<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">Hi all,</font></p>
<p><font face="Calibri">I have a couple of doubts on the current
text; I beg your pardon if these have been discussed before:</font></p>
<p><font face="Calibri">* Section 9.2.1 (Subject Alternative Name
Extension) provides "No stipulation". Written that way, it
implies that a code signing certificate with (say) a FQDN in its
SAN would be okay, which perhaps is </font><font face="Calibri"><font
face="Calibri">not intended (?).<br>
</font></font></p>
<p><font face="Calibri">* Section 11.8 (Due diligence) just refers
to Section 11.13 of the EV Guidelines. It's not specified,
though, if this requirement applies to both EV and non-EV
certificates. As written, it seems to imply that it applies to
both, which I suppose is not intended (?).<br>
</font></p>
<p><font face="Calibri">Adriano</font></p>
<p><font face="Calibri"></font><br>
</p>
<div class="moz-cite-prefix">Il 11/01/2021 07:40, Dimitris
Zacharopoulos (HARICA) via Cscwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:01000176f02ce2d0-c44809c7-3a45-48b7-b6bb-80e6b01362c2-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<br>
<br>
<div class="moz-cite-prefix">On 8/1/2021 10:22 π.μ., Dimitris
Zacharopoulos (HARICA) via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01000176e116ad5b-7d50282a-e373-429d-b207-c6bd47367bc2-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<div class="moz-cite-prefix">On 7/1/2021 10:28 μ.μ., Bruce
Morton wrote:<br>
</div>
<blockquote type="cite"
cite="mid:SN6PR11MB2656D0ABF903C69C19542F9B82AF0@SN6PR11MB2656.namprd11.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:JA;}span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN">Hi Dimitris,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN">Can you please
propose a text change to help fix the issue?</span></p>
</div>
</blockquote>
<br>
Sure, I will try to get something on the list early next week.<br>
</blockquote>
<br>
Attached. I also updated table 2.2 adding these two dates as new
rows. Please review.<br>
<br>
<br>
Best regards,<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:01000176e116ad5b-7d50282a-e373-429d-b207-c6bd47367bc2-000000@email.amazonses.com">
<br>
<br>
Dimitris.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:SN6PR11MB2656D0ABF903C69C19542F9B82AF0@SN6PR11MB2656.namprd11.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN">Thanks, Bruce.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:ZH-CN">From:</span></b><span
style="mso-fareast-language:ZH-CN"> Dimitris
Zacharopoulos (HARICA) <a
class="moz-txt-link-rfc2396E"
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"><dzacharo@harica.gr></a>
<br>
<b>Sent:</b> Thursday, January 7, 2021 2:33 AM<br>
<b>To:</b> Bruce Morton <a
class="moz-txt-link-rfc2396E"
href="mailto:Bruce.Morton@entrust.com"
moz-do-not-send="true"><Bruce.Morton@entrust.com></a>;
<a class="moz-txt-link-abbreviated"
href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL]Re: [Cscwg-public] Ballot
CSC-7: Update to merge EV and Non-EV clauses<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><strong><span
style="font-family:"Calibri",sans-serif;color:red">WARNING:</span></strong>
This email originated outside of Entrust.<br>
<strong><span
style="font-family:"Calibri",sans-serif;color:red">DO
NOT CLICK</span></strong> links or attachments unless
you trust the sender and know the content is safe.<o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center">
<hr width="100%" size="2" align="center"> </div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
Bruce,<br>
<br>
Some of my concerns raised in 2020-12-16 are still
unaddressed.<br>
<br>
14.1 still seems to be a bit ambiguous. It points directly
to the EV Guidelines section 14.1 but does it also apply
for Employees that vet non-EV Code Signing? The answer
seems to be "yes" which makes non-EV CS issuers
non-conformant as soon as this becomes effective.<br>
<br>
The same applies for 16.2. We need an effective date for
non-EV issuers to migrate to the stronger EV requirements.<br>
<br>
I would be fine with any effective date. 2021-06-01 seems
to be an effective date for some changes regarding the key
sizes so CAs already have their attention to this
deadline. I suggest we have those two requirements
phased-in for non-EV code signing certificate issuers.<br>
<br>
<br>
Dimitris.<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 4/1/2021 4:52 μ.μ., Bruce Morton
via Cscwg-public wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><b>Ballot CSC-7: Update to merge EV
and Non-EV clauses</b><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Purpose of the Ballot:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The CSC-2 merger of the Code Signing
BRs and the EV Code Signing Guidelines was done without
technical changes. The result is that we have some
sections where there is different text for Non-EV and EV
Code Signing certificates. In many cases there was no
reason to have two different requirements. In other
cases, it made sense that they both have the same
requirement. There were of course some items where EV is
different and these clauses were not touched for now.
These items were all discussed in our bi-weekly
meetings. Other minor changes were the adding in a table
for document revision and history and another table for
effective dates within the BRs. There were also some
errors corrected from the merger.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The following motion has been
proposed by Bruce Morton of Entrust, and endorsed by
Dimitris Zacharopoulos of HARICA and Dean Coclin of
DigiCert.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">--- MOTION BEGINS ---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">This ballot modifies the “Baseline
Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates" version 2.1
according to the attached redline.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">--- MOTION ENDS ---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The procedure for approval of this
ballot is as follows:<br>
<br>
Discussion (7+ days)<br>
Start Time: 2021-01-04, 10:00 am Eastern Time (US)<br>
End Time: not before 2021-01-11, 10:00 am Eastern Time
(US)<br>
<br>
Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoNormal">Start Time: TBD<o:p></o:p></p>
<p class="MsoNormal">End Time: TBD<o:p></o:p></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Cscwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Cscwg-public@cabforum.org" moz-do-not-send="true">Cscwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://lists.cabforum.org/mailman/listinfo/cscwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org" moz-do-not-send="true">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
</body>
</html>