[Cscwg-public] Voting Period begins - Ballot CSC-21v2: Signing Service Update

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Jan 11 08:21:45 UTC 2024 

HARICA votes "yes" to ballot CSC-21v2.



On 5/1/2024 10:01 μ.μ., Bruce Morton via Cscwg-public wrote:
>
> *Purpose of the Ballot*
>
> This ballot updates the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates“ version 3.4 
> in order to clarify language regarding Signing Service and signing 
> requests. The main goals of this ballot are to:
>
>  1. Clarify the Signing Service definition and the expected deployment
>     model.
>  2. Remove requirements for signing request.
>  3. Change text so Signing Service is not categorized as a Delegated
>     Third Party.
>  4. Not allow Signing Service to transport Private Key to Subscriber.
>  5. Ensure Network Security Requirements are applicable to Signing
>     Service.
>  6. State audit requirements for Signing Service.
>
> The following motion has been proposed by Bruce Morton of Entrust and 
> endorsed by Tim Hollebeek of DigiCert and Ian McMillan of Microsoft.
>
> *MOTION BEGINS*
>
> This ballot updates the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates” ("Code 
> Signing Baseline Requirements") based on version 3.4. MODIFY the Code 
> Signing Baseline Requirements as specified in the following redline: 
> https://github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26..1a134a77e74fb93ca2581d288e5a82859d6e8f88 
> <https://urldefense.com/v3/__https:/github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26..1a134a77e74fb93ca2581d288e5a82859d6e8f88__;!!FJ-Y8qCqXTj2!auN14YJqoQ2adPYSUrT8wa45kpRPjd7Xza8iRd3H_TddLXP2yVYYx015i6Di97WxYOAYiaj8sDrTa0x9R7OcYiulEdIm$> 
>
>
> *MOTION ENDS*
>
> The procedure for this ballot is as follows: Discussion (minimum 7 days)
>
> ·Start Time: 2023-12-15 00:00 UTC
>
> ·End Time: 2024-01-05 20:00 UTC
>
> Vote for approval (7 days)
>
> ·Start Time: 2024-01-05 20:00 UTC
>
> ·End Time: 2024-01-12 20:00 UTC
>
> /Any email and files/attachments transmitted with it are intended 
> solely for the use of the individual or entity to whom they are 
> addressed. If this message has been sent to you in error, you must not 
> copy, distribute or disclose of the information it contains. _Please 
> notify Entrust immediately and delete the message from your system._/
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240111/2fc10423/attachment.html>

More information about the Cscwg-public mailing list