CA/Browser Forum posts
Posts by tag Server Certificates
Ballot 108 – Defining the Scope of the Baseline Requirements
August 6, 2013 by Ben WilsonBallot 108 – Defining the Scope of the Baseline Requirements (Withdrawn) Motion Jeremy Rowley made the following motion, and Stephen Davidson and Geoff Keating endorsed it: Motion Begins Amend Section 1 of the Baseline Requirements as follows: The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates describe a subset of the requirements that a Certification Authority must meet in order to issue Publicly Trusted Certificates. Except where explicitly stated otherwise, these requirements apply only to relevant events that occur on or after the Effective Date.
August 6, 2013 by Ben WilsonBallot 108 – Defining the Scope of the Baseline Requirements (Withdrawn) Motion Jeremy Rowley made the following motion, and Stephen Davidson and Geoff Keating endorsed it: Motion Begins Amend Section 1 of the Baseline Requirements as follows: The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates describe a subset of the requirements that a Certification Authority must meet in order to issue Publicly Trusted Certificates. Except where explicitly stated otherwise, these requirements apply only to relevant events that occur on or after the Effective Date.
Ballot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates
August 6, 2013 by Ben WilsonBallot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates (Withdrawn) Motion Given that several CAs have notified the CA/Browser Forum that they will be unable to comply with the 1-August-2013 deadline by which OCSP responders MUST NOT respond with a “good” status for unissued certificates, and that a one-year extension of this deadline is an appropriate timeframe by which these CAs should be able to come into compliance;
August 6, 2013 by Ben WilsonBallot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates (Withdrawn) Motion Given that several CAs have notified the CA/Browser Forum that they will be unable to comply with the 1-August-2013 deadline by which OCSP responders MUST NOT respond with a “good” status for unissued certificates, and that a one-year extension of this deadline is an appropriate timeframe by which these CAs should be able to come into compliance;
Ballot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption.
July 29, 2013 by Ben WilsonBallot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption. (Passed) Motion Steve Roylance made the following motion, and Gervase Markham from Mozilla and Stephen Davidson from QuoVadis endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, this ballot provides clarity to the language covering external audits for Subordinate CAs, removing ambiguity as well as providing better alignment of the Baseline Requirements to the Mozilla CA Root program where the subject is already covered and accepted by the wider PKI community.
July 29, 2013 by Ben WilsonBallot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption. (Passed) Motion Steve Roylance made the following motion, and Gervase Markham from Mozilla and Stephen Davidson from QuoVadis endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, this ballot provides clarity to the language covering external audits for Subordinate CAs, removing ambiguity as well as providing better alignment of the Baseline Requirements to the Mozilla CA Root program where the subject is already covered and accepted by the wider PKI community.
Ballot 104 – EV Domain Validation
July 9, 2013 by Ben WilsonBallot 104 – Domain verification for EV Certificates (Passed) Motion Rich Smith of Comodo made the following motion, and Jeremy Rowley from DigiCert and Mads Henriksveen from Buypass endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to reconcile the differences in domain verification specified in the Baseline Requirements and EV Guidelines, clarify language within the EV Guidelines about the right to use a domain name, and permit additional alternatives in verifying domain control or ownership, we propose amending the EV Guidelines as follows:
July 9, 2013 by Ben WilsonBallot 104 – Domain verification for EV Certificates (Passed) Motion Rich Smith of Comodo made the following motion, and Jeremy Rowley from DigiCert and Mads Henriksveen from Buypass endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to reconcile the differences in domain verification specified in the Baseline Requirements and EV Guidelines, clarify language within the EV Guidelines about the right to use a domain name, and permit additional alternatives in verifying domain control or ownership, we propose amending the EV Guidelines as follows:
Ballot 103 – OCSP AIA and TLS Feature Extension
June 15, 2013 by Ben WilsonThis ballot lacked an endorser.
June 15, 2013 by Ben WilsonThis ballot lacked an endorser.
Ballot 101 – EV 11.10.2 Accountants
June 7, 2013 by Ben WilsonBallot 101 – Section 11.10.2 of EV Guidelines – Accountant Licensing (Passed) Motion Ryan Koski made the following motion, and Ben Wilson from DigiCert and Rich Smith from Comodo endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to eliminate a conflict in the Extended Validation Guidelines between the definition of Accounting Practitioner in Section 4 (Definitions) mentioning “country” and the specific requirements for verifying the status of Accounting Practitioners in 11.
June 7, 2013 by Ben WilsonBallot 101 – Section 11.10.2 of EV Guidelines – Accountant Licensing (Passed) Motion Ryan Koski made the following motion, and Ben Wilson from DigiCert and Rich Smith from Comodo endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to eliminate a conflict in the Extended Validation Guidelines between the definition of Accounting Practitioner in Section 4 (Definitions) mentioning “country” and the specific requirements for verifying the status of Accounting Practitioners in 11.
Ballot 102 – BR 9.2.3 domainComponent
May 31, 2013 by Ben WilsonBallot 102 – BR 9.2.3 domainComponents (Passed) Motion Jeremy Rowley of DigiCert made the following motion, and Robin Alden from Comodo and Geoffrey Keating from Apple endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to conform to requirements of other industry bodies, including the Internet Grid Trust Federation, and to allow the encoding of domain components in certificates that interact with the configurations of some LDAP directories, we propose amending Section 9.
May 31, 2013 by Ben WilsonBallot 102 – BR 9.2.3 domainComponents (Passed) Motion Jeremy Rowley of DigiCert made the following motion, and Robin Alden from Comodo and Geoffrey Keating from Apple endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to conform to requirements of other industry bodies, including the Internet Grid Trust Federation, and to allow the encoding of domain components in certificates that interact with the configurations of some LDAP directories, we propose amending Section 9.
Ballot 100 – Extend Deadline – OCSP Good Response
May 30, 2013 by Ben WilsonThis ballot was withdrawn.
May 30, 2013 by Ben WilsonThis ballot was withdrawn.
Ballot 99 – Add DSA Keys
May 3, 2013 by Ben WilsonBallot 99 – Add DSA Keys (Passed) Motion begins Erratum begins In the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, Appendix A, add to each of the tables (1) Root CA Certificates, (2) Subordinate CA Certificates, and (3) Subscriber Certificates a new row with these three column entries (comma-separated): Minimum DSA modulus and divisor size (bits) ***, L= 2048, N= 224 or L= 2048, N= 256, L= 2048, N= 224 or L= 2048, N= 256
May 3, 2013 by Ben WilsonBallot 99 – Add DSA Keys (Passed) Motion begins Erratum begins In the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, Appendix A, add to each of the tables (1) Root CA Certificates, (2) Subordinate CA Certificates, and (3) Subscriber Certificates a new row with these three column entries (comma-separated): Minimum DSA modulus and divisor size (bits) ***, L= 2048, N= 224 or L= 2048, N= 256, L= 2048, N= 224 or L= 2048, N= 256
Ballot 97 – Prevention of Unknown Certificate Contents
February 21, 2013 by Ben WilsonBallot 97 – Prevention of Unknown Certificate Contents (Passed) Motion Jeremy Rowley made the following motion, and Ryan Hurst and Robin Alden endorsed it: Motion begins Erratum begins A. In Section 10.2.3, after the first paragraph, insert: “The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant.” B. In Appendix B, add paragraph numbers to the headings: “(1) Root CA Certificate”, “(2) Subordinate CA Certificate”, and “(3) Subscriber Certificate”.
February 21, 2013 by Ben WilsonBallot 97 – Prevention of Unknown Certificate Contents (Passed) Motion Jeremy Rowley made the following motion, and Ryan Hurst and Robin Alden endorsed it: Motion begins Erratum begins A. In Section 10.2.3, after the first paragraph, insert: “The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant.” B. In Appendix B, add paragraph numbers to the headings: “(1) Root CA Certificate”, “(2) Subordinate CA Certificate”, and “(3) Subscriber Certificate”.