CA/Browser Forum

Code Signing Ballots

Open Ballots (GitHub Pull Requests)

Closed Ballots (GitHub Pull Requests)

  • CSC-20 - Restore Version Reference to EV Guidelines
    Oct 30, 2023

    This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates” version 3.4 in order to restore a version reference to the Extended Validation Guidelines which was inadvertently removed in a previous version of the Requirements. In addition, a minor typographical issue is also resolved.

  • CSC 18 - Update Revocation Requirements
    Apr 6, 2023

    This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.2, Section 4.9.1 – “Circumstances for revocation” in order to align it with the TLS and S/MIME BRs and set stricter requirements for revocation due to Private Key Compromise and use in Suspect Code. The following motion has been proposed by Martijn Katerbarg of Sectigo and endorsed by Ian McMillan of Microsoft and Bruce Morton of Entrust.

  • Import TLS BR references into CSBRs
    Dec 15, 2022

  • CSC-17 - Subscriber Private Key Extension
    Sep 26, 2022

    This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.1 according to the attached redline which includes the change of the effective date of November 15, 2021, to June 1, 2023, subscriber key protection and verification requirements in the following sections:

    Section 6.2.7.4.1 Subscriber Private Key protection Section 6.2.7.4.2 Subscriber Private Key verification Section 1.2.2 Relevant Dates The change to extend the effective date for these sections regarding subscriber private key protection is to provide approximately 1 year of time from the public announcement of the requirement change for all effected parties to implement the changes.

  • CSC-15: Summer 2022 Cleanup
    Jul 14, 2022

    As part of the review process for ballot CSC-14, several minor typographical and formatting errors were identified. This ballot corrects those errors; no normative changes are introduced by this ballot.

  • CSC-14 - Convert Code Signing Baseline Requirements to RFC 3647 Framework
    Aug 31, 2021

    RFC 3647 defines a standard framework for outlining the obligations of participants in a PKI. Following the recommended framework as specified in RFC 3647 allows for easier comparison of “The Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” with other policy documents, most notably work products of other CA/Browser Forum working groups and individual Certification Authority Certificate Policies and Certification Practice Statements. This ballot restates all existing obligations and requirements that are contained in The Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” in the outline recommended by RFC 3647.

  • Initial mapping of 1.2 to 1.3 Format
    Jul 16, 2021

    Added documents Dimitris had shared with list

    Cut and pasted over any fields from 1.2 that mapped to the 1.3 structure of the BRs to the new version, according to https://github.com/seb-git/code-signing/blob/main/docs/RFC3647_Comparison_Table_for_Baseline_Requirements.pdf

    What’s left in this document are sections that either weren’t specified or didn’t match the section headers as indicated in the .pdf

    Where multiple sections where suggested as target section, the full origin section has been copied into both target sections for later clean up (e.g. 8.1 to 8 as well as 9.16.3)

    Where section headers didn’t match at all (e.g. section 16 in the origin document handles signing services) it wasn’t copied over

    The section headers from the original document where kept for now, so it’s clear where they came from

    Required next steps:

    1. Clean up duplicate sections
    2. Find 1.3 sections for remaining sections that have not been copied over
    3. Remove old header names, clean up format

Passed Ballots

Latest releases
S/MIME Requirements
v1.0.3 - Ballot SMC05 - Feb 20, 2024

Adding CAA.

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).