<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
HARICA votes "yes" to ballot CSC-6.<br>
<br>
<div class="moz-cite-prefix">On 22/2/2022 5:30 μ.μ., Ian McMillan
via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100017f220e2a0a-e1ae7f6c-21e9-4fb2-bbad-4e773c260779-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:ZH-CN;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.cabforum.org%2Fcscwg%2Fcsc_6_-_update_to_subscriber_private_key_protection_requirements&data=04%7C01%7Cianmcm%40microsoft.com%7Cdba94eb81c164facf1b508d9f019a88d%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637804815989127861%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=chOc9LY58DjZreBftXXETeYfez6xuBrSzqZxifDxvcQ%3D&reserved=0"
moz-do-not-send="true">Ballot CSC-6: Update to Subscriber
Private Key Protection Requirements</a><o:p></o:p></p>
<p class="MsoNormal">Purpose of this ballot: Update the
subscriber private key protection requirements in the Baseline
Requirement for the Issuance and Management of
Publicly-Trusted Code Signing Certificates v2.7. The following
motion has been proposed by Ian McMillan of Microsoft, and
endorsed by Tim Hollebeek of DigiCert and Bruce Morton of
Entrust.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">— MOTION BEGINS — <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This ballot updates the “Baseline
Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates“ version 2.7
according to the attached redline which includes:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<ol style="margin-top:0in" type="1" start="1">
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Update
section 16.3 “Subscriber Private Key Protection” to
“Subscriber Private Key Protection and Verification”<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Update
section 16.3 “Subscriber Private Key Protection” to include
sub-sections “16.3.1 Subscriber Private Key Protection” and
“16.3.2 Subscriber Private Key Verification”<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Update
section 16.3 under new sub-section 16.3.1 to remove
allowance of TPM key generation and software protected
private key protection, and remove private key protection
requirement differences between EV and non-EV Code Signing
Certificates<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Update
section 16.3 under new sub-section 16.3.1 to include the
allowance of key generation and protection using a
cloud-based key protection solution providing key generation
and protection in a hardware crypto module that conforms to
at least FIPS 140-2 Level 2 or Common Criteria EAL 4+<o:p></o:p></li>
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Update
section 16.3 under new sub-section 16.3.2 to include
verification for Code Signing Certificates' private key
generation and storage in a crypto module that meets or
exceeds the requirements of FIPS 140-2 level 2 or Common
Criteria EAL 4+ by the CAs. Include additional acceptable
methods for verification including cloud-based key
generation and protection solutions and a stipulation for
CAs to satisfy this verification requirement with additional
means specified in their CPS. Any additional means specified
by a CA in their CPS, must be proposed to the CA/Browser
Forum for inclusion into the acceptable methods for section
16.3.2 within 6 months of inclusion in their CPS.<o:p></o:p></li>
</ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">— MOTION ENDS —<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The procedure for approval of this ballot
is as follows:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Discussion (7 days)<o:p></o:p></p>
<p class="MsoNormal">Start Time: 2022-02-14, 19:30 Eastern Time
(US) <o:p></o:p></p>
<p class="MsoNormal">End Time: not before 2022-02-21, 19:30
Eastern Time (US)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Vote for approval (7 days) <o:p></o:p></p>
<p class="MsoNormal">Start Time: 2022-02-22,10:30 Eastern Time
(US) <o:p></o:p></p>
<p class="MsoNormal">End Time: 2022-03-01,10:30 Eastern Time
(US) <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>