Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Ben Wilson
VP Compliance &
Industry Relations
DIGICERT
Report Prepared for ETSI CA Day
Berlin, Tuesday, 9 June 2015
Outline
 Root Programs
 Technical Advances
 Update on CA/B Forum Working Groups
 Code Signing Working Group
 Policy R...
Root Program Developments
 Microsoft, Google, Apple, Adobe and Mozilla are all improving their root
store management
 Mi...
Technical Advances
 .onion Domains – EV Guidelines 11.7 & Appendix F
 Certificate Transparency – to be discussed by Iñig...
Working Groups – Code Signing
 Baseline Requirements ready for full CA/B Forum review and balloting
Working Groups – Poli...
Working Groups – Validation
 EV Working Group changed its name and charter
 Adding “Business Entity: Other”:
 Be legall...
Security Information Sharing WG
 US Legislation Update
 HR 1560 - Protecting Cyber Networks Act
 S.754 Cybersecurity In...
Updates on Other Groups
 Identity Ecosystem Steering Group (IDESG)
 https://www.idecosystem.org/
 Requirements for Priv...
CAB Forum Meetings
 Teleconference held every other Thursday, 1600 UTC
 Security Information Sharing WG on Fridays, 1500...
Ben Wilson
Thanks!
Upcoming SlideShare
Loading in …5
×

Update on the Work of the CA / Browser Forum

490 views

Published on

CASC member Ben Wilson spoke at CA Day in Berlin on the recent work of the CA/BForum.

Published in: Technology
  • Have you ever heard of taking paid surveys on the internet before? We have one right now that pays $50, and takes less than 10 minutes! If you want to take it, here is your personal link ◆◆◆ https://tinyurl.com/make2793amonth
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Discover a WEIRD trick I use to make over $3500 per month taking paid surveys online. read more... ●●● http://ishbv.com/surveys6/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Secrets to making $$$ with paid surveys... ◆◆◆ https://tinyurl.com/make2793amonth
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Update on the Work of the CA / Browser Forum

  1. 1. Ben Wilson VP Compliance & Industry Relations DIGICERT Report Prepared for ETSI CA Day Berlin, Tuesday, 9 June 2015
  2. 2. Outline  Root Programs  Technical Advances  Update on CA/B Forum Working Groups  Code Signing Working Group  Policy Review Working Group  Validation Working Group  Security Information Sharing Working Group  Other Industry Groups  Upcoming CA/Browser Forum Meetings
  3. 3. Root Program Developments  Microsoft, Google, Apple, Adobe and Mozilla are all improving their root store management  Microsoft updating program requirements  Mozilla  https://wiki.mozilla.org/CA:Communications#May_2015  https://wiki.mozilla.org/CA:RootTransferPolicy  https://wiki.mozilla.org/CA:NameConstraints  https://wiki.mozilla.org/SecurityEngineering/mozpkix- testing#Things_for_CAs_to_Fix
  4. 4. Technical Advances  .onion Domains – EV Guidelines 11.7 & Appendix F  Certificate Transparency – to be discussed by Iñigo  SHA1 Deprecation - > 50% SHA2, but different browser warnings  Short-lived Certificates – Mozilla is keen on this  IPv6 Support for OCSP and CRLs – Google and Mozilla want for stapling  Policy OIDs – to help uniformly identify IV, DV and OV
  5. 5. Working Groups – Code Signing  Baseline Requirements ready for full CA/B Forum review and balloting Working Groups – Policy Review  Baseline Requirements v. 1.3 is RFC-3647 Formatted  WG is Identifying “No Stipulation”, “Addressable” and “Important”  Long-term plan is to convert EV Guidelines to RFC 3647 Format
  6. 6. Working Groups – Validation  EV Working Group changed its name and charter  Adding “Business Entity: Other”:  Be legally recognized under law of jurisdiction where entity operates  Have a verifiable physical existence and business presence  Face-to-face validation of a Principal Individual associated with entity  A Government-assigned unique identifier associated with Applicant or Principal  Methods of Domain Validation – Explicitly Described (no “equivalent methods”)
  7. 7. Security Information Sharing WG  US Legislation Update  HR 1560 - Protecting Cyber Networks Act  S.754 Cybersecurity Information Protection Advancement Act  CRITS, STIX, and TAXII  OASIS launches STIX/TAXII Cyber Threat Intelligence TC  CRITS and TAXII - https://github.com/crits/crits  Microsoft Azure-based Initiative STIX.NET SDK
  8. 8. Updates on Other Groups  Identity Ecosystem Steering Group (IDESG)  https://www.idecosystem.org/  Requirements for Privacy, Security, Usability, and Interoperability  SALS – Self-Assessment Listing Service  U.S. Federal PKI – anyEKU no longer mandatory for identity credentials  CA Security Council – Briefing papers on Logjam, SHA1, EV Certificates  https://casecurity.org/2015/04/15/extended-validation-builds-trust- infographic/
  9. 9. CAB Forum Meetings  Teleconference held every other Thursday, 1600 UTC  Security Information Sharing WG on Fridays, 1500 UTC  Policy Review and Validation WGs on alternate Thursdays  Face-to-face Meeting 35 in Zurich, 23-25 June  Face-to-face Meeting 36 in Istanbul, 6-8 October
  10. 10. Ben Wilson Thanks!

×