<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
Unfortunately noone noticed this typo before the voting period
started, so we are forced to include it in the Maintenance Guideline
if it is voted on and then have a subsequent ballot to fix it, or
change our votes to fail the ballot and start over.<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 31/3/2021 3:51 μ.μ., Bruce Morton
via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100017888567313-e36e974a-6ed9-451f-a9e8-88508ca0971a-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}@font-face
{font-family:"\@MS PGothic";}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}p.xmsolistparagraph, li.xmsolistparagraph, div.xmsolistparagraph
{mso-style-name:x_msolistparagraph;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:ZH-CN">Reminder
that Ballot CSC-8 voting period ends on 1 April 2021. Please
vote soon, so we can meet minimum quorum.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-CN">Note
that it has been shown that there is a typo in the ballot. I
am confirming that we can fix that typo when we create the
final document for IP review.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-CN">Thanks,
Bruce.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Cscwg-public
<a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public-bounces@cabforum.org"><cscwg-public-bounces@cabforum.org></a>
<b>On Behalf Of </b>Ian McMillan via Cscwg-public<br>
<b>Sent:</b> Thursday, March 25, 2021 8:50 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL] [Cscwg-public] Voting Begins:
Ballot CSC-8 v3: Update to Revocation response mechanisms.
key protection for EV certificates, and clean-up of 11.2.1
& Appendix B<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"MS
PGothic",sans-serif">WARNING: This email originated
outside of Entrust.<br>
DO NOT CLICK links or attachments unless you trust the
sender and know the content is safe.<o:p></o:p></span></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt;font-family:"MS
PGothic",sans-serif">
<hr width="100%" size="2" align="center">
</span></div>
<p class="MsoNormal"><b>Ballot CSC-8 v3: Update to Revocation
response mechanisms. key protection for EV certificates, and
clean-up of 11.2.1 & Appendix B</b><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Purpose of this ballot:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Address the changes needed in the Baseline
Requirement for the Issuance and Management of
Publicly-Trusted Code Signing Certificates v2.2 for:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<ol style="margin-top:0in" type="1" start="1">
<li class="xmsolistparagraph"
style="margin-left:0in;mso-list:l0 level1 lfo3">Making OCSP
optional with CRLs being required (13.2.1, 13.2.2, Appendix
B: 3C, 5C)<o:p></o:p></li>
<li class="xmsolistparagraph"
style="margin-left:0in;mso-list:l0 level1 lfo3">Added Common
Criteria EAL 4+ to the supported key protection crypto
modules for EV certificates in light of support for RSA 3072
keys (16.3.2)<o:p></o:p></li>
<li class="xmsolistparagraph"
style="margin-left:0in;mso-list:l0 level1 lfo3">Clean up of
Appendix B[3C] & [5C] (AIA value requirements) and
section 11.2.1 contradiction with RFC3161<o:p></o:p></li>
</ol>
<p class="xmsolistparagraph"> <o:p></o:p></p>
<p class="xmsonormal">In Appendix B, it was noted that the
requirements for the Timestamping (5C) and Code Signing (3C)
certificates had AIA value requirements to include the root
certificate URL, but that should be the issuing CA URL. This
has been included in this ballot.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Corey Bonnell noted a contradiction in the
section 11.2.1 regarding Timestamp in the clause “and appends
it own Timestamp Certificate” is an unconditional requirement
for a timestamp response to include the TSA certificate chain,
but this conflicts with RFC3161 making this clause a
conditional requirement based on the certReq field (missing or
set to false). This clean up has the clause removed from
section 11.2.1.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The following motion has been proposed by
Ian McMillan of Microsoft, and endorsed by Dimitris
Zacharopoulos of HARICA and Bruce Morton of EnTrust.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">--- MOTION BEGINS ---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">This ballot modifies the “Baseline
Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates" version 2.2
according to the attached redline.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">--- MOTION ENDS ---<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The procedure for approval of this ballot
is as follows:<br>
<br>
Discussion (7 days)<br>
Start Time: 2021-03-18, 17:30 Eastern Time (US)<br>
End Time: not before 2021-03-25, 17:30 Eastern Time (US)<br>
<br>
Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoNormal">Start Time: 2021-03-25, 17:30 Eastern Time
(US)<o:p></o:p></p>
<p class="MsoNormal">End Time: 2021-04-01, 17:30 Eastern Time
(US)<o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span><o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>