Ballot SC031: Browser Alignment
Server Certificate Working Group
Key dates
- Effective date
- 01 Aug 2020 5 years ago
- Voting opened
- 09 Jul 2020 5 years ago
- Voting closed
- 16 Jul 2020 5 years ago
- Discussion opened
- 02 Jul 2020 5 years ago
- Discussion closed
- 09 Jul 2020 5 years ago
Resources
AI Summary
Ballot overview
- Ballot SC031: Browser Alignment was a motion in the Server Certificate Working Group.
- The ballot page says the voting period for Ballot SC31v3 has ended and the ballot has Passed.
- Voting by Certificate Issuers met the required threshold, and Voting by Certificate Consumers also met the required threshold.
- The page states quorum was met.
What the ballot changed
- The ballot modified the Baseline Requirements and the EV Guidelines.
- It was described as a regular part of Root Program maintenance to incorporate Root Program-specific requirements that are either effective or will, in the future, be effective.
- The ballot text says the Chair or Vice-Chair is permitted to update the Relevant Dates of the Baseline Requirements and the EV Guidelines to reflect these changes.
- The linked redlines show changes including:
- OCSP response validity and update timing requirements effective 2020-09-30.
- A new 2020-09-30 requirement that Subject and Issuer Names for all possible certification paths be byte-for-byte identical.
- A 2020-09-30 requirement that Subscriber Certificates include a CA/Browser Form Reserved Policy Identifier in the Certificate Policies extension.
- A 2020-09-30 requirement that all OCSP and CRL responses for Subordinate CA Certificates include a meaningful reason code.
- A 2020-08-01 audit report structure requirement.
- A 2020-09-01 validity-period rule for Subscriber Certificates.
- Revisions to key size, EKU, authority key identifier, and algorithm identifier requirements.
Effective dates and phased requirements
- The ballot text includes multiple effective dates in the redlines and in the motion context.
- Some requirements apply only to certain certificate types or only after a stated date.
- The ballot page also notes that the full description and motivation of each change, along with the effective dates, are available in the linked pull request.
- Effective date
- 2020-08-01
- Voting opened
- 2020-07-09
- Voting closed
- 2020-07-16
- Discussion opened
- 2020-07-02
- Discussion closed
- 2020-07-09
2020-08-01 — Audit Reports must be structured as defined Audit Reports for periods on-or-after this date
2020-09-01 — Subscriber Certificates should not have a validity period greater than 397 days and must not have a validity period greater than 398 days Subscriber Certificates issued on or after this date
2020-09-30 — OCSP responses must have a validity interval between eight hours and ten days, with update timing based on the validity interval OCSP responses for Subscriber Certificates
2020-09-30 — Subject and Issuer Names must be byte-for-byte identical All possible certification paths
2020-09-30 — Subscriber Certificates must include a CA/Browser Form Reserved Policy Identifier in the Certificate Policies extension Subscriber Certificates
2020-09-30 — All OCSP and CRL responses for Subordinate CA Certificates must include a meaningful reason code OCSP and CRL responses for Subordinate CA Certificates
AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.
Vote result
Proposers
Ryan Sleevi of Google and endorsed by Clint Wilson of Apple and Mike Reilly of Microsoft.
Excerpt
SearchHome » All CA/Browser Forum Posts » Ballot SC031: Browser AlignmentBallot SC031: Browser AlignmentThe voting period for Ballot SC31v3 has ended and the Ballot has Passed. Here are the results: