, 2020 and continuing through October 31, 2022.
October 29, 2020 by Ben WilsonSpecial Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair The following motion has been proposed by the Code Signing Certificate Working Group Chair Dean Coclin of DigiCert. Purpose of Ballot This special ballot is to confirm the new Vice Chair of the Code Signing Certificate Working Group. Motion begins In accordance with Bylaw 4.1©, Bruce Morton representing Entrust is hereby elected Vice Chair of the Code Signing Certificate Working Group for a term commencing on November 1, 2020 and continuing through October 31, 2022.