[Cscwg-public] Voting Period begins - Ballot CSC-21v2: Signing Service Update
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Jan 11 08:21:45 UTC 2024
HARICA votes "yes" to ballot CSC-21v2.
On 5/1/2024 10:01 μ.μ., Bruce Morton via Cscwg-public wrote:
>
> *Purpose of the Ballot*
>
> This ballot updates the “Baseline Requirements for the Issuance and
> Management of Publicly‐Trusted Code Signing Certificates“ version 3.4
> in order to clarify language regarding Signing Service and signing
> requests. The main goals of this ballot are to:
>
> 1. Clarify the Signing Service definition and the expected deployment
> model.
> 2. Remove requirements for signing request.
> 3. Change text so Signing Service is not categorized as a Delegated
> Third Party.
> 4. Not allow Signing Service to transport Private Key to Subscriber.
> 5. Ensure Network Security Requirements are applicable to Signing
> Service.
> 6. State audit requirements for Signing Service.
>
> The following motion has been proposed by Bruce Morton of Entrust and
> endorsed by Tim Hollebeek of DigiCert and Ian McMillan of Microsoft.
>
> *MOTION BEGINS*
>
> This ballot updates the “Baseline Requirements for the Issuance and
> Management of Publicly‐Trusted Code Signing Certificates” ("Code
> Signing Baseline Requirements") based on version 3.4. MODIFY the Code
> Signing Baseline Requirements as specified in the following redline:
> https://github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26..1a134a77e74fb93ca2581d288e5a82859d6e8f88
> <https://urldefense.com/v3/__https:/github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26..1a134a77e74fb93ca2581d288e5a82859d6e8f88__;!!FJ-Y8qCqXTj2!auN14YJqoQ2adPYSUrT8wa45kpRPjd7Xza8iRd3H_TddLXP2yVYYx015i6Di97WxYOAYiaj8sDrTa0x9R7OcYiulEdIm$>
>
>
> *MOTION ENDS*
>
> The procedure for this ballot is as follows: Discussion (minimum 7 days)
>
> ·Start Time: 2023-12-15 00:00 UTC
>
> ·End Time: 2024-01-05 20:00 UTC
>
> Vote for approval (7 days)
>
> ·Start Time: 2024-01-05 20:00 UTC
>
> ·End Time: 2024-01-12 20:00 UTC
>
> /Any email and files/attachments transmitted with it are intended
> solely for the use of the individual or entity to whom they are
> addressed. If this message has been sent to you in error, you must not
> copy, distribute or disclose of the information it contains. _Please
> notify Entrust immediately and delete the message from your system._/
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240111/2fc10423/attachment.html>
More information about the Cscwg-public
mailing list