[Cscwg-public] Code Signing Baseline Requirements references to the EV Guidelines

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Mon Oct 2 20:56:50 UTC 2023 

Dear Members,

At a previous Teleconference I volunteered to search the CSBRs and find 
references to the EV Guidelines that could be discussed at the upcoming 
F2F. We can then decide if we want to import all or some of them to the 
CSBRs.

The EV Guidelines that is -supposed to be- referenced is version 1.7.1.

  * CSBR section 3.2.2.2 points to EV Guideline:
      o Section 10.1.2 for specific roles
      o Section 11.2 for Legal Existence and Identity
      o Section 11.3 for Assumed Name
      o Section 11.4 for Physical Existence
      o Section 11.5 for Method of Communication
      o Section 11.6 for Operational Existence
      o Section 11.8 for Name, Title and Authority of Contract Signer
        and Certificate Approver
      o Section 11.9 for Signature on Subscriber Agreement and EV CS
        Certificate Requests
      o Section 11.10 for Approval of EV CS Certificate Request
      o Section 11.11 for Certain Information Sources
      o Section 11.12.3 for Parent/Subsidiary/Affiliate Relationship
  * CSBR section 4.1.1 points to EV Guidelines section 11.12.2 for
    "suspicious" certificate requests
  * CSBR section 4.2.1 points to EV Guidelines:
      o section 11.13 for the "due diligence" verification
      o section 11.14 for the usage periods of documents, data and
        previous validations performed per section 3.2
  * CSBR section 5.2.4 points to EV Guidelines section 11.13 for the
    Final Cross-Correlation and Due Diligence steps
  * CSBR section 5.3.3 points to EV Guidelines in general for the
    Validation Specialist training and internal examination
  * CSBR section 7.1.4.2.4 points to EV Guidelines sections 9.2.1,
    9.2.3, 9.2.4, 9.2.5, 9.2.6 for subject information
  * CSBR section 9.2.1 points to EV Guidelines section 8.4 for insurance
    coverage

During this process, I also noticed that we have a capitalized term "EV 
Process" without a corresponding definition. I will add an issue on 
GitHub for the next cleanup ballot.

I would appreciate a second review in case I missed something.


Thank you,

Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20231002/b1bc8838/attachment.html>

More information about the Cscwg-public mailing list