CA/Browser Forum posts
Posts by tag Server Certificates
Ballot 131 – Update to Verified Method of Communication (passed)
September 12, 2014 by Ben WilsonVoting on Ballot 131 (Update to Verified Method of Communication) closed last Friday. Voting in favor were: Actalis, Buypass, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustwave, Trustis, TURKTRUST, WoSign and Mozilla. There were no votes against and no abstentions. Therefore, Ballot 131 passed. Ballot 131 – Update to Verified Method of Communication The EV Guidelines Working Group has revisited Section 11.4 of the EV Guidelines (Applicant’s Physical Existence) and has decided that it is best to split it into two separate sections. Section 11.4.1 would remain as is for “Address of Applicant’s Place of Business.” Section 11.4.2 would be moved to its own section–a new 11.5, and all subsequent section numbers in 11 would be renumbered accordingly. The new Section 11.5 will focus on a verified means for communicating with the organization to be named as the subject in the certificate (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request).
September 12, 2014 by Ben WilsonVoting on Ballot 131 (Update to Verified Method of Communication) closed last Friday. Voting in favor were: Actalis, Buypass, Comodo, DigiCert, Disig, Entrust, GlobalSign, GoDaddy, OpenTrust, QuoVadis, SECOM Trust, SSC, StartCom, Symantec, Trend Micro, Trustwave, Trustis, TURKTRUST, WoSign and Mozilla. There were no votes against and no abstentions. Therefore, Ballot 131 passed. Ballot 131 – Update to Verified Method of Communication The EV Guidelines Working Group has revisited Section 11.4 of the EV Guidelines (Applicant’s Physical Existence) and has decided that it is best to split it into two separate sections. Section 11.4.1 would remain as is for “Address of Applicant’s Place of Business.” Section 11.4.2 would be moved to its own section–a new 11.5, and all subsequent section numbers in 11 would be renumbered accordingly. The new Section 11.5 will focus on a verified means for communicating with the organization to be named as the subject in the certificate (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request).
Ballot 129 – PSL in BR 11.1.3 (passed)
August 4, 2014 by Ben WilsonVoting on Ballot 129 closed on 4 August 2014. Voting in Favor were: DigiCert, Disig, GlobalSign, GoDaddy, Symantec, Trend Micro, Trustwave, WoSign, and Mozilla. None were opposed and none abstained. Quorum was met and Ballot 129 passed resulting in Baseline_Requirements_V1_1_9. Gerv Markham of Mozilla made the following motion, and Ben Wilson from Digicert and Rick Andrews from Symantec have endorsed it. Reason for Ballot This ballot simply clarifies how to use the “Public Suffix List” (PSL) in Section 11.1.3 of the Baseline Requirements. The explanation in the footnote to section 11.1.3 of the Baseline Requirements about how to use the PSL is ambiguous because the PSL has two sections–the “ICANN DOMAINS” section and the “PRIVATE DOMAINS” section. Therefore, clarification is needed to explain that it is the ICANN DOMAINS section of the PSL that CAs should use.
August 4, 2014 by Ben WilsonVoting on Ballot 129 closed on 4 August 2014. Voting in Favor were: DigiCert, Disig, GlobalSign, GoDaddy, Symantec, Trend Micro, Trustwave, WoSign, and Mozilla. None were opposed and none abstained. Quorum was met and Ballot 129 passed resulting in Baseline_Requirements_V1_1_9. Gerv Markham of Mozilla made the following motion, and Ben Wilson from Digicert and Rick Andrews from Symantec have endorsed it. Reason for Ballot This ballot simply clarifies how to use the “Public Suffix List” (PSL) in Section 11.1.3 of the Baseline Requirements. The explanation in the footnote to section 11.1.3 of the Baseline Requirements about how to use the PSL is ambiguous because the PSL has two sections–the “ICANN DOMAINS” section and the “PRIVATE DOMAINS” section. Therefore, clarification is needed to explain that it is the ICANN DOMAINS section of the PSL that CAs should use.
Ballot 126 – Operational Existence (passed)
July 24, 2014 by Ben WilsonVoting on Ballot 126 closed on 24 July 2014. Voting in favor were Comodo, DigiCert, Network Solutions, QuoVadis, Symantec, Trend Micro, WoSign, and Mozilla. Visa abstained. Quorum was met and Ballot 126 passed, resulting in EV SSL Certificate Guidelines Version 1.5.0. Ballot 126 – Operational Existence Jeremy Rowley of Digicert made the following motion and Cecilia Kam of Symantec and Doug Beattie of GlobalSign have endorsed it:
July 24, 2014 by Ben WilsonVoting on Ballot 126 closed on 24 July 2014. Voting in favor were Comodo, DigiCert, Network Solutions, QuoVadis, Symantec, Trend Micro, WoSign, and Mozilla. Visa abstained. Quorum was met and Ballot 126 passed, resulting in EV SSL Certificate Guidelines Version 1.5.0. Ballot 126 – Operational Existence Jeremy Rowley of Digicert made the following motion and Cecilia Kam of Symantec and Doug Beattie of GlobalSign have endorsed it:
Ballot 127 – Verification of Agency in EV Guidelines 11.7.2 (passes)
July 17, 2014 by Ben WilsonVoting on Ballot 127 We received Yes votes from Actalis, Buypass, DigiCert, GlobalSign, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM, Symantec, Trend Micro, Trustwave, TurkTrust, WoSign, and Mozilla.
July 17, 2014 by Ben WilsonVoting on Ballot 127 We received Yes votes from Actalis, Buypass, DigiCert, GlobalSign, Logius PKIoverheid, OpenTrust, QuoVadis, SECOM, Symantec, Trend Micro, Trustwave, TurkTrust, WoSign, and Mozilla.
Ballot 128 – CP Review Working Group (passes)
July 9, 2014 by Ben WilsonVoting closed on July 9, 2014. In Favor: Buypass, DigiCert, GlobalSign, OPENTRUST, QuoVadis, SECOM, Symantec, Trend Micro, TURKTRUST, WoSign, Opera, Mozilla and Microsoft. Abstaining: Actalis Result: Ballot passes. Ballot 128 – CP Review Working Group During the CAB Forum face-to-face meeting, we discussed creating a working group to compare the NIST IR proposal and various with the existing CAB Forum work product. The group will also continue our contemplation on converting to a 3647 format to make future comparisons easier.
July 9, 2014 by Ben WilsonVoting closed on July 9, 2014. In Favor: Buypass, DigiCert, GlobalSign, OPENTRUST, QuoVadis, SECOM, Symantec, Trend Micro, TURKTRUST, WoSign, Opera, Mozilla and Microsoft. Abstaining: Actalis Result: Ballot passes. Ballot 128 – CP Review Working Group During the CAB Forum face-to-face meeting, we discussed creating a working group to compare the NIST IR proposal and various with the existing CAB Forum work product. The group will also continue our contemplation on converting to a 3647 format to make future comparisons easier.
Ballot 124 – Business Entity Clarification (passed)
June 5, 2014 by Ben WilsonBallot 124 – Business Entity Clarification Voting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 124 passed. The EV Guidelines Working Group identified an erroneous cross-reference in the first sentence of Section 11.2.2(3) (Business Entity Subjects). Joanna Fox of GoDaddy made the following motion, and Cecilia Kam of Symantec and Ben Wilson from DigiCert have endorsed it.
June 5, 2014 by Ben WilsonBallot 124 – Business Entity Clarification Voting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 124 passed. The EV Guidelines Working Group identified an erroneous cross-reference in the first sentence of Section 11.2.2(3) (Business Entity Subjects). Joanna Fox of GoDaddy made the following motion, and Cecilia Kam of Symantec and Ben Wilson from DigiCert have endorsed it.
Ballot 120 – Affiliate Authority to Verify Domain (passed)
June 5, 2014 by Ben WilsonVoting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 120 passed. Kirk Hall of TrendMicro made the following motion and Jeremy Rowley of DigiCert and Cecilia Kam of Symantec have endorsed it: Ballot 120 – Affiliate Authority to Verify Domain Reasons for proposed ballot Ballot 72 in May 2012 reorganized the EV Guidelines by moving certain definitions and common provisions to the Baseline Requirements and replacing them with cross references to the Baseline Requirements. In July 2013, Ballot 104 was a similar replacement with a cross reference to avoid unnecessary duplication between the two sets of guidelines , but it inadvertently removed domain verification through a parent or subsidiary from EV Guidelines Sec. 11.6.2 (now renumbered as EVGL 11.6.1), which had listed it as part of the allowed verification process. Ballot 104 essentially deleted the separately listed EVGL 11.6.2 methods for verifying domain ownership, and instead inserted a cross-reference to the methods of verifying domain ownership in BR 11.1.1 (except for subsection (7) – “any other method of confirmation” – which was not deemed reliable enough for EV).
June 5, 2014 by Ben WilsonVoting closed on June 5, 2014. We received votes in favor from Actalis, ANF, Buypass, DigiCert, Disig, Firmaprofesional, GlobalSign, GoDaddy.com, Logius PKIoverheid, Mozilla, QuoVadis, StartCom, Symantec, Trend Micro, TURKTRUST, OpenTrust, and WoSign. There were no votes against and no abstentions. Therefore, Ballot 120 passed. Kirk Hall of TrendMicro made the following motion and Jeremy Rowley of DigiCert and Cecilia Kam of Symantec have endorsed it: Ballot 120 – Affiliate Authority to Verify Domain Reasons for proposed ballot Ballot 72 in May 2012 reorganized the EV Guidelines by moving certain definitions and common provisions to the Baseline Requirements and replacing them with cross references to the Baseline Requirements. In July 2013, Ballot 104 was a similar replacement with a cross reference to avoid unnecessary duplication between the two sets of guidelines , but it inadvertently removed domain verification through a parent or subsidiary from EV Guidelines Sec. 11.6.2 (now renumbered as EVGL 11.6.1), which had listed it as part of the allowed verification process. Ballot 104 essentially deleted the separately listed EVGL 11.6.2 methods for verifying domain ownership, and instead inserted a cross-reference to the methods of verifying domain ownership in BR 11.1.1 (except for subsection (7) – “any other method of confirmation” – which was not deemed reliable enough for EV).
Ballot 122 – Verified Method of Communication (failed)
May 8, 2014 by Ben WilsonBallot 122 – Verified Method of Communication Voting on Ballot 122 closed. We received “yes” votes from Actalis, Buypass, Comodo, DigiCert, GlobalSign, GoDaddy, Izenpe, Logius PKIoverheid, QuoVadis, SECOM, Symantec, Trend Micro, Trustis, TURKTRUST, Visa, and WoSign OpenTrust and SSC abstained. Mozilla and Microsoft voted “no.” Therefore, Ballot 122 did not pass. The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to “develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization’s existence. This is maintained by the proposed replacement language.
May 8, 2014 by Ben WilsonBallot 122 – Verified Method of Communication Voting on Ballot 122 closed. We received “yes” votes from Actalis, Buypass, Comodo, DigiCert, GlobalSign, GoDaddy, Izenpe, Logius PKIoverheid, QuoVadis, SECOM, Symantec, Trend Micro, Trustis, TURKTRUST, Visa, and WoSign OpenTrust and SSC abstained. Mozilla and Microsoft voted “no.” Therefore, Ballot 122 did not pass. The EV Guidelines Working Group has completed its review of Section 11.4.2 of the EV Guidelines (Telephone Number for Applicant’s Place of Business). The purpose of the review was to “develop a more international process for verifying contact information,” especially to transition away from a landline-centric focus. The purpose of Section 11.4.2 has been to ensure a means for communicating with an organization (to verify the authority of EV roles and ensure that it was appropriately aware of the certificate request) and to provide additional evidence of an organization’s existence. This is maintained by the proposed replacement language.
Ballot 121 – EV Guidelines Insurance Requirements(failed)
May 7, 2014 by Ben WilsonBallot 121 – EV Guidelines Insurance Requirements Voting has closed on Ballot 121. “Yes” votes were cast by Buypass, Disig, Firmaprofesional, GlobalSign, GoDaddy, Izenpe, OpenTrust, SSC, Trend Micro, Turktrust, and WoSign. “No” votes were cast by Actalis, DigiCert, QuoVadis, Symantec, and Mozilla. Abstentions were submitted by StartCom, Visa, and Google. Therefore, Ballot 121 failed.
May 7, 2014 by Ben WilsonBallot 121 – EV Guidelines Insurance Requirements Voting has closed on Ballot 121. “Yes” votes were cast by Buypass, Disig, Firmaprofesional, GlobalSign, GoDaddy, Izenpe, OpenTrust, SSC, Trend Micro, Turktrust, and WoSign. “No” votes were cast by Actalis, DigiCert, QuoVadis, Symantec, and Mozilla. Abstentions were submitted by StartCom, Visa, and Google. Therefore, Ballot 121 failed.
Ballot 112 – Replace Definition of “Internal Server Name” with “Internal Name”(passed)
April 3, 2014 by Ben WilsonBallot 112 – Replace Definition of “Internal Server Name” with “Internal Name” Votes in Favor: ANF, Buypass, Comodo, DigiCert, Disig, FirmaProfesional, GlobalSign, GoDaddy, Logius PKIoverheid, QuoVadis, Sertifitseerimiskeskus, SSC, StartCom, SwissSign, Symantec,Trend Micro, Trustis, TURKTRUST, TAIWAN-CA, WoSign, Mozilla and Google No abstentions or nay votes. Ballot passed. The current definition of Internal Server Name is ambiguous. It reads, “A Server Name (which may or may not include an Unregistered Domain Name) that is not resolvable using the public DNS.”
April 3, 2014 by Ben WilsonBallot 112 – Replace Definition of “Internal Server Name” with “Internal Name” Votes in Favor: ANF, Buypass, Comodo, DigiCert, Disig, FirmaProfesional, GlobalSign, GoDaddy, Logius PKIoverheid, QuoVadis, Sertifitseerimiskeskus, SSC, StartCom, SwissSign, Symantec,Trend Micro, Trustis, TURKTRUST, TAIWAN-CA, WoSign, Mozilla and Google No abstentions or nay votes. Ballot passed. The current definition of Internal Server Name is ambiguous. It reads, “A Server Name (which may or may not include an Unregistered Domain Name) that is not resolvable using the public DNS.”