<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 11/1/2021 9:57 π.μ., Adriano Santoni
via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01000176f0736057-9d54fddc-97d1-43fc-9742-c4820058e0eb-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font face="Calibri">Hi all,</font></p>
<p><font face="Calibri">I have a couple of doubts on the current
text; I beg your pardon if these have been discussed before:</font></p>
<p><font face="Calibri">* Section 9.2.1 (Subject Alternative Name
Extension) provides "No stipulation". Written that way, it
implies that a code signing certificate with (say) a FQDN in
its SAN would be okay, which perhaps is </font><font
face="Calibri"><font face="Calibri">not intended (?).<br>
</font></font></p>
</blockquote>
<br>
Hi Adriano,<br>
<br>
This is a copy from the existing requirements. The goal of this
ballot is to harmonize requirements between EV and Non EV Code
Signing Certificates. Perhaps you can propose a new ballot to
address any other concerns or improvements separately.<br>
<br>
<blockquote type="cite"
cite="mid:01000176f0736057-9d54fddc-97d1-43fc-9742-c4820058e0eb-000000@email.amazonses.com">
<p><font face="Calibri"><font face="Calibri"> </font></font></p>
<p><font face="Calibri">* Section 11.8 (Due diligence) just refers
to Section 11.13 of the EV Guidelines. It's not specified,
though, if this requirement applies to both EV and non-EV
certificates. As written, it seems to imply that it applies to
both, which I suppose is not intended (?).<br>
</font></p>
</blockquote>
<br>
It is intended. The previous (and existing) requirements for Non EV
Code Signing Certificates required the same level of due diligence
that applies for EV Code Signing Certificates (two-person rule) but
used a slightly different language to describe the requirement.
That's why the WG decided to refer to the EV Guidelines for both
types of Code Signing Certificates to make it clearer.<br>
<br>
Hope this helps.<br>
<br>
<br>
Dimitris.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:01000176f0736057-9d54fddc-97d1-43fc-9742-c4820058e0eb-000000@email.amazonses.com">
<p><font face="Calibri"> </font></p>
<p><font face="Calibri">Adriano</font></p>
<p><br>
</p>
<div class="moz-cite-prefix">Il 11/01/2021 07:40, Dimitris
Zacharopoulos (HARICA) via Cscwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:01000176f02ce2d0-c44809c7-3a45-48b7-b6bb-80e6b01362c2-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<br>
<br>
<div class="moz-cite-prefix">On 8/1/2021 10:22 π.μ., Dimitris
Zacharopoulos (HARICA) via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01000176e116ad5b-7d50282a-e373-429d-b207-c6bd47367bc2-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<div class="moz-cite-prefix">On 7/1/2021 10:28 μ.μ., Bruce
Morton wrote:<br>
</div>
<blockquote type="cite"
cite="mid:SN6PR11MB2656D0ABF903C69C19542F9B82AF0@SN6PR11MB2656.namprd11.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:JA;}span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN">Hi Dimitris,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN">Can you please
propose a text change to help fix the issue?</span></p>
</div>
</blockquote>
<br>
Sure, I will try to get something on the list early next week.<br>
</blockquote>
<br>
Attached. I also updated table 2.2 adding these two dates as new
rows. Please review.<br>
<br>
<br>
Best regards,<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:01000176e116ad5b-7d50282a-e373-429d-b207-c6bd47367bc2-000000@email.amazonses.com">
<br>
<br>
Dimitris.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:SN6PR11MB2656D0ABF903C69C19542F9B82AF0@SN6PR11MB2656.namprd11.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN">Thanks, Bruce.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:ZH-CN">From:</span></b><span
style="mso-fareast-language:ZH-CN"> Dimitris
Zacharopoulos (HARICA) <a
class="moz-txt-link-rfc2396E"
href="mailto:dzacharo@harica.gr"
moz-do-not-send="true"><dzacharo@harica.gr></a>
<br>
<b>Sent:</b> Thursday, January 7, 2021 2:33 AM<br>
<b>To:</b> Bruce Morton <a
class="moz-txt-link-rfc2396E"
href="mailto:Bruce.Morton@entrust.com"
moz-do-not-send="true"><Bruce.Morton@entrust.com></a>;
<a class="moz-txt-link-abbreviated"
href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL]Re: [Cscwg-public]
Ballot CSC-7: Update to merge EV and Non-EV
clauses<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><strong><span
style="font-family:"Calibri",sans-serif;color:red">WARNING:</span></strong>
This email originated outside of Entrust.<br>
<strong><span
style="font-family:"Calibri",sans-serif;color:red">DO
NOT CLICK</span></strong> links or attachments
unless you trust the sender and know the content is
safe.<o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center">
<hr width="100%" size="2" align="center"> </div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
Bruce,<br>
<br>
Some of my concerns raised in 2020-12-16 are still
unaddressed.<br>
<br>
14.1 still seems to be a bit ambiguous. It points
directly to the EV Guidelines section 14.1 but does it
also apply for Employees that vet non-EV Code Signing?
The answer seems to be "yes" which makes non-EV CS
issuers non-conformant as soon as this becomes
effective.<br>
<br>
The same applies for 16.2. We need an effective date for
non-EV issuers to migrate to the stronger EV
requirements.<br>
<br>
I would be fine with any effective date. 2021-06-01
seems to be an effective date for some changes regarding
the key sizes so CAs already have their attention to
this deadline. I suggest we have those two requirements
phased-in for non-EV code signing certificate issuers.<br>
<br>
<br>
Dimitris.<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 4/1/2021 4:52 μ.μ., Bruce Morton
via Cscwg-public wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><b>Ballot CSC-7: Update to merge EV
and Non-EV clauses</b><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Purpose of the Ballot:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The CSC-2 merger of the Code
Signing BRs and the EV Code Signing Guidelines was
done without technical changes. The result is that we
have some sections where there is different text for
Non-EV and EV Code Signing certificates. In many cases
there was no reason to have two different
requirements. In other cases, it made sense that they
both have the same requirement. There were of course
some items where EV is different and these clauses
were not touched for now. These items were all
discussed in our bi-weekly meetings. Other minor
changes were the adding in a table for document
revision and history and another table for effective
dates within the BRs. There were also some errors
corrected from the merger.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The following motion has been
proposed by Bruce Morton of Entrust, and endorsed by
Dimitris Zacharopoulos of HARICA and Dean Coclin of
DigiCert.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">--- MOTION BEGINS ---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">This ballot modifies the “Baseline
Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates" version
2.1 according to the attached redline.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">--- MOTION ENDS ---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The procedure for approval of this
ballot is as follows:<br>
<br>
Discussion (7+ days)<br>
Start Time: 2021-01-04, 10:00 am Eastern Time (US)<br>
End Time: not before 2021-01-11, 10:00 am Eastern Time
(US)<br>
<br>
Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoNormal">Start Time: TBD<o:p></o:p></p>
<p class="MsoNormal">End Time: TBD<o:p></o:p></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Cscwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Cscwg-public@cabforum.org" moz-do-not-send="true">Cscwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://lists.cabforum.org/mailman/listinfo/cscwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org" moz-do-not-send="true">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org" moz-do-not-send="true">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>