CA/Browser Forum posts
Posts by tag Server Certificates
Ballot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption.
July 29, 2013 by Ben WilsonBallot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption. (Passed) Motion Steve Roylance made the following motion, and Gervase Markham from Mozilla and Stephen Davidson from QuoVadis endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, this ballot provides clarity to the language covering external audits for Subordinate CAs, removing ambiguity as well as providing better alignment of the Baseline Requirements to the Mozilla CA Root program where the subject is already covered and accepted by the wider PKI community. In addition, the proposal sets out to aid wider and broader PKI adoption by Subordinate CAs by defining the use of Technical Constraints and highlighting how additional barriers to adoption within the guidelines can be optional when using Name Constraints, specifically the requirement for ‘OCSP Good’ responses originally proposed in Ballot 100. We propose amending the Baseline Requirements Guidelines as follows:
July 29, 2013 by Ben WilsonBallot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption. (Passed) Motion Steve Roylance made the following motion, and Gervase Markham from Mozilla and Stephen Davidson from QuoVadis endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, this ballot provides clarity to the language covering external audits for Subordinate CAs, removing ambiguity as well as providing better alignment of the Baseline Requirements to the Mozilla CA Root program where the subject is already covered and accepted by the wider PKI community. In addition, the proposal sets out to aid wider and broader PKI adoption by Subordinate CAs by defining the use of Technical Constraints and highlighting how additional barriers to adoption within the guidelines can be optional when using Name Constraints, specifically the requirement for ‘OCSP Good’ responses originally proposed in Ballot 100. We propose amending the Baseline Requirements Guidelines as follows:
Ballot 104 – EV Domain Validation
July 9, 2013 by Ben WilsonBallot 104 – Domain verification for EV Certificates (Passed) Motion Rich Smith of Comodo made the following motion, and Jeremy Rowley from DigiCert and Mads Henriksveen from Buypass endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to reconcile the differences in domain verification specified in the Baseline Requirements and EV Guidelines, clarify language within the EV Guidelines about the right to use a domain name, and permit additional alternatives in verifying domain control or ownership, we propose amending the EV Guidelines as follows:
July 9, 2013 by Ben WilsonBallot 104 – Domain verification for EV Certificates (Passed) Motion Rich Smith of Comodo made the following motion, and Jeremy Rowley from DigiCert and Mads Henriksveen from Buypass endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to reconcile the differences in domain verification specified in the Baseline Requirements and EV Guidelines, clarify language within the EV Guidelines about the right to use a domain name, and permit additional alternatives in verifying domain control or ownership, we propose amending the EV Guidelines as follows:
Ballot 103 – OCSP AIA and TLS Feature Extension
June 15, 2013 by Ben WilsonThis ballot lacked an endorser.
June 15, 2013 by Ben WilsonThis ballot lacked an endorser.
Ballot 101 – EV 11.10.2 Accountants
June 7, 2013 by Ben WilsonBallot 101 – Section 11.10.2 of EV Guidelines – Accountant Licensing (Passed) Motion Ryan Koski made the following motion, and Ben Wilson from DigiCert and Rich Smith from Comodo endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to eliminate a conflict in the Extended Validation Guidelines between the definition of Accounting Practitioner in Section 4 (Definitions) mentioning “country” and the specific requirements for verifying the status of Accounting Practitioners in 11.10.2(1)(A) which does not, and to clarify the requirement, we propose amending section 11.10.2 as follows:
June 7, 2013 by Ben WilsonBallot 101 – Section 11.10.2 of EV Guidelines – Accountant Licensing (Passed) Motion Ryan Koski made the following motion, and Ben Wilson from DigiCert and Rich Smith from Comodo endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to eliminate a conflict in the Extended Validation Guidelines between the definition of Accounting Practitioner in Section 4 (Definitions) mentioning “country” and the specific requirements for verifying the status of Accounting Practitioners in 11.10.2(1)(A) which does not, and to clarify the requirement, we propose amending section 11.10.2 as follows:
Ballot 102 – BR 9.2.3 domainComponent
May 31, 2013 by Ben WilsonBallot 102 – BR 9.2.3 domainComponents (Passed) Motion Jeremy Rowley of DigiCert made the following motion, and Robin Alden from Comodo and Geoffrey Keating from Apple endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to conform to requirements of other industry bodies, including the Internet Grid Trust Federation, and to allow the encoding of domain components in certificates that interact with the configurations of some LDAP directories, we propose amending Section 9.2.3 of the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates as follows:
May 31, 2013 by Ben WilsonBallot 102 – BR 9.2.3 domainComponents (Passed) Motion Jeremy Rowley of DigiCert made the following motion, and Robin Alden from Comodo and Geoffrey Keating from Apple endorsed it: Motion Begins EFFECTIVE IMMEDIATELY, in order to conform to requirements of other industry bodies, including the Internet Grid Trust Federation, and to allow the encoding of domain components in certificates that interact with the configurations of some LDAP directories, we propose amending Section 9.2.3 of the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates as follows:
Ballot 100 – Extend Deadline – OCSP Good Response
May 30, 2013 by Ben WilsonThis ballot was withdrawn.
May 30, 2013 by Ben WilsonThis ballot was withdrawn.
Ballot 99 – Add DSA Keys
May 3, 2013 by Ben WilsonBallot 99 – Add DSA Keys (Passed) Motion begins Erratum begins In the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, Appendix A, add to each of the tables (1) Root CA Certificates, (2) Subordinate CA Certificates, and (3) Subscriber Certificates a new row with these three column entries (comma-separated): Minimum DSA modulus and divisor size (bits) ***, L= 2048, N= 224 or L= 2048, N= 256, L= 2048, N= 224 or L= 2048, N= 256
May 3, 2013 by Ben WilsonBallot 99 – Add DSA Keys (Passed) Motion begins Erratum begins In the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, Appendix A, add to each of the tables (1) Root CA Certificates, (2) Subordinate CA Certificates, and (3) Subscriber Certificates a new row with these three column entries (comma-separated): Minimum DSA modulus and divisor size (bits) ***, L= 2048, N= 224 or L= 2048, N= 256, L= 2048, N= 224 or L= 2048, N= 256
Ballot 97 – Prevention of Unknown Certificate Contents
February 21, 2013 by Ben WilsonBallot 97 – Prevention of Unknown Certificate Contents (Passed) Motion Jeremy Rowley made the following motion, and Ryan Hurst and Robin Alden endorsed it: Motion begins Erratum begins A. In Section 10.2.3, after the first paragraph, insert: “The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant.”
February 21, 2013 by Ben WilsonBallot 97 – Prevention of Unknown Certificate Contents (Passed) Motion Jeremy Rowley made the following motion, and Ryan Hurst and Robin Alden endorsed it: Motion begins Erratum begins A. In Section 10.2.3, after the first paragraph, insert: “The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant.”
Ballot 96 – Wildcard Certificates and New gTLDs
February 20, 2013 by Ben WilsonBallot 96 – Wildcard Certificates and New gTLDs (Passed) Motion
February 20, 2013 by Ben WilsonBallot 96 – Wildcard Certificates and New gTLDs (Passed) Motion