This document summarizes updates from various root programs and working groups related to digital certificates. It discusses recent developments in Microsoft, Google, Apple, Adobe and Mozilla's root programs, as well as technical advances regarding .onion domains, certificate transparency, SHA1 deprecation, short-lived certificates, and IPv6 support. It also provides updates on the CA/Browser Forum working groups for code signing, policy review, validation and security information sharing. Finally, it lists upcoming CA/Browser Forum meetings in June and October of 2015.
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Update on the Work of the CA / Browser Forum
1. Ben Wilson
VP Compliance &
Industry Relations
DIGICERT
Report Prepared for ETSI CA Day
Berlin, Tuesday, 9 June 2015
2. Outline
Root Programs
Technical Advances
Update on CA/B Forum Working Groups
Code Signing Working Group
Policy Review Working Group
Validation Working Group
Security Information Sharing Working Group
Other Industry Groups
Upcoming CA/Browser Forum Meetings
3. Root Program Developments
Microsoft, Google, Apple, Adobe and Mozilla are all improving their root
store management
Microsoft updating program requirements
Mozilla
https://wiki.mozilla.org/CA:Communications#May_2015
https://wiki.mozilla.org/CA:RootTransferPolicy
https://wiki.mozilla.org/CA:NameConstraints
https://wiki.mozilla.org/SecurityEngineering/mozpkix-
testing#Things_for_CAs_to_Fix
4. Technical Advances
.onion Domains – EV Guidelines 11.7 & Appendix F
Certificate Transparency – to be discussed by Iñigo
SHA1 Deprecation - > 50% SHA2, but different browser warnings
Short-lived Certificates – Mozilla is keen on this
IPv6 Support for OCSP and CRLs – Google and Mozilla want for
stapling
Policy OIDs – to help uniformly identify IV, DV and OV
5. Working Groups – Code Signing
Baseline Requirements ready for full CA/B Forum review and balloting
Working Groups – Policy Review
Baseline Requirements v. 1.3 is RFC-3647 Formatted
WG is Identifying “No Stipulation”, “Addressable” and “Important”
Long-term plan is to convert EV Guidelines to RFC 3647 Format
6. Working Groups – Validation
EV Working Group changed its name and charter
Adding “Business Entity: Other”:
Be legally recognized under law of jurisdiction where entity operates
Have a verifiable physical existence and business presence
Face-to-face validation of a Principal Individual associated with entity
A Government-assigned unique identifier associated with Applicant or
Principal
Methods of Domain Validation – Explicitly Described (no “equivalent
methods”)
7. Security Information Sharing WG
US Legislation Update
HR 1560 - Protecting Cyber Networks Act
S.754 Cybersecurity Information Protection Advancement Act
CRITS, STIX, and TAXII
OASIS launches STIX/TAXII Cyber Threat Intelligence TC
CRITS and TAXII - https://github.com/crits/crits
Microsoft Azure-based Initiative STIX.NET SDK
8. Updates on Other Groups
Identity Ecosystem Steering Group (IDESG)
https://www.idecosystem.org/
Requirements for Privacy, Security, Usability, and Interoperability
SALS – Self-Assessment Listing Service
U.S. Federal PKI – anyEKU no longer mandatory for identity credentials
CA Security Council – Briefing papers on Logjam, SHA1, EV Certificates
https://casecurity.org/2015/04/15/extended-validation-builds-trust-
infographic/
9. CAB Forum Meetings
Teleconference held every other Thursday, 1600 UTC
Security Information Sharing WG on Fridays, 1500 UTC
Policy Review and Validation WGs on alternate Thursdays
Face-to-face Meeting 35 in Zurich, 23-25 June
Face-to-face Meeting 36 in Istanbul, 6-8 October