Translate

Archives

New CA/Browser Forum Baseline Requirements

According to the CA/Browser Forum‘s new Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (v1.0, December 2011), the first international baseline standard for the operation of Certification Authorities (CAs) issuing SSL/TLS digital certificates natively trusted in browser software, member CAs are required to warn applicants that the use of an internal IP or name is deprecated beginning July 1st 2012 (Effective Date).

“Also as of the Effective Date, the CA SHALL NOT issue a certificate with an Expiry Date later than 1 November 2015 with subjectAlternativeName extension or Subject commonName field containing a Reserved IP Address or Internal Server Name.”

The Baseline Requirements standard draws upon best practices from across the SSL/TLS sector to provide clear standards for CAs on important subjects including verification of identity, certificate content and profiles, CA security, revocation mechanisms, use of algorithms and key sizes, audit requirements, liability, privacy and confidentiality, and delegation.

The Baseline Requirements standard become mandatory for members on July 1, 2012. This provides a grace period for CAs to bring their SSL/TLS policies and practices into compliance with the standard. The CA/Browser Forum, which was formed in 2006, intends to continue the development of the Baseline Requirements standard to address the evolving risks and threats involving the issuance or use of SSL/TLS certificates.

Comments are closed.