CA/Browser Forum

CA/Browser Forum posts

Posts by tag Server Certificates

    Ballot 27 – Alternatives for Verifying Domain Control
    May 26, 2009 by Ben WilsonBallot 27 – Alternatives for Verifying Domain Control (Rejected) Motion Steve Roylance made the following motion, and Bruce Morton and Bjørn Vermo endorsed it: Motion begins The Guidelines should be amended by the following erratum. Erratum begins Replace 18(b)(2)(B): (B) In cases where the registered domain holder cannot be contacted, the CA MUST: (1) Rely on a Verified Legal Opinion to the effect that Applicant has the exclusive right to use the specified domain name in identifying itself on the Internet, and
    Ballot 25 – PolicyQualifierld
    April 6, 2009 by Ben WilsonBallot 25 – PolicyQualifierld Motion Mads Henriksveen made the following motion, and Tim Moses and Robin Alden endorsed it: Motion begins Effective upon ratification of the ballot, the Guidelines should be amended by the following erratum. Erratum begins Replace this text from Appendix B, Section 2a: ” certificatePolicies:policyQualifiers:policyQualifierId • id-qt 2 ” with: ” certificatePolicies:policyQualifiers:policyQualifierId • id-qt 1 ” Erratum ends Motion ends The ballot review period comes into effect at 2100 UTC on 23 Mar 09 and will close at 2100 UTC on 30 Mar 2009.
    Ballot 26 – Certificate Reissuance
    March 17, 2009 by Ben WilsonBallot 26 – Certificate Reissuance (Passed Unanimously) Motion Steve Roylance made the following motion, and Ben Wilson and Jay Schiavo endorsed it: Motion begins The Guidelines should be amended by the following erratum. Erratum begins Replace this section which was itself previously amended by Errata: “25. EV Certificate Renewal Verification Requirements (a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.
    Ballot 24 – Acceptable Audits in EV Processing Guidelines
    February 13, 2009 by Ben WilsonBallot 24 – Acceptable Audits in EV Processing Guidelines (Passed Unanimously) Motion Stephen Davidson made the following motion and it was endorsed by Ben Wilson and Johnathan Nightingale. Motion begins Effective 13 Feb 2009, the EV Processing Requirements should be amended in accordance with the following erratum. For inclusion of an EV CA, the current EV Processing Requirements refer to “an acceptable audit program” whereas the EV Guidelines are more specific in Section J, referring to “equivalent audit procedures approved by the CA/Browser Forum”.
    Ballot 23 – EV Processing Guidelines
    January 16, 2009 by Ben WilsonBallot 23 – EV Processing Guidelines (Passed) Motion Tim Moses made the following motion, which was endorsed by Bjorn Vermo and Charlie Buckley. Motion begins The EV Processing Guidelines at … should be adopted by the CABForum. Motion ends The ballot review period comes into effect at 1700 EST on 19 Dec 2008,and will close at 1700 EST on 9 Jan 2009. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 1700 EST on 16 Jan 2009.
    Ballot 22 – RSA 1024 Retirement
    December 29, 2008 by Ben WilsonBallot 22 – RSA 1024 Retirement (Unanimously Passed) Motion Robin Alden made the following motion, and Steve Medin and Moudrick Dadashov endorsed it. Motion begins The Guidelines should be amended in accordance with the following erratum. Erratum begins Delete Appendix A and replace it with the following. Appendix A Minimum Cryptographic Algorithm and Key Sizes Root CA Certificates Root Certificates whose validity period begins on or before 31 Dec 2010 Root Certificates whose validity period begins after 31 Dec 2010 Digest algorithm MD5 (NOT RECOMMENDED),SHA-1 SHA-1*, SHA-256, SHA-384 or SHA-512 RSA 2048† 2048 ECC NIST P-256 NIST P-256 Subordinate CA Certificates Subordinate CA Certificates whose validity period begins on or before 31 Dec 2010 Subordinate CA Certificates whose validity period begins after 31 Dec 2010 Digest algorithm SHA-1 SHA-1*, SHA-256, SHA-384 or SHA-512 RSA 1024 2048 ECC NIST P-256 NIST P-256 Subscriber Certificates Subscriber Certificates whose validity period ends on or before 31 Dec 2010 Subscriber Certificates whose validity period ends after 31 Dec 2010 Digest algorithm SHA-1 SHA1*, SHA-256, SHA-384 or SHA-512 RSA 1024 2048 ECC NIST P-256 NIST P-256 † A Subscriber Certificate may, in addition, chain to an EV-enabled <2048-bit key RSA root CA certificate.
    Ballot 21 – Phone Number at Place of Business
    December 4, 2008 by Ben WilsonBallot 21 – Phone Number at Place of Business (Passed Unanimously) Motion Ken Bretschneider made the following motion, and Nick Hales and Bruce Morton endorsed it. Motion begins The Guidelines should be amended in accordance with the following erratum. Erratum begins Delete Section 16b and replace it with the following. (b) Telephone Number for Applicant’s Place of Business (1) Verification Requirements To further verify Applicant’s physical existence and business presence, as well as to assist in confirming other verification requirements, the CA MUST verify that the telephone number provided by Applicant is a main phone number for Applicant’s Place of Business.
    Ballot 19 – Authoritative Time Source
    November 7, 2008 by Ben WilsonBallot 19 – Authoritative Time Source (Passed Unanimously) Motion Ben Wilson made the following motion, and Peri Drucker and Bjørn Vermo endorsed it. Motion begins The Guidelines should be amended in accordance with the following erratum. Erratum begins In Appendix I, replace the paragraph that reads “An EV Timestamp Authority MUST be synchronized with a publicly accepted time source in the jurisdiction of its operation, (e.g. NIST or Naval Laboratory in the United States).
    Ballot 18 – Pre-Approved Requests
    September 16, 2008 by Ben WilsonBallot 18 – Pre-Approved Requests (Passed Unanimously) Motion Steve Roylance made the following motion, and Bruce Morton and Tony Berman endorsed it. Motion begins The Guidelines should be amended in accordance with the following erratum. Erratum begins Replace this paragraph from Section 11 EV Certificate Request Requirements (a) General Prior to the issuance of an EV Certificate, the CA MUST obtain from Applicant (via a Certificate Requester authorized to act on Applicant’s behalf) a properly completed and signed EV Certificate Request in a form prescribed by the CA and that complies with these Guidelines.
    The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).