[Cscwg-public] Marking the EV Code Signing Guidelines OBSOLETE

Wed Feb 28 09:44:42 UTC 2024

So will I. 

> Other ideas are welcome. 

How about September 2, 2020, which marks the release of CSBR v2.0, and incorporated EV Code Signing into the document. 

While we’re at it, could this ballot also get rid of this (https://github.com/cabforum/code-signing/blob/main/docs/br-csc-v1-2.md <https://github.com/cabforum/code-signing/blob/main/docs/br-csc-v1-2.md>) file in GH?

Regards,

Martijn 

From: Cscwg-public <cscwg-public-bounces at cabforum.org> on behalf of Scott Rea via Cscwg-public <cscwg-public at cabforum.org>
Date: Wednesday, 28 February 2024 at 10:29
To: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>, cscwg-public at cabforum.org <cscwg-public at cabforum.org>
Subject: Re: [Cscwg-public] Marking the EV Code Signing Guidelines OBSOLETE 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. 

eMudhra will endorse… 

Regards, 
_Scott 

From: Cscwg-public <cscwg-public-bounces at cabforum.org> on behalf of Dimitris Zacharopoulos (HARICA) via Cscwg-public <cscwg-public at cabforum.org>
Date: Wednesday, 28 February 2024 at 2:46 PM
To: cscwg-public at cabforum.org <cscwg-public at cabforum.org>
Subject: [Cscwg-public] Marking the EV Code Signing Guidelines OBSOLETE 

CAUTION: This email is originated from outside of the organization. Do not open the links or the attachments unless you recognize the sender and know the content is safe. 

Dear Members,

As we discussed today at the F2F#61 meeting, I would like to propose a ballot to mark the "Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates" as obsolete. I suggest that we update the latest EVCS Guidelines v1.4 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fworking-groups%2Fcode-signing%2Fev-code-signing-certificate-guidelines%2F&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C8cdeeef24c8d4104d4f408dc383fd290%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638447093980627329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=QJsCgjzebEfwyu%2FxSoJZRXn8sMD%2Fy%2FvCNbfBq3FN97Q%3D&reserved=0> to version 1.5 with the following changes:

--- BEGIN DRAFT BALLOT LANGUAGE ---

In the "Notice to Readers" section, update the second paragraph to state:

"The Code Signing Working Group considers this document OBSOLETE as of XX XXXXXXXX XXXX. CAs SHOULD NOT use this standard but instead SHOULD use the "Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates" that has incorporated and improved requirements related to Extended Validation (EV) Code Signing Certificates"

Update section 17.1 to state the following:

"As this document is marked OBSOLETE, CAs SHOULD NOT be audited against this standard. "

--- END DRAFT BALLOT LANGUAGE ---

The XX XXXXXXXX XXXX will include an effective date we decide. I propose this date is in the past but I am not sure what would be a reasonable date. One thought is to ask if there is a CA Member that has been audited recently against the EV CS Guidelines v1.4. Another thought is to ask CPA Canada and ACAB'c for feedback about when they stopped issuing Audit Letters that cover the EV CS Guidelines v1.4. Other ideas are welcome.

Can I also have two endorsers so I can reserve a ballot number?

Thank you,
Dimitris. 

Disclaimer: The email and its contents hold confidential information and are intended for the person or entity to which it is addressed. If you are not the intended recipient, please note that any distribution or copying of this email is strictly prohibited as per Company Policy, you are requested to notify the sender and delete the email and associated attachments with it from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240228/383c4e82/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 8254 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240228/383c4e82/attachment-0001.bin>