CA/Browser Forum posts
Posts by tag Server Certificates
Ballot 96 – Wildcard Certificates and New gTLDs
February 20, 2013 by Ben WilsonBallot 96 – Wildcard Certificates and New gTLDs (Passed) Motion Jeremy Rowley made the following motion, and Rick Andrews and Steve Roylance endorsed it: Motion Begins Erratum Begins Add the following as new Section 11.1.3: 11.1 Authorization by Domain Name Registrant 11.1.3 Wildcard Domain Validation Before issuing a certificate with a wildcard character (*) in a CN or subjectAltName of type DNS-ID, the CA MUST establish and follow a documented procedure† that determines if the wildcard character occurs in the first label position to the left of a “registry-controlled” label or “public suffix” (e.
February 20, 2013 by Ben WilsonBallot 96 – Wildcard Certificates and New gTLDs (Passed) Motion Jeremy Rowley made the following motion, and Rick Andrews and Steve Roylance endorsed it: Motion Begins Erratum Begins Add the following as new Section 11.1.3: 11.1 Authorization by Domain Name Registrant 11.1.3 Wildcard Domain Validation Before issuing a certificate with a wildcard character (*) in a CN or subjectAltName of type DNS-ID, the CA MUST establish and follow a documented procedure† that determines if the wildcard character occurs in the first label position to the left of a “registry-controlled” label or “public suffix” (e.
Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21)
November 7, 2012 by Ben WilsonBallot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21) (Passed Unanimously) Motion Effective immediately, except as to Part E below. Erratum begins A. (Issue #8) Add the following as 10.2.5: “10.2.5 Subordinate CA Private Key Parties other than the Subordinate CA SHALL NOT archive the Subordinate CA Private Keys. If the Issuing CA generated the Private Key on behalf of the Subordinate CA, then the Issuing CA SHALL encrypt the Private Key for transport to the Subordinate CA.
November 7, 2012 by Ben WilsonBallot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21) (Passed Unanimously) Motion Effective immediately, except as to Part E below. Erratum begins A. (Issue #8) Add the following as 10.2.5: “10.2.5 Subordinate CA Private Key Parties other than the Subordinate CA SHALL NOT archive the Subordinate CA Private Keys. If the Issuing CA generated the Private Key on behalf of the Subordinate CA, then the Issuing CA SHALL encrypt the Private Key for transport to the Subordinate CA.
Ballot 88 – BR_9_2_4_Errata-ISO3166
September 12, 2012 by Ben WilsonBallot 88 – BR_9_2_4_Errata-ISO3166 (Passed) Motion Jeremy Rowley made the following motion and Rick Andrews and Rich Smith endorsed it: … Motion begins… Effective immediately Erratum begins Add a new Definition: Country: Either a member of the United Nations OR a geographic region recognized as a sovereign nation by at least two UN member nations. Modify the following sections as indicated below: 9.2 Subject Information By issuing the Certificate, the CA represents that it followed the procedure set forth in its Certificate Policy and/or Certification Practice Statement to verify that, as of the Certificate’s issuance date, all of the Subject Information was accurate.
September 12, 2012 by Ben WilsonBallot 88 – BR_9_2_4_Errata-ISO3166 (Passed) Motion Jeremy Rowley made the following motion and Rick Andrews and Rich Smith endorsed it: … Motion begins… Effective immediately Erratum begins Add a new Definition: Country: Either a member of the United Nations OR a geographic region recognized as a sovereign nation by at least two UN member nations. Modify the following sections as indicated below: 9.2 Subject Information By issuing the Certificate, the CA represents that it followed the procedure set forth in its Certificate Policy and/or Certification Practice Statement to verify that, as of the Certificate’s issuance date, all of the Subject Information was accurate.
Ballot 83 – Adopt Network and Certificate System Security Requirements
August 3, 2012 by Ben WilsonOn Ballot 83, there were “YES” votes from nine CAs and two Browsers. There were “NO” votes from four CAs and one Browser. Three CAs abstained. Therefore, Ballot 83 passes with 69% of CAs and 66% of Browsers in favor. Ben Wilson made the following motion, and Bill Madell and Rick Andrews endorsed it: Motion begins As of 1 January 2013 (“Effective Date”), the CA/Browser Forum adopts the “Network and Certificate System Security Requirements” Ballot Draft 1 as Version 1.
August 3, 2012 by Ben WilsonOn Ballot 83, there were “YES” votes from nine CAs and two Browsers. There were “NO” votes from four CAs and one Browser. Three CAs abstained. Therefore, Ballot 83 passes with 69% of CAs and 66% of Browsers in favor. Ben Wilson made the following motion, and Bill Madell and Rick Andrews endorsed it: Motion begins As of 1 January 2013 (“Effective Date”), the CA/Browser Forum adopts the “Network and Certificate System Security Requirements” Ballot Draft 1 as Version 1.
Ballot 80 – Response for Non-Issued Certificates
August 2, 2012 by Ben WilsonBallot 80 – Response for Non-Issued Certificates (Passed) Motion Yngve Pettersen made the following motion and Ben Wilson and Carsten Dahlenkamp endorsed it: … Motion begins…. Effective 1 Feb 2013 Erratum begins Insert a new section at the end of section 13.2 of the Baseline Requirements with the following heading and text: “13.2.6 Response for non-issued certificates If the OCSP responder receives a request for status of a certificate that has not been issued, then the responder SHOULD NOT respond with a “good” status.
August 2, 2012 by Ben WilsonBallot 80 – Response for Non-Issued Certificates (Passed) Motion Yngve Pettersen made the following motion and Ben Wilson and Carsten Dahlenkamp endorsed it: … Motion begins…. Effective 1 Feb 2013 Erratum begins Insert a new section at the end of section 13.2 of the Baseline Requirements with the following heading and text: “13.2.6 Response for non-issued certificates If the OCSP responder receives a request for status of a certificate that has not been issued, then the responder SHOULD NOT respond with a “good” status.
Ballot 81 – Required Format for Amendments to Existing Standards or Requirements
August 1, 2012 by Ben WilsonThis ballot was withdrawn.
August 1, 2012 by Ben WilsonThis ballot was withdrawn.