Server Certificate Working Group Ballots

Ballots by Status

Voting Period

Review Period

• SC79v2: Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate
• SC76v2: Clarify and Improve OCSP Requirements

Discussion Period

Draft / Under Consideration

There are no ballots with the status "New" in the Server Certificate Working Group
There are no ballots with the status "Pre-Ballot" in the Server Certificate Working Group

Passed

• SC78: Subject organizationName alignment for DBA / Assumed Name
• SC77: Update WebTrust Audit name in Section 8.4 and References
• SC75: Pre-sign linting
• SC73: Compromised and Weak Keys
• SC72: Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED
• SC68: Allow VATEL and VATXI for organizationIdentifier
• SC67: Require Multi-Perspective Issuance Corroboration
• SC69: Clarify router and firewall logging requirements
• SC70: Clarify the use of DTPs for Domain Control Validation
• SC65: Convert EVGs into RFC3647 format
• SC-63: Make OCSP optional, require CRLs and incentivize automation
• SC-64: Temporary Moratorium on New Certificate Consumer Memberships
• SC-66: Fall 2023 clean-up v4
• SC62: Certificate profiles update
• SC61: New CRL Entries must have a Revocation Reason Code
• SC58: require distributionPoint in sharded CRLs
• SC-56: 2022 Cleanup

Cancelled

• SC76: Clarify and Improve OCSP Requirements

Failed

• SC74: Clarify CP/CPS structure according to RFC 3647
• SC-59: Weak key guidance
• SC60: Membership of ZT Browser

Information about Ballots

• Ballot SC-80v3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods
• Ballot SC-76v2: Clarify and improve OCSP requirements
• Ballot SC-79v2: Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate
• Ballot SC-78: Subject organizationName alignment for DBA / Assumed Name
• Ballot SC-77: Update WebTrust Audit name in Section 8.4 and References
• Ballot SC-67 v3: Require domain validation and CAA checks to be performed from multiple Network Perspectives Corroboration
• Ballot SC-75: Pre-sign linting
• Ballot SC-73: Compromised and weak keys
• Ballot SC-72: Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED
• Ballot SC-65v2: Convert EVGs into RFC 3647 format
• Ballot SC-69: Clarify router and firewall logging requirements
• Ballot SC-70: Clarify the use of DTPs for Domain Control Validation
• Ballot SC-68: Allow VATEL and VATXI for organizationIdentifier
• Ballot SC-066 v4: Fall 2023 Clean up
• Ballot SC-063 v4: Make OCSP Optional, Require CRLs, and Incentivize Automation
• Ballot SC-59v2: Weak key guidance
• Ballot SC-64: Temporary Moratorium on New Certificate Consumer Memberships
• Ballot SC62v2-Certificate profiles update
• Ballot SC61v4 – New CRL Entries must have a Revocation Reason Code
• Ballot SC60: Membership of ZT Browser
• Ballot SC58 – Require distributionPoint in sharded CRLs
• Ballot SC56: 2022 Cleanup
• Ballot SC54: Onion Cleanup
• Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements
• Ballot SC53: Sunset for SHA-1 OCSP Signing
• Ballot SC-52 v 2: Specify CRL Validity Intervals in Seconds
• Ballot SC50: Remove the requirements of section 4.1.1
• Ballot SC49: Special Election for Server Certificate Working Group Vice-Chair
• Ballot SC48 v2: Domain Name and IP Address Encoding
• Ballot SC47v2: Sunset subject:organizationalUnitName
• Ballot SC45: Wildcard Domain Validation
• Ballot SC46: Sunset the CAA exception for DNS Operator
• Ballot SC44: Clarify Acceptable Status Codes
• Ballot SC42: 398-day Re-use Period
• Ballot SC43 – Clarify Acceptable Status Codes
• Ballot SC41: Reformatting the BRs, EVGs, and NCSSRs
• Ballot SC37: Election of Server Certificate Working Group Vice Chair
• Ballot SC39v3: Definition of Critical Vulnerability
• Ballot SC40 – Security Requirements for Air-Gapped CA Systems
• Ballot SC38: Alignment of Record Archival
• Special Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair
• Ballot SC34 – Account Management
• Ballot CSCWG-3: Election of Code Signing Certificate Working Group Chair
• Ballot SC36: Election of Server Certificate Working Group Chair
• Ballot SC28: Logging and Log Retention
• Ballot SC35: Cleanups and Clarifications
• Ballot SC33: TLS Using ALPN Method
• Ballot SC32 – NCSSRs Zones
• Ballot CSCWG-2: Combine Baseline and EV Code Signing Documents
• Ballot SC30v2: Disclosure of Registration / Incorporating Agency
• Ballot SC31: Browser Alignment
• Ballot SC29v3: System Configuration Management
• Ballot SC26v2: Pandoc-Friendly Markdown Formatting Changes
• Ballot SC20: System Configuration Management
• Ballot SC27v3: Version 3 Onion Certificates
• Ballot SC25: Define New HTTP Domain Validation Methods v2
• Ballot SC23 V3 – Precertificates
• Ballot SC24: Fall Cleanup V2
• Ballot SC21 – the Network and Certificate Systems Security Requirements section 3 (Log Integrity Controls)
• Ballot SC22 – Reduce Certificate Lifetimes (v2)
• Ballot FORUM-9: Bylaws and Server Certificate Working Group Charter Updates
• Ballot SC19: Phone Contact with DNS CAA Phone Contact v2
• Ballot SC17 version 7: Alternative registration numbers for EV certificates
• Ballot SC18: Phone Contact with DNS CAA Phone Contact
• Ballot SC16: Other Subject Attributes
• Ballot SC7: Update IP Address Validation Methods
• Ballot SC15: Remove Validation Method Number 9
• Ballot SC14: Updated Phone Validation Methods
• Ballot SC13: CAA Contact Property and Associated E-mail Validation Methods
• Ballot SC12: Sunset of Underscores in dNSNames
• Ballot SC4: CAA Contact Property and Associated E-mail Validation Method
• Ballot Forum-7: Update ETSI requirements in SCWG Charter
• Ballot SC-10: Establishing the Network Security Subcommittee of the SCWG
• Ballot SC-9: Establish the Validation Subcommittee of the SCWG
• Ballot SC5 – Election of Wayne Thayer as SCWG Vice Chair
• Ballot SC11 – Update ETSI requirements in the SCWG Charter
• Ballot SC6 – Revocation Timeline Extension
• Ballot SC8 – Election of Dimitris Zacharopoulos as SCWG Chair
• Ballot SC3: Two-Factor Authentication and Password Improvements
• Ballot SC-1: [Empty]
• Ballot SC2 – Validating Certificates via CAA CONTACT
• Ballot 221 – Two-Factor Authentication and Password Improvements
• Ballot 224: WHOIS and RDAP
• Ballot 223 – Update BR Section 8.4 for CA audit criteria
• Ballot 222 – Remove “Any other method” for IP Address validation
• Ballot 219 – Clarify handling of CAA Record Sets with no “issue”/”issuewild” property tag
• Ballot 220 – Minor Cleanups (Spring 2018)
• Ballot 218 – Remove validation methods 1 and 5
• Ballot 217 – Sunset RFC 2527
• Ballot 208 – dnQualifiers
• Ballot 207 – ASN.1 Jurisdiction in EV Guidelines
• Ballot 209 – EV Liability
• Ballot 215 – Fix Ballot 190 Errata
• Ballot 213 – Revocation Timeline Extension
• Ballot 211 – Resolution of Approval for WTCA v2.1 Changes
• Ballot 214 – CAA Discovery CNAME Errata
• Ballot 190 – Revised Validation Requirements
• Ballot 212 – Canonicalise formal name of the Baseline Requirements
• Ballot 210 – Misc. Changes to the NCSSR
• Ballot 202 – Underscore and Wildcard Characters
• Ballot 204 – Forbid DTPs from doing Domain/IP Ownership
• Ballot 192 – Notary Revision
• Ballot 201 – .onion Revisions
• Ballot 191 – Clarify Place of Business Information
• Ballot 199 – Require commonName in Root and Intermediate Certificates
• Ballot 198 – .Onion Revisions
• Ballot 197 – Effective Date of Ballot 193 Provisions
• Ballot 196 – Define “Audit Period”
• Ballot 195 – CAA Fixup
• Ballot 189 – Amend Section 6.1.7 of Baseline Requirements
• Ballot 194 – Effective Date of Ballot 193 Provisions
• Ballot 193 – 825-day Certificate Lifetimes
• Ballot 187 – Make CAA Checking Mandatory
• Ballot 188 – Clarify use of term “CA” in Baseline Requirements
• Ballot 185 – Limiting the Lifetime of Certificates
• Ballot 186 – Limiting the Reuse of Validation Information
• Ballot 184 – RFC822 Names and otherNames
• Ballot 182 – Readopting BR 3.2.2.4 (Part 2)
• Ballot 181 – Readopting BR 3.2.2.4 (Part 1)
• Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
• Ballot 176 – Addition of CNAME verification to domain validation methods
• Ballot 175 – Addition of given name and surname
• Ballot 174 – Reform of Requirements Relating to Conflict with Local Laws
• Ballot 169 – Revised Validation Requirements
• Ballot 173 – Removal of requirement to cease use of private key due to incorrect certificate info
• Ballot 171 – Updating the ETSI standards in the CABF documents
• Ballot 170 – Amend Section 5.1 of Baseline Requirements
• Ballot 168 – Baseline Requirement Corrections – revised
• Ballot 167 – Baseline Requirements Corrections
• Ballot 164 – Certificate Serial Number Entropy
• Ballot 163 – Fix Errata in EV Guidelines 11.2.1
• Ballot 162 – Sunset of Exceptions
• Ballot 161 – Notification of incorrect issuance
• Ballot 160 – Amend Section 4 of Baseline Requirements
• Ballot 159 – Amend Section 4 of Baseline Requirements
• Ballot 156 – Amend Sections 1 and 2 of Baseline Requirements
• Ballots 154 and 155 – Convert to RFC 3647 Framework and GitHub
• Ballot 155 – Convert Network and Certificate System Security Requirements to RFC 3647 Framework and GitHub
• Ballot 153 – Short-Lived Certificates
• Ballot 152 – SHA-1 Deprecation
• Ballot 151 – Addition of Optional OIDs for Indicating Level of Validation
• Ballot 150 – OID Revisions
• Ballot 147 – Attorney Accountant Letter Changes
• Ballot 146 – Convert Baseline Requirements to RFC 3647 Framework
• Ballot 148 – Issuer Field Correction
• Ballot 145 – Operational Existence for Government Entities
• Ballot 144 – Validation rules for .onion names
• Ballot 143 – Formalization of Validation Working Group
• Ballot 142 – Elimination of EV Insurance Requirement
• Ballot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates
• Ballot 140 – Short-Life Certificates
• Ballot 133 – Insurance Requirements for EV Issuers
• Ballot 135 – ETSI Auditor Qualifications (passed)
• Ballot 134 – Application of RFC 5280 to Pre-certificates
• Ballot 123 – Reuse of Information (passed)
• Ballot 118 – SHA-1 Sunset (passed)
• Ballot 125 – CAA Records (passed)
• Ballot 131 – Update to Verified Method of Communication (passed)
• Ballot 129 – PSL in BR 11.1.3 (passed)
• Ballot 126 – Operational Existence (passed)
• Ballot 127 – Verification of Agency in EV Guidelines 11.7.2 (passes)
• Ballot 128 – CP Review Working Group (passes)
• Ballot 124 – Business Entity Clarification (passed)
• Ballot 120 – Affiliate Authority to Verify Domain (passed)
• Ballot 122 – Verified Method of Communication (failed)
• Ballot 121 – EV Guidelines Insurance Requirements(failed)
• Ballot 112 – Replace Definition of “Internal Server Name” with “Internal Name”(passed)
• Ballot 119 – Remove “OfIncorporation” from OID descriptions in EVG 9.2.5(passed)
• Ballot 114 – Improvements to the EV Definitions(passed)
• Ballot 89 – Publish Recommendations for the Processing of EV SSL Certificates v.2(passes)
• Ballot 113 – Revision to QIIS in EV Guidelines(passes)
• Ballot 111 – Accelerate Max Certificate Lifetime Reduction Timetable
• Ballot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines
• Ballot 108 – Defining the Scope of the Baseline Requirements
• Ballot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates
• Ballot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption.
• Ballot 104 – EV Domain Validation
• Ballot 103 – OCSP AIA and TLS Feature Extension
• Ballot 101 – EV 11.10.2 Accountants
• Ballot 102 – BR 9.2.3 domainComponent
• Ballot 100 – Extend Deadline – OCSP Good Response
• Ballot 99 – Add DSA Keys
• Ballot 97 – Prevention of Unknown Certificate Contents
• Ballot 96 – Wildcard Certificates and New gTLDs
• Ballot 92 – Subject Alternative Names
• Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21)
• Ballot 88 – BR_9_2_4_Errata-ISO3166
• Ballot 86 – Errata plus ISO3166
• Ballot 84 – ISO 3166-1 User-assigned codes
• Ballot 83 – Adopt Network and Certificate System Security Requirements
• Ballot 80 – Response for Non-Issued Certificates
• Ballot 81 – Required Format for Amendments to Existing Standards or Requirements
• Ballot 69 – Individual Validation Policy
• Ballot 78 – Updates to Domain and IP Validation, High Risk Requests, and Data Source in the Baseline Requirements
• Ballot 76 – Public Review of Network Security Controls
• Ballot 75 – NameConstraints Criticality Flag
• Ballot 74 – Updates to Domain and IP Validation, High Risk Requests, and Data Source in the Baseline Requirements
• Ballot 72 – Reorganize EV Documents
• Ballot 71 – Auditor Qualification Requirements
• Ballot 68- No Unknown Contents
• Ballot 95 – Guidance on Deprecated Internal Names
• Ballot 64 Revised – Recognized Existence
• Ballot 65 – QIIS Definition Update
• Ballot 62 – Adopt Baseline Requirements Draft 50
• Ballot 61 – Verification Requirements for Parent Subsidiary
• Ballot 60 – Verification Requirements for Parent Subsidiary
• Ballot 58 – Operational Existence Through Parent Subsidiary
• Ballot 57 – Verifying Agency Through Confirmation of Employment Using QIIS or QGIS
• Ballot 59 – Public Review of v. 30b of the Baseline Requirements
• Ballot 56 – QGIS Contact Information
• Ballot 55 – Romanization of Japanese Corporate Names
• Ballot 54 – EV 1-3 Adoption
• Ballot 53 – Contract Signer Self-Asserted Authority
• Ballot 52 – Contract Signer Self-Asserted Authority
• Ballot 51 – Notaries
• Ballot 50 – 64-Character “O” Field
• Ballot 49 – New Certificate for Existing Subscriber
• Ballot 48 – Telephone Number at Place of Business
• Ballot 47 – Document Aging
• Ballot 46 – Audit Report Availability Timing
• Ballot 45 – Verification of Authority
• Ballot 44 – IFAC Membership
• Ballot 43 – Business Categories
• Ballot 42 – Principal Individual
• Ballot 41 – Auditing Report Publication
• Ballot 40 – Terms of Use
• Ballot 37 – Another QGIS
• Ballot 36 – Public WHOIS Information
• Ballot 35 – Role Requirements
• Ballot 34 – Adopt EV Guidelines draft 03 as Version 1.2
• Ballot 30 – Reserved Domain Names
• Ballot 31 – Allow ETSI 102 042
• Ballot 33- Subject Attribute Requirements
• Ballot 32 – Revocation for Well-Known Private Key
• Ballot 29 – Guidelines Renumbering
• Ballot 27 – Alternatives for Verifying Domain Control
• Ballot 25 – PolicyQualifierld
• Ballot 26 – Certificate Reissuance
• Ballot 24 – Acceptable Audits in EV Processing Guidelines
• Ballot 23 – EV Processing Guidelines
• Ballot 22 – RSA 1024 Retirement
• Ballot 21 – Phone Number at Place of Business
• Ballot 19 – Authoritative Time Source
• Ballot 18 – Pre-Approved Requests
• Ballot 17 – Maximum Validity Period
• Ballot 16- Unverified Content
• Ballot 15 – Certificate Renewal
• Ballot 14 – Allowed EKUs
• Ballot 13 – QGIS for Place of Business
• Ballot 12 – Adoption of Guidelines v1.1