[Cscwg-public] Marking the EV Code Signing Guidelines OBSOLETE
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Wed Feb 28 09:16:18 UTC 2024
Dear Members,
As we discussed today at the F2F#61 meeting, I would like to propose a
ballot to mark the "Guidelines For The Issuance And Management Of
Extended Validation Code Signing Certificates" as obsolete. I suggest
that we update the latest EVCS Guidelines v1.4
<https://cabforum.org/working-groups/code-signing/ev-code-signing-certificate-guidelines/>
to version 1.5 with the following changes:
--- BEGIN DRAFT BALLOT LANGUAGE ---
In the "Notice to Readers" section, update the second paragraph to state:
*"The Code Signing Working Group considers this document OBSOLETE as of
XX XXXXXXXX XXXX. CAs SHOULD NOT use this standard but instead SHOULD
use the "Baseline Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates" that has incorporated and
improved requirements related to Extended Validation (EV) Code Signing
Certificates"*
Update section 17.1 to state the following:
"*As this document is marked OBSOLETE, CAs SHOULD NOT be audited against
this standard.* "
--- END DRAFT BALLOT LANGUAGE ---
The *XX XXXXXXXX XXXX *will include an *effective date* we decide. I
propose this date is *in the past* but I am not sure what would be a
reasonable date. One thought is to ask if there is a CA Member that has
been audited recently against the EV CS Guidelines v1.4. Another thought
is to ask CPA Canada and ACAB'c for feedback about when they stopped
issuing Audit Letters that cover the EV CS Guidelines v1.4. Other ideas
are welcome.
Can I also have two endorsers so I can reserve a ballot number?
Thank you,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240228/05b32bd6/attachment-0001.html>
More information about the Cscwg-public
mailing list