Server Certificate Working Group Ballots
Ballots by Status
Voting Period
There are no ballots with the status "Voting Period" in the Server Certificate Working GroupIPR Review Period
- SC80 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods
Discussion Period
There are no ballots with the status "Discussion Period" in the Server Certificate Working GroupDraft / Under Consideration
There are no ballots with the status "New" in the Server Certificate Working Group
There are no ballots with the status "Pre-Ballot" in the Server Certificate Working Group
Passed
- SC79v2: Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate
- SC76v2: Clarify and Improve OCSP Requirements
- SC78: Subject organizationName alignment for DBA / Assumed Name
- SC77: Update WebTrust Audit name in Section 8.4 and References
- SC75: Pre-sign linting
- SC73: Compromised and Weak Keys
- SC72: Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED
- SC68: Allow VATEL and VATXI for organizationIdentifier
- SC67: Require Multi-Perspective Issuance Corroboration
- SC69: Clarify router and firewall logging requirements
- SC65: Convert EVGs into RFC3647 format
- SC-63: Make OCSP optional, require CRLs and incentivize automation
- SC-64: Temporary Moratorium on New Certificate Consumer Memberships
- SC-66: Fall 2023 clean-up v4
- SC62: Certificate profiles update
- SC61: New CRL Entries must have a Revocation Reason Code
- SC58: require distributionPoint in sharded CRLs
- SC-56: 2022 Cleanup
Cancelled
- SC76: Clarify and Improve OCSP Requirements
Failed
- SC82: Clarify CA Assisted DNS Validation under 3.2.2.4.7
- SC74: Clarify CP/CPS structure according to RFC 3647
- SC70: Clarify the use of DTPs for Domain Control Validation
- SC-59: Weak key guidance
- SC60: Membership of ZT Browser
Information about Ballots
- Ballot SC-82: Clarify CA Assisted DNS Validation under 3.2.2.4.7
- Ballot SC-80v3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods
- Ballot SC-76v2: Clarify and improve OCSP requirements
- Ballot SC-79v2: Allow more than one Certificate Policy in a Cross-Certified Subordinate CA Certificate
- Ballot SC-78: Subject organizationName alignment for DBA / Assumed Name
- Ballot SC-77: Update WebTrust Audit name in Section 8.4 and References
- Ballot SC-67 v3: Require domain validation and CAA checks to be performed from multiple Network Perspectives Corroboration
- Ballot SC-75: Pre-sign linting
- Ballot SC-73: Compromised and weak keys
- Ballot SC-72: Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED
- Ballot SC-65v2: Convert EVGs into RFC 3647 format
- Ballot SC-69: Clarify router and firewall logging requirements
- Ballot SC-70: Clarify the use of DTPs for Domain Control Validation
- Ballot SC-68: Allow VATEL and VATXI for organizationIdentifier
- Ballot SC-066 v4: Fall 2023 Clean up
- Ballot SC-063 v4: Make OCSP Optional, Require CRLs, and Incentivize Automation
- Ballot SC-59v2: Weak key guidance
- Ballot SC-64: Temporary Moratorium on New Certificate Consumer Memberships
- Ballot SC62v2-Certificate profiles update
- Ballot SC61v4 – New CRL Entries must have a Revocation Reason Code
- Ballot SC60: Membership of ZT Browser
- Ballot SC58 – Require distributionPoint in sharded CRLs
- Ballot SC56: 2022 Cleanup
- Ballot SC54: Onion Cleanup
- Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements
- Ballot SC53: Sunset for SHA-1 OCSP Signing
- Ballot SC-52 v 2: Specify CRL Validity Intervals in Seconds
- Ballot SC50: Remove the requirements of section 4.1.1
- Ballot SC49: Special Election for Server Certificate Working Group Vice-Chair
- Ballot SC48 v2: Domain Name and IP Address Encoding
- Ballot SC47v2: Sunset subject:organizationalUnitName
- Ballot SC45: Wildcard Domain Validation
- Ballot SC46: Sunset the CAA exception for DNS Operator
- Ballot SC44: Clarify Acceptable Status Codes
- Ballot SC42: 398-day Re-use Period
- Ballot SC43 – Clarify Acceptable Status Codes
- Ballot SC41: Reformatting the BRs, EVGs, and NCSSRs
- Ballot SC37: Election of Server Certificate Working Group Vice Chair
- Ballot SC39v3: Definition of Critical Vulnerability
- Ballot SC40 – Security Requirements for Air-Gapped CA Systems
- Ballot SC38: Alignment of Record Archival
- Special Ballot CSCWG-5: Election of Code Signing Certificate Working Group Vice Chair
- Ballot SC34 – Account Management
- Ballot CSCWG-3: Election of Code Signing Certificate Working Group Chair
- Ballot SC36: Election of Server Certificate Working Group Chair
- Ballot SC28: Logging and Log Retention
- Ballot SC35: Cleanups and Clarifications
- Ballot SC33: TLS Using ALPN Method
- Ballot SC32 – NCSSRs Zones
- Ballot CSCWG-2: Combine Baseline and EV Code Signing Documents
- Ballot SC30v2: Disclosure of Registration / Incorporating Agency
- Ballot SC31: Browser Alignment
- Ballot SC29v3: System Configuration Management
- Ballot SC26v2: Pandoc-Friendly Markdown Formatting Changes
- Ballot SC20: System Configuration Management
- Ballot SC27v3: Version 3 Onion Certificates
- Ballot SC25: Define New HTTP Domain Validation Methods v2
- Ballot SC23 V3 – Precertificates
- Ballot SC24: Fall Cleanup V2
- Ballot SC21 – the Network and Certificate Systems Security Requirements section 3 (Log Integrity Controls)
- Ballot SC22 – Reduce Certificate Lifetimes (v2)
- Ballot FORUM-9: Bylaws and Server Certificate Working Group Charter Updates
- Ballot SC19: Phone Contact with DNS CAA Phone Contact v2
- Ballot SC17 version 7: Alternative registration numbers for EV certificates
- Ballot SC18: Phone Contact with DNS CAA Phone Contact
- Ballot SC16: Other Subject Attributes
- Ballot SC7: Update IP Address Validation Methods
- Ballot SC15: Remove Validation Method Number 9
- Ballot SC14: Updated Phone Validation Methods
- Ballot SC13: CAA Contact Property and Associated E-mail Validation Methods
- Ballot SC12: Sunset of Underscores in dNSNames
- Ballot SC4: CAA Contact Property and Associated E-mail Validation Method
- Ballot Forum-7: Update ETSI requirements in SCWG Charter
- Ballot SC-10: Establishing the Network Security Subcommittee of the SCWG
- Ballot SC-9: Establish the Validation Subcommittee of the SCWG
- Ballot SC5 – Election of Wayne Thayer as SCWG Vice Chair
- Ballot SC11 – Update ETSI requirements in the SCWG Charter
- Ballot SC6 – Revocation Timeline Extension
- Ballot SC8 – Election of Dimitris Zacharopoulos as SCWG Chair
- Ballot SC3: Two-Factor Authentication and Password Improvements
- Ballot SC-1: [Empty]
- Ballot SC2 – Validating Certificates via CAA CONTACT
- Ballot 221 – Two-Factor Authentication and Password Improvements
- Ballot 224: WHOIS and RDAP
- Ballot 223 – Update BR Section 8.4 for CA audit criteria
- Ballot 222 – Remove “Any other method” for IP Address validation
- Ballot 219 – Clarify handling of CAA Record Sets with no “issue”/”issuewild” property tag
- Ballot 220 – Minor Cleanups (Spring 2018)
- Ballot 218 – Remove validation methods 1 and 5
- Ballot 217 – Sunset RFC 2527
- Ballot 208 – dnQualifiers
- Ballot 207 – ASN.1 Jurisdiction in EV Guidelines
- Ballot 209 – EV Liability
- Ballot 215 – Fix Ballot 190 Errata
- Ballot 213 – Revocation Timeline Extension
- Ballot 211 – Resolution of Approval for WTCA v2.1 Changes
- Ballot 214 – CAA Discovery CNAME Errata
- Ballot 190 – Revised Validation Requirements
- Ballot 212 – Canonicalise formal name of the Baseline Requirements
- Ballot 210 – Misc. Changes to the NCSSR
- Ballot 202 – Underscore and Wildcard Characters
- Ballot 204 – Forbid DTPs from doing Domain/IP Ownership
- Ballot 192 – Notary Revision
- Ballot 201 – .onion Revisions
- Ballot 191 – Clarify Place of Business Information
- Ballot 199 – Require commonName in Root and Intermediate Certificates
- Ballot 198 – .Onion Revisions
- Ballot 197 – Effective Date of Ballot 193 Provisions
- Ballot 196 – Define “Audit Period”
- Ballot 195 – CAA Fixup
- Ballot 189 – Amend Section 6.1.7 of Baseline Requirements
- Ballot 194 – Effective Date of Ballot 193 Provisions
- Ballot 193 – 825-day Certificate Lifetimes
- Ballot 187 – Make CAA Checking Mandatory
- Ballot 188 – Clarify use of term “CA” in Baseline Requirements
- Ballot 185 – Limiting the Lifetime of Certificates
- Ballot 186 – Limiting the Reuse of Validation Information
- Ballot 184 – RFC822 Names and otherNames
- Ballot 182 – Readopting BR 3.2.2.4 (Part 2)
- Ballot 181 – Readopting BR 3.2.2.4 (Part 1)
- Ballot 180 – Readopting the BRs, EVGL, EV Code Signing, and NCSSR Guidelines with Amendments
- Ballot 176 – Addition of CNAME verification to domain validation methods
- Ballot 175 – Addition of given name and surname
- Ballot 174 – Reform of Requirements Relating to Conflict with Local Laws
- Ballot 169 – Revised Validation Requirements
- Ballot 173 – Removal of requirement to cease use of private key due to incorrect certificate info
- Ballot 171 – Updating the ETSI standards in the CABF documents
- Ballot 170 – Amend Section 5.1 of Baseline Requirements
- Ballot 168 – Baseline Requirement Corrections – revised
- Ballot 167 – Baseline Requirements Corrections
- Ballot 164 – Certificate Serial Number Entropy
- Ballot 163 – Fix Errata in EV Guidelines 11.2.1
- Ballot 162 – Sunset of Exceptions
- Ballot 161 – Notification of incorrect issuance
- Ballot 160 – Amend Section 4 of Baseline Requirements
- Ballot 159 – Amend Section 4 of Baseline Requirements
- Ballot 156 – Amend Sections 1 and 2 of Baseline Requirements
- Ballots 154 and 155 – Convert to RFC 3647 Framework and GitHub
- Ballot 155 – Convert Network and Certificate System Security Requirements to RFC 3647 Framework and GitHub
- Ballot 153 – Short-Lived Certificates
- Ballot 152 – SHA-1 Deprecation
- Ballot 151 – Addition of Optional OIDs for Indicating Level of Validation
- Ballot 150 – OID Revisions
- Ballot 147 – Attorney Accountant Letter Changes
- Ballot 146 – Convert Baseline Requirements to RFC 3647 Framework
- Ballot 148 – Issuer Field Correction
- Ballot 145 – Operational Existence for Government Entities
- Ballot 144 – Validation rules for .onion names
- Ballot 143 – Formalization of Validation Working Group
- Ballot 142 – Elimination of EV Insurance Requirement
- Ballot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates
- Ballot 140 – Short-Life Certificates
- Ballot 133 – Insurance Requirements for EV Issuers
- Ballot 135 – ETSI Auditor Qualifications (passed)
- Ballot 134 – Application of RFC 5280 to Pre-certificates
- Ballot 123 – Reuse of Information (passed)
- Ballot 118 – SHA-1 Sunset (passed)
- Ballot 125 – CAA Records (passed)
- Ballot 131 – Update to Verified Method of Communication (passed)
- Ballot 129 – PSL in BR 11.1.3 (passed)
- Ballot 126 – Operational Existence (passed)
- Ballot 127 – Verification of Agency in EV Guidelines 11.7.2 (passes)
- Ballot 128 – CP Review Working Group (passes)
- Ballot 124 – Business Entity Clarification (passed)
- Ballot 120 – Affiliate Authority to Verify Domain (passed)
- Ballot 122 – Verified Method of Communication (failed)
- Ballot 121 – EV Guidelines Insurance Requirements(failed)
- Ballot 112 – Replace Definition of “Internal Server Name” with “Internal Name”(passed)
- Ballot 119 – Remove “OfIncorporation” from OID descriptions in EVG 9.2.5(passed)
- Ballot 114 – Improvements to the EV Definitions(passed)
- Ballot 89 – Publish Recommendations for the Processing of EV SSL Certificates v.2(passes)
- Ballot 113 – Revision to QIIS in EV Guidelines(passes)
- Ballot 111 – Accelerate Max Certificate Lifetime Reduction Timetable
- Ballot 107 – Removing Version Numbers to WebTrust and ETSI Standards From CABF Guidelines
- Ballot 108 – Defining the Scope of the Baseline Requirements
- Ballot 106 – Extended Deadline to Prohibit OCSP “Good” Response for Non-Issued Certificates
- Ballot 105 – Technical Constraints for Subordinate Certificate Authorities Yielding Broader and Safer PKI Adoption.
- Ballot 104 – EV Domain Validation
- Ballot 103 – OCSP AIA and TLS Feature Extension
- Ballot 101 – EV 11.10.2 Accountants
- Ballot 102 – BR 9.2.3 domainComponent
- Ballot 100 – Extend Deadline – OCSP Good Response
- Ballot 99 – Add DSA Keys
- Ballot 97 – Prevention of Unknown Certificate Contents
- Ballot 96 – Wildcard Certificates and New gTLDs
- Ballot 92 – Subject Alternative Names
- Ballot 93 – Reasons for Revocation (BR issues 6, 8, 10, 21)
- Ballot 88 – BR_9_2_4_Errata-ISO3166
- Ballot 86 – Errata plus ISO3166
- Ballot 84 – ISO 3166-1 User-assigned codes
- Ballot 83 – Adopt Network and Certificate System Security Requirements
- Ballot 80 – Response for Non-Issued Certificates
- Ballot 81 – Required Format for Amendments to Existing Standards or Requirements
- Ballot 69 – Individual Validation Policy
- Ballot 78 – Updates to Domain and IP Validation, High Risk Requests, and Data Source in the Baseline Requirements
- Ballot 76 – Public Review of Network Security Controls
- Ballot 75 – NameConstraints Criticality Flag
- Ballot 74 – Updates to Domain and IP Validation, High Risk Requests, and Data Source in the Baseline Requirements
- Ballot 72 – Reorganize EV Documents
- Ballot 71 – Auditor Qualification Requirements
- Ballot 68- No Unknown Contents
- Ballot 95 – Guidance on Deprecated Internal Names
- Ballot 64 Revised – Recognized Existence
- Ballot 65 – QIIS Definition Update
- Ballot 62 – Adopt Baseline Requirements Draft 50
- Ballot 61 – Verification Requirements for Parent Subsidiary
- Ballot 60 – Verification Requirements for Parent Subsidiary
- Ballot 58 – Operational Existence Through Parent Subsidiary
- Ballot 57 – Verifying Agency Through Confirmation of Employment Using QIIS or QGIS
- Ballot 59 – Public Review of v. 30b of the Baseline Requirements
- Ballot 56 – QGIS Contact Information
- Ballot 55 – Romanization of Japanese Corporate Names
- Ballot 54 – EV 1-3 Adoption
- Ballot 53 – Contract Signer Self-Asserted Authority
- Ballot 52 – Contract Signer Self-Asserted Authority
- Ballot 51 – Notaries
- Ballot 50 – 64-Character “O” Field
- Ballot 49 – New Certificate for Existing Subscriber
- Ballot 48 – Telephone Number at Place of Business
- Ballot 47 – Document Aging
- Ballot 46 – Audit Report Availability Timing
- Ballot 45 – Verification of Authority
- Ballot 44 – IFAC Membership
- Ballot 43 – Business Categories
- Ballot 42 – Principal Individual
- Ballot 41 – Auditing Report Publication
- Ballot 40 – Terms of Use
- Ballot 37 – Another QGIS
- Ballot 36 – Public WHOIS Information
- Ballot 35 – Role Requirements
- Ballot 34 – Adopt EV Guidelines draft 03 as Version 1.2
- Ballot 30 – Reserved Domain Names
- Ballot 31 – Allow ETSI 102 042
- Ballot 33- Subject Attribute Requirements
- Ballot 32 – Revocation for Well-Known Private Key
- Ballot 29 – Guidelines Renumbering
- Ballot 27 – Alternatives for Verifying Domain Control
- Ballot 25 – PolicyQualifierld
- Ballot 26 – Certificate Reissuance
- Ballot 24 – Acceptable Audits in EV Processing Guidelines
- Ballot 23 – EV Processing Guidelines
- Ballot 22 – RSA 1024 Retirement
- Ballot 21 – Phone Number at Place of Business
- Ballot 19 – Authoritative Time Source
- Ballot 18 – Pre-Approved Requests
- Ballot 17 – Maximum Validity Period
- Ballot 16- Unverified Content
- Ballot 15 – Certificate Renewal
- Ballot 14 – Allowed EKUs
- Ballot 13 – QGIS for Place of Business