[Cscwg-public] Marking the EV Code Signing Guidelines OBSOLETE

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Sun Mar 10 08:16:51 UTC 2024



On 28/2/2024 11:44 π.μ., Martijn Katerbarg wrote:
>
> So will I.
>
> >Other ideas are welcome.
>
> How about September 2, 2020, which marks the release of CSBR v2.0, and 
> incorporated EV Code Signing into the document.
>

I'd like to thank eMudhra and Sectigo for endorsing the ballot. The 
draft ballot 
<https://wiki.cabforum.org/books/code-signing-certificate-wg/page/csc-23-marking-the-ev-code-signing-guidelines-superceded> 
(CSC-23) is ready and I plan to start the discussion period tomorrow.

>
> While we’re at it, could this ballot also get rid of this 
> (https://github.com/cabforum/code-signing/blob/main/docs/br-csc-v1-2.md) 
> file in GH?
>

I'm not sure about this one. The can decide what to include in GitHub 
and what not without the needs to have a ballot. All these documents and 
contributions are already archived as part of the public mailing list.

Dean or Bruce can bring it up at the next CSCWG Teleconference and we 
can decide to remove from the repo or follow a different process.


Best regards,
Dimitris.

>
> Regards,
>
> Martijn
>
> *From: *Cscwg-public <cscwg-public-bounces at cabforum.org> on behalf of 
> Scott Rea via Cscwg-public <cscwg-public at cabforum.org>
> *Date: *Wednesday, 28 February 2024 at 10:29
> *To: *Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>, 
> cscwg-public at cabforum.org <cscwg-public at cabforum.org>
> *Subject: *Re: [Cscwg-public] Marking the EV Code Signing Guidelines 
> OBSOLETE
>
> CAUTION: This email originated from outside of the organization. Do 
> not click links or open attachments unless you recognize the sender 
> and know the content is safe.
>
> eMudhra will endorse…
>
> Regards,
>
> _Scott
>
> *From: *Cscwg-public <cscwg-public-bounces at cabforum.org> on behalf of 
> Dimitris Zacharopoulos (HARICA) via Cscwg-public 
> <cscwg-public at cabforum.org>
> *Date: *Wednesday, 28 February 2024 at 2:46 PM
> *To: *cscwg-public at cabforum.org <cscwg-public at cabforum.org>
> *Subject: *[Cscwg-public] Marking the EV Code Signing Guidelines OBSOLETE
>
>
> 	
>
> *CAUTION:*This email is originated from outside of the organization. 
> Do not open the links or the attachments unless you recognize the 
> sender and know the content is safe.
>
>
> Dear Members,
>
> As we discussed today at the F2F#61 meeting, I would like to propose a 
> ballot to mark the "Guidelines For The Issuance And Management Of 
> Extended Validation Code Signing Certificates" as obsolete. I suggest 
> that we update the latest EVCS Guidelines v1.4 
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fworking-groups%2Fcode-signing%2Fev-code-signing-certificate-guidelines%2F&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C8cdeeef24c8d4104d4f408dc383fd290%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638447093980627329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=QJsCgjzebEfwyu%2FxSoJZRXn8sMD%2Fy%2FvCNbfBq3FN97Q%3D&reserved=0> 
> to version 1.5 with the following changes:
>
> --- BEGIN DRAFT BALLOT LANGUAGE ---
>
> In the "Notice to Readers" section, update the second paragraph to state:
>
> *"The Code Signing Working Group considers this document OBSOLETE as 
> of XX XXXXXXXX XXXX. CAs SHOULD NOT use this standard but instead 
> SHOULD use the "Baseline Requirements for the Issuance and Management 
> of Publicly‐Trusted Code Signing Certificates" that has incorporated 
> and improved requirements related to Extended Validation (EV) Code 
> Signing Certificates"*
>
> Update section 17.1 to state the following:
>
> "*As this document is marked OBSOLETE, CAs SHOULD NOT be audited 
> against this standard.*"
>
> --- END DRAFT BALLOT LANGUAGE ---
>
> The *XX XXXXXXXX XXXX *will include an *effective date* we decide. I 
> propose this date is *in the past* but I am not sure what would be a 
> reasonable date. One thought is to ask if there is a CA Member that 
> has been audited recently against the EV CS Guidelines v1.4. Another 
> thought is to ask CPA Canada and ACAB'c for feedback about when they 
> stopped issuing Audit Letters that cover the EV CS Guidelines v1.4. 
> Other ideas are welcome.
>
> Can I also have two endorsers so I can reserve a ballot number?
>
>
> Thank you,
> Dimitris.
>
> Disclaimer: The email and its contents hold confidential information 
> and are intended for the person or entity to which it is addressed. If 
> you are not the intended recipient, please note that any distribution 
> or copying of this email is strictly prohibited as per Company Policy, 
> you are requested to notify the sender and delete the email and 
> associated attachments with it from your system.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240310/4820e16b/attachment.html>


More information about the Cscwg-public mailing list