Browsers

QuoVadis SSL certificates are automatically trusted in most browsers and other software.

News and Events

CA/Browser Forum Releases Draft “Baseline Requirements” for SSL
11 Apr 2011

QuoVadis is a longstanding member of the CA/Browser Forum, a group of leading Certification Authorities and software vendors.

Acknowledging the growing importance of SSL digital certificates for security on the Internet, in 2007 the CA/Browser Forum created the “Guidelines For The Issuance And Management Of Extended Validation (EV) Certificates”. The EV Guidelines were the first industry-wide set of standardized procedures for verifying and expressing the identity of an SSL/TLS certificate holder. QuoVadis has been audited for compliance to the EV Guidelines since 2007.

Alongside the EV work, members of the CA/Browser Forum have collaborated over the last two years to develop a broader set of baseline requirements covering the validation and issuance of all SSL, including both Domain-validated (DV) and Organisation-validated (OV) SSL.

The CA/Browser Forum is now seeking public comments on these new “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” through the end of May 2011.

According to a spokesperson for the CA/Browser Forum, “Representatives of the major browser suppliers and Internet certification authorities have long recognized the need to establish and enforce common standards for assurance across the industry. The current draft of the Baseline Requirements represents an initial step in that direction. We welcome input from others with expertise to share. And we expect to continue to enhance these requirements as the threat landscape evolves.”

During the public comment period, the CA/Browser Forum encourages discussion of the draft requirements on the Mozilla Dev-Security-Policy discussion list at http://groups.google.com/group/mozilla.dev.security.policy/topics. Those desiring to comment directly to all members of the CA/Browser Forum, but not specifically for purposes of open public discussion on the Mozilla list, may send email to questions@cabforum.com.

Following adoption of Version 1.0 of the Baseline Requirements, the CA/Browser Forum will request that all browser and relying party application software developers incorporate the Baseline Requirements into their accreditation and approval schemes as requirements for all applicants who request that a self-signed root certificate be embedded as a trust anchor in their software.

The CA/Browser Forum also intends that the ETSI ESI Committee and AICPA/CICA Task Force on the WebTrust Program for CAs will coordinate revisions to their respective audit standards such that the Baseline Requirements will become auditable requirements starting in June 2011.