Server Certificate Working Group Ballots
Ballots by Status
Voting Period
There are no ballots with the status "Voting Period" in the Server Certificate Working GroupIPR Review Period
There are no ballots with the status "IPR Review" in the Server Certificate Working GroupDiscussion Period
- SC-083: Winter 2024-2025 Cleanup Ballot
Draft / Under Consideration
- SC-084: DNS Labeled with ACME Account ID Validation Method
There are no ballots with the status "Pre-Ballot" in the Server Certificate Working Group
Passed
- SC80 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods
- SC79v2: Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate
- SC76v2: Clarify and Improve OCSP Requirements
- SC78: Subject organizationName alignment for DBA / Assumed Name
- SC77: Update WebTrust Audit name in Section 8.4 and References
- SC75: Pre-sign linting
- SC73: Compromised and Weak Keys
- SC72: Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED
- SC68: Allow VATEL and VATXI for organizationIdentifier
- SC67: Require Multi-Perspective Issuance Corroboration
- SC69: Clarify router and firewall logging requirements
- SC65: Convert EVGs into RFC3647 format
- SC-63: Make OCSP optional, require CRLs and incentivize automation
- SC-64: Temporary Moratorium on New Certificate Consumer Memberships
- SC-66: Fall 2023 clean-up v4
- SC62: Certificate profiles update
- SC61: New CRL Entries must have a Revocation Reason Code
- SC58: require distributionPoint in sharded CRLs
- SC-56: 2022 Cleanup
Cancelled
- SC76: Clarify and Improve OCSP Requirements
Failed
- SC82: Clarify CA Assisted DNS Validation under 3.2.2.4.7
- SC74: Clarify CP/CPS structure according to RFC 3647
- SC70: Clarify the use of DTPs for Domain Control Validation
- SC-59: Weak key guidance
- SC60: Membership of ZT Browser
Information about Ballots
- Ballot SC-82: Clarify CA Assisted DNS Validation under 3.2.2.4.7
- Ballot SC-80v3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods
- Ballot SC-76v2: Clarify and improve OCSP requirements
- Ballot SC-79v2: Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate
- Ballot SC-78: Subject organizationName alignment for DBA / Assumed Name
- Ballot SC-77: Update WebTrust Audit name in Section 8.4 and References
- Ballot SC-67 v3: Require domain validation and CAA checks to be performed from multiple Network Perspectives Corroboration
- Ballot SC-75: Pre-sign linting
- Ballot SC-73: Compromised and weak keys
- Ballot SC-72: Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED
- Ballot SC-65v2: Convert EVGs into RFC 3647 format
- Ballot SC-69: Clarify router and firewall logging requirements
- Ballot SC-70: Clarify the use of DTPs for Domain Control Validation
- Ballot SC-68: Allow VATEL and VATXI for organizationIdentifier
- Ballot SC-066 v4: Fall 2023 Clean up
- Ballot SC-063 v4: Make OCSP Optional, Require CRLs, and Incentivize Automation
- Ballot SC-59v2: Weak key guidance
- Ballot SC-64: Temporary Moratorium on New Certificate Consumer Memberships
- Ballot SC62v2-Certificate profiles update
- Ballot SC61v4 – New CRL Entries must have a Revocation Reason Code
- Ballot SC60: Membership of ZT Browser
- Ballot SC58 – Require distributionPoint in sharded CRLs
- Ballot SC56: 2022 Cleanup
- Ballot SC54: Onion Cleanup
- Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements
- Ballot SC53: Sunset for SHA-1 OCSP Signing
- Ballot SC-52 v 2: Specify CRL Validity Intervals in Seconds
- Ballot SC50: Remove the requirements of section 4.1.1
- Ballot SC49: Special Election for Server Certificate Working Group Vice-Chair
- Ballot SC48 v2: Domain Name and IP Address Encoding
- Ballot SC47v2: Sunset subject:organizationalUnitName
- Ballot SC45: Wildcard Domain Validation
- Ballot SC46: Sunset the CAA exception for DNS Operator
- Ballot SC44: Clarify Acceptable Status Codes
- Ballot SC42: 398-day Re-use Period
- Ballot SC43 – Clarify Acceptable Status Codes
- Ballot SC41: Reformatting the BRs, EVGs, and NCSSRs
- Ballot SC37: Election of Server Certificate Working Group Vice Chair
- Ballot SC39v3: Definition of Critical Vulnerability
- Ballot SC40 – Security Requirements for Air-Gapped CA Systems
- Ballot SC38: Alignment of Record Archival
- Special Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair
- Ballot SC34 – Account Management
- Ballot CSCWG-3: Election of Code Signing Certificate Working Group Chair
- Ballot SC36: Election of Server Certificate Working Group Chair
- Ballot SC28: Logging and Log Retention
- Ballot SC35: Cleanups and Clarifications
- Ballot SC33: TLS Using ALPN Method
- Ballot SC32 – NCSSRs Zones
- Ballot CSCWG-2: Combine Baseline and EV Code Signing Documents
- Ballot SC30v2: Disclosure of Registration / Incorporating Agency
- Ballot SC31: Browser Alignment
- Ballot SC29v3: System Configuration Management
- Ballot SC26v2: Pandoc-Friendly Markdown Formatting Changes
- Ballot SC20: System Configuration Management
- Ballot SC27v3: Version 3 Onion Certificates
- Ballot SC25: Define New HTTP Domain Validation Methods v2
- Ballot SC23 V3 – Precertificates
- Ballot SC24: Fall Cleanup V2
- Ballot SC21 – the Network and Certificate Systems Security Requirements section 3 (Log Integrity Controls)
- Ballot SC22 – Reduce Certificate Lifetimes (v2)
- Ballot FORUM-9: Bylaws and Server Certificate Working Group Charter Updates
- Ballot SC19: Phone Contact with DNS CAA Phone Contact v2
- Ballot SC17 version 7: Alternative registration numbers for EV certificates
- Ballot SC18: Phone Contact with DNS CAA Phone Contact
- Ballot SC16: Other Subject Attributes
- Ballot SC7: Update IP Address Validation Methods
- Ballot SC15: Remove Validation Method Number 9
- Ballot SC14: Updated Phone Validation Methods
- Ballot SC13: CAA Contact Property and Associated E-mail Validation Methods
- Ballot SC12: Sunset of Underscores in dNSNames
- Ballot SC4: CAA Contact Property and Associated E-mail Validation Method
- Ballot Forum-7: Update ETSI requirements in SCWG Charter
- Ballot SC-10: Establishing the Network Security Subcommittee of the SCWG
- Ballot SC-9: Establish the Validation Subcommittee of the SCWG
- Ballot SC5 – Election of Wayne Thayer as SCWG Vice Chair
- Ballot SC11 – Update ETSI requirements in the SCWG Charter
- Ballot SC6 – Revocation Timeline Extension
- Ballot SC8 – Election of Dimitris Zacharopoulos as SCWG Chair
- Ballot SC3: Two-Factor Authentication and Password Improvements
- Ballot SC-1: [Empty]
- Ballot SC2 – Validating Certificates via CAA CONTACT
- Ballot 221 – Two-Factor Authentication and Password Improvements
- Ballot 224: WHOIS and RDAP
- Ballot 223 – Update BR Section 8.4 for CA audit criteria
- Ballot 222 – Remove “Any other method” for IP Address validation
- Ballot 219 – Clarify handling of CAA Record Sets with no “issue”/”issuewild” property tag
- Ballot 220 – Minor Cleanups (Spring 2018)
- Ballot 218 – Remove validation methods 1 and 5
- Ballot 217 – Sunset RFC 2527
- Ballot 208 – dnQualifiers
- Ballot 207 – ASN.1 Jurisdiction in EV Guidelines
- Ballot 209 – EV Liability
- Ballot 215 – Fix Ballot 190 Errata
- Ballot 213 – Revocation Timeline Extension
- Ballot 211 – Resolution of Approval for WTCA v2.1 Changes
- Ballot 214 – CAA Discovery CNAME Errata
- Ballot 190 – Revised Validation Requirements
- Ballot 212 – Canonicalise formal name of the Baseline Requirements
- Ballot 210 – Misc. Changes to the NCSSR
- Ballot 202 – Underscore and Wildcard Characters
- Ballot 204 – Forbid DTPs from doing Domain/IP Ownership
- Ballot 192 – Notary Revision
- Ballot 201 – .onion Revisions
- Ballot 191 – Clarify Place of Business Information
- Ballot 199 – Require commonName in Root and Intermediate Certificates
- Ballot 198 – .Onion Revisions
- Ballot 197 – Effective Date of Ballot 193 Provisions
- Ballot 196 – Define “Audit Period”
- Ballot 195 – CAA Fixup
- Ballot 189 – Amend Section 6.1.7 of Baseline Requirements
- Ballot 194 – Effective Date of Ballot 193 Provisions
- Ballot 193 – 825-day Certificate Lifetimes
- Ballot 187 – Make CAA Checking Mandatory
- Ballot 188 – Clarify use of term “CA” in Baseline Requirements
- Ballot 185 – Limiting the Lifetime of Certificates
- Ballot 186 – Limiting the Reuse of Validation Information
- Ballot 184 – RFC822 Names and otherNames
- Ballot 182 – Readopting BR 3.2.2.4 (Part 2)
- Ballot 181 – Readopting BR 3.2.2.4 (Part 1)
- Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
- Ballot 176 – Addition of CNAME verification to domain validation methods
- Ballot 175 – Addition of given name and surname
- Ballot 174 – Reform of Requirements Relating to Conflict with Local Laws
- Ballot 169 – Revised Validation Requirements
- Ballot 173 – Removal of requirement to cease use of private key due to incorrect certificate info
- Ballot 171 – Updating the ETSI standards in the CABF documents
- Ballot 170 – Amend Section 5.1 of Baseline Requirements
- Ballot 168 – Baseline Requirement Corrections – revised
- Ballot 167 – Baseline Requirements Corrections
- Ballot 164 – Certificate Serial Number Entropy
- Ballot 163 – Fix Errata in EV Guidelines 11.2.1
- Ballot 162 – Sunset of Exceptions
- Ballot 161 – Notification of incorrect issuance
- Ballot 160 – Amend Section 4 of Baseline Requirements
- Ballot 159 – Amend Section 4 of Baseline Requirements
- Ballot 156 – Amend Sections 1 and 2 of Baseline Requirements
- Ballots 154 and 155 – Convert to RFC 3647 Framework and GitHub
- Ballot 155 – Convert Network and Certificate System Security Requirements to RFC 3647 Framework and GitHub
- Ballot 153 – Short-Lived Certificates
- Ballot 152 – SHA-1 Deprecation
- Ballot 151 – Addition of Optional OIDs for Indicating Level of Validation
- Ballot 150 – OID Revisions
- Ballot 147 – Attorney Accountant Letter Changes
- Ballot 146 – Convert Baseline Requirements to RFC 3647 Framework
- Ballot 148 – Issuer Field Correction
- Ballot 145 – Operational Existence for Government Entities
- Ballot 144 – Validation rules for .onion names
- Ballot 143 – Formalization of Validation Working Group
- Ballot 142 – Elimination of EV Insurance Requirement
- Ballot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates
- Ballot 140 – Short-Life Certificates
- Ballot 133 – Insurance Requirements for EV Issuers
- Ballot 135 – ETSI Auditor Qualifications (passed)
- Ballot 134 – Application of RFC 5280 to Pre-certificates
- Ballot 123 – Reuse of Information (passed)
- Ballot 118 – SHA-1 Sunset (passed)
- Ballot 125 – CAA Records (passed)
- Ballot 131 – Update to Verified Method of Communication (passed)
- Ballot 129 – PSL in BR 11.1.3 (passed)
- Ballot 126 – Operational Existence (passed)
- Ballot 127 – Verification of Agency in EV Guidelines 11.7.2 (passes)
- Ballot 128 – CP Review Working Group (passes)
- Ballot 124 – Business Entity Clarification (passed)
- Ballot 120 – Affiliate Authority to Verify Domain (passed)
- Ballot 122 – Verified Method of Communication (failed)
- Ballot 121 – EV Guidelines Insurance Requirements(failed)
- Ballot 112 – Replace Definition of “Internal Server Name” with “Internal Name”(passed)
- Ballot 119 – Remove “OfIncorporation” from OID descriptions in EVG 9.2.5(passed)
- Ballot 114 – Improvements to the EV Definitions(passed)
- Ballot 89 – Publish Recommendations for the Processing of EV SSL Certificates v.2(passes)
- Ballot 113 – Revision to QIIS in EV Guidelines(passes)
- Ballot 111 – Accelerate Max Certificate Lifetime Reduction Timetable
- Ballot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines
- Ballot 108 – Defining the Scope of the Baseline Requirements
- Ballot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates
- Ballot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption.
- Ballot 104 – EV Domain Validation
- Ballot 103 – OCSP AIA and TLS Feature Extension
- Ballot 101 – EV 11.10.2 Accountants
- Ballot 102 – BR 9.2.3 domainComponent
- Ballot 100 – Extend Deadline – OCSP Good Response
- Ballot 99 – Add DSA Keys
- Ballot 97 – Prevention of Unknown Certificate Contents
- Ballot 96 – Wildcard Certificates and New gTLDs
- Ballot 92 – Subject Alternative Names
- Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21)
- Ballot 88 – BR_9_2_4_Errata-ISO3166
- Ballot 86 – Errata plus ISO3166
- Ballot 84 – ISO 3166-1 User-assigned codes
- Ballot 83 – Adopt Network and Certificate System Security Requirements
- Ballot 80 – Response for Non-Issued Certificates
- Ballot 81 – Required Format for Amendments to Existing Standards or Requirements
- Ballot 69 – Individual Validation Policy
- Ballot 78 – Updates to Domain and IP Validation, High Risk Requests, and Data Source in the Baseline Requirements
- Ballot 76 – Public Review of Network Security Controls
- Ballot 75 – NameConstraints Criticality Flag
- Ballot 74 – Updates to Domain and IP Validation, High Risk Requests, and Data Source in the Baseline Requirements
- Ballot 72 – Reorganize EV Documents
- Ballot 71 – Auditor Qualification Requirements
- Ballot 68- No Unknown Contents
- Ballot 95 – Guidance on Deprecated Internal Names
- Ballot 64 Revised – Recognized Existence
- Ballot 65 – QIIS Definition Update
- Ballot 62 – Adopt Baseline Requirements Draft 50
- Ballot 61 – Verification Requirements for Parent Subsidiary
- Ballot 60 – Verification Requirements for Parent Subsidiary
- Ballot 58 – Operational Existence Through Parent Subsidiary
- Ballot 57 – Verifying Agency Through Confirmation of Employment Using QIIS or QGIS
- Ballot 59 – Public Review of v. 30b of the Baseline Requirements
- Ballot 56 – QGIS Contact Information
- Ballot 55 – Romanization of Japanese Corporate Names
- Ballot 54 – EV 1-3 Adoption
- Ballot 53 – Contract Signer Self-Asserted Authority
- Ballot 52 – Contract Signer Self-Asserted Authority
- Ballot 51 – Notaries
- Ballot 50 – 64-Character “O” Field
- Ballot 49 – New Certificate for Existing Subscriber
- Ballot 48 – Telephone Number at Place of Business
- Ballot 47 – Document Aging
- Ballot 46 – Audit Report Availability Timing
- Ballot 45 – Verification of Authority
- Ballot 44 – IFAC Membership
- Ballot 43 – Business Categories
- Ballot 42 – Principal Individual
- Ballot 41 – Auditing Report Publication
- Ballot 40 – Terms of Use
- Ballot 37 – Another QGIS
- Ballot 36 – Public WHOIS Information
- Ballot 35 – Role Requirements
- Ballot 34 – Adopt EV Guidelines draft 03 as Version 1.2
- Ballot 30 – Reserved Domain Names
- Ballot 31 – Allow ETSI 102 042
- Ballot 33- Subject Attribute Requirements
- Ballot 32 – Revocation for Well-Known Private Key
- Ballot 29 – Guidelines Renumbering
- Ballot 27 – Alternatives for Verifying Domain Control
- Ballot 25 – PolicyQualifierld
- Ballot 26 – Certificate Reissuance
- Ballot 24 – Acceptable Audits in EV Processing Guidelines
- Ballot 23 – EV Processing Guidelines
- Ballot 22 – RSA 1024 Retirement
- Ballot 21 – Phone Number at Place of Business
- Ballot 19 – Authoritative Time Source
- Ballot 18 – Pre-Approved Requests
- Ballot 17 – Maximum Validity Period
- Ballot 16- Unverified Content
- Ballot 15 – Certificate Renewal
- Ballot 14 – Allowed EKUs
- Ballot 13 – QGIS for Place of Business