<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi Dimitris,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I agree that we should discuss using reserved certificate policy OIDs in Subscriber certificates in a future ballot. I assume that since Microsoft required the reserved certificate policy OIDs for SSL certificate, they might have a similar
interest for Code Signing and Time-stamping. In addition, I feel that the reserved certificate policy OIDs give simple search items to sort out these certificates.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">At a minimum, we should state in section 9.3.4 that the CA may also add the reserved certificate policy OID to their certificates.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks, Bruce.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Dimitris Zacharopoulos (HARICA) <dzacharo@harica.gr>
<br>
<b>Sent:</b> Friday, July 23, 2021 3:09 AM<br>
<b>To:</b> Bruce Morton <Bruce.Morton@entrust.com>; cscwg-public@cabforum.org<br>
<b>Subject:</b> [EXTERNAL] Re: [Cscwg-public] Ballot CSC-9 - Spring 2021 Cleanup and Clarification<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">WARNING: This email originated outside of Entrust.<br>
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.<o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Bruce,<br>
<br>
Please notice that in the table of relevant dates, it would be best to add the deadline for the SHA1 change to Apr 30, 2022 in Appendix A. You an do that after the ballot passes according to our Bylaws.<br>
<br>
For Appendix B (3) and (5), I realize that despite having identified CABF reserved policy OIDs, we don't want to enforce those to code signing and timestamping certificates, at least not yet. Is this something to discuss at a future ballot?<br>
<br>
Thanks,<br>
Dimitris.<o:p></o:p></p>
<div>
<p class="MsoNormal">On 20/7/2021 6:25 μ.μ., Bruce Morton via Cscwg-public wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">Ballot CSC-9: Spring 2021 Cleanup and Clarification</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">Purpose of this ballot:</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">Cleanup and clarify requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.3.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">The following motion has been proposed by Bruce Morton, and endorsed by Ian McMillan of Microsoft and Corey Bonnell of DigiCert.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">— MOTION BEGINS —</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 2.3 according
to the following redline.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black"><a href="https://urldefense.com/v3/__https:/wiki.cabforum.org/_media/cscwg/baseline_requirements_for_the_issuance_and_management_of_code_signing_csc-9_redline.pdf__;!!FJ-Y8qCqXTj2!IbPmIk_cdylfKxUnq6enmBP1jJ0i9LoYktw5X7THSgYmOYmdFFH3zBlPhnwYVUbM3a8$" title="cscwg:baseline_requirements_for_the_issuance_and_management_of_code_signing_csc-9_redline.pdf
(524.4 KB)"><span style="color:#3399F3">Baseline
Requirements for the Issuance and Management of Code Signing Ballot CSC-9</span></a></span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">— MOTION ENDS —</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">The procedure for approval of this ballot is as follows:</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">Discussion (7 days) Start Time: 2021-07-20, 11:30 Eastern Time (US) End Time: not before 2021-07-27, 11:30 Eastern Time (US)</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:7.5pt;background:white"><span style="font-size:10.5pt;color:black">Vote for approval (7 days) Start Time:</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Cscwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/cscwg-public__;!!FJ-Y8qCqXTj2!IbPmIk_cdylfKxUnq6enmBP1jJ0i9LoYktw5X7THSgYmOYmdFFH3zBlPhnwYEwcs1GM$">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>