Symantec has been a key driver in collaborative work with the CA/B Forum to develop a new set of baseline requirements for organization and domain validated SSL certificates. The CA/B Forum is an organization of leading Certification Authorities (CAs) and vendors of Internet browser software and other applications. The CA/B Baseline Requirements are documented in “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates v. 1.0”.
We are proud to announce that Symantec is adopting the new Baseline Requirements effective July 1st, 2012.
The Baseline Requirements focus on providing clear standards for CAs on important topics including verification of identity, certificate content and profiles, CA security, revocation mechanisms, use of algorithms and key sizes, audit requirements, liability, privacy and confidentiality, and delegation (including external sub-CAs and registration authorities). An example of the Baseline Requirements is the inclusion of an identifier for Organizationally Validated (OV) certificates that are compliant to the CA/B Baseline Requirements, a practice similar to Extended Validation (EV) certificates.
There is a general need for stronger security around SSL business operations and authentication process. With clear standards, all reputable CAs will have a base platform to develop security practices. This would translate into more frequent confirmation of websites and ownerships, as well as stronger encryption. Users and consumers sharing and transacting on the Internet will have better protection and visibility into the trust level of the websites they visit.
Symantec, as the operator of the original commercial CA, is fully committed towards the common goal of the security industry to strengthen security and reinforce user trust, and CA/B Baseline Requirements is a step in the right direction.
For more detailed information on Symantec’s adoption, please visit our website.