<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Bruce,<br>
<br>
There was some delay in the delivery of the email, probably
something related to our internal systems.<br>
<br>
HARICA votes "yes" to ballot CSC-8 v3.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 29/3/2021 6:26 μ.μ., Bruce Morton
via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:010001787e97fd0d-f21e068e-31ff-4e6a-9c17-6aa0d82e5ed9-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}@font-face
{font-family:"\@MS PGothic";}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}p.xmsolistparagraph, li.xmsolistparagraph, div.xmsolistparagraph
{mso-style-name:xmsolistparagraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:xmsonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Yes.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Bruce.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Dimitris Zacharopoulos
<a class="moz-txt-link-rfc2396E" href="mailto:jimmy@it.auth.gr"><jimmy@it.auth.gr></a> <br>
<b>Sent:</b> Monday, March 29, 2021 11:04 AM<br>
<b>To:</b> Bruce Morton <a class="moz-txt-link-rfc2396E" href="mailto:Bruce.Morton@entrust.com"><Bruce.Morton@entrust.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a><br>
<b>Cc:</b> Ian McMillan <a class="moz-txt-link-rfc2396E" href="mailto:ianmcm@microsoft.com"><ianmcm@microsoft.com></a><br>
<b>Subject:</b> [EXTERNAL] Re: [Cscwg-public] Voting
Begins: Ballot CSC-8 v3: Update to Revocation response
mechanisms. key protection for EV certificates, and
clean-up of 11.2.1 & Appendix B<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">WARNING: This email originated outside of
Entrust.<br>
DO NOT CLICK links or attachments unless you trust the sender
and know the content is safe.<o:p></o:p></p>
<div class="MsoNormal" style="text-align:center" align="center">
<hr width="100%" size="2" align="center">
</div>
<p class="MsoNormal"><span
style="font-family:"Arial",sans-serif">Hi Bruce, </span>
<br>
<br>
<span style="font-family:"Arial",sans-serif">Did Ian
initiate the voting period for this ballot?</span>
<o:p></o:p></p>
<div>
<p>DZ.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Mar 29, 2021 17:44:38 Bruce Morton via Cscwg-public <<a
href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true">cscwg-public@cabforum.org</a>>:<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Entrust votes Yes to ballot CSC-8.<span
style="mso-fareast-language:JA"><o:p></o:p></span></p>
<p> <o:p></o:p></p>
<p class="MsoNormal">Bruce.<span
style="mso-fareast-language:JA"><o:p></o:p></span></p>
<p> <o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="mso-fareast-language:JA">From:</span></b><span
style="mso-fareast-language:JA"> Cscwg-public <<a
href="mailto:cscwg-public-bounces@cabforum.org"
moz-do-not-send="true">cscwg-public-bounces@cabforum.org</a>>
<b>On Behalf Of </b>Ian McMillan via Cscwg-public<br>
<b>Sent:</b> Thursday, March 25, 2021 8:50 PM<br>
<b>To:</b> <a
href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL] [Cscwg-public] Voting
Begins: Ballot CSC-8 v3: Update to Revocation
response mechanisms. key protection for EV
certificates, and clean-up of 11.2.1 & Appendix
B<o:p></o:p></span></p>
</div>
</div>
<p> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"MS
PGothic",sans-serif;mso-fareast-language:JA">WARNING:
This email originated outside of Entrust.<br>
DO NOT CLICK links or attachments unless you trust the
sender and know the content is safe.</span><span
style="mso-fareast-language:JA"><o:p></o:p></span></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span
style="font-size:12.0pt;font-family:"MS
PGothic",sans-serif;mso-fareast-language:JA">
<hr width="100%" size="2" align="center">
</span></div>
<p class="MsoNormal"><b><span
style="mso-fareast-language:JA">Ballot CSC-8 v3:
Update to Revocation response mechanisms. key
protection for EV certificates, and clean-up of 11.2.1
& Appendix B</span></b><span
style="mso-fareast-language:JA"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">Purpose
of this ballot:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">Address
the changes needed in the Baseline Requirement for the
Issuance and Management of Publicly-Trusted Code Signing
Certificates v2.2 for:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<ol style="margin-top:0in" type="1" start="1">
<li class="xmsolistparagraph"
style="margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l0
level1 lfo1">
<span style="mso-fareast-language:JA">Making OCSP
optional with CRLs being required (13.2.1, 13.2.2,
Appendix B: 3C, 5C)<o:p></o:p></span></li>
<li class="xmsolistparagraph"
style="margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l0
level1 lfo1">
<span style="mso-fareast-language:JA">Added Common
Criteria EAL 4+ to the supported key protection crypto
modules for EV certificates in light of support for
RSA 3072 keys (16.3.2)<o:p></o:p></span></li>
<li class="xmsolistparagraph"
style="margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l0
level1 lfo1">
<span style="mso-fareast-language:JA">Clean up of
Appendix B[3C] & [5C] (AIA value requirements) and
section 11.2.1 contradiction with RFC3161<o:p></o:p></span></li>
</ol>
<p class="xmsolistparagraph"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt"><span
style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="xmsonormal"
style="margin:0in;margin-bottom:.0001pt"><span
style="mso-fareast-language:JA">In Appendix B, it was
noted that the requirements for the Timestamping (5C)
and Code Signing (3C) certificates had AIA value
requirements to include the root certificate URL, but
that should be the issuing CA URL. This has been
included in this ballot.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">Corey
Bonnell noted a contradiction in the section 11.2.1
regarding Timestamp in the clause “and appends it own
Timestamp Certificate” is an unconditional requirement
for a timestamp response to include the TSA certificate
chain, but this conflicts with RFC3161 making this
clause a conditional requirement based on the certReq
field (missing or set to false). This clean up has the
clause removed from section 11.2.1.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">The
following motion has been proposed by Ian McMillan of
Microsoft, and endorsed by Dimitris Zacharopoulos of
HARICA and Bruce Morton of EnTrust.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">---
MOTION BEGINS ---<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">This
ballot modifies the “Baseline Requirements for the
Issuance and Management of Publicly‐Trusted Code Signing
Certificates" version 2.2 according to the attached
redline.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">---
MOTION ENDS ---<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">The
procedure for approval of this ballot is as follows:<br>
<br>
Discussion (7 days)<br>
Start Time: 2021-03-18, 17:30 Eastern Time (US)<br>
End Time: not before 2021-03-25, 17:30 Eastern Time (US)<br>
<br>
Vote for approval (7 days)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">Start
Time: 2021-03-25, 17:30 Eastern Time (US)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">End
Time: 2021-04-01, 17:30 Eastern Time (US)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:EN-US"> </span><span
style="mso-fareast-language:JA"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">_______________________________________________
<br>
Cscwg-public mailing list <br>
<a href="mailto:Cscwg-public@cabforum.org"
moz-do-not-send="true">Cscwg-public@cabforum.org</a> <br>
<a
href="https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/cscwg-public__;!!FJ-Y8qCqXTj2!PUDpkMGA0tB5qvu3BPoc0aVbzLFCukYC72fR7LkI9B2Mk7_clRj19mXkPj9HwDceNYA$"
moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
<o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>