<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}
p.null, li.null, div.null
{mso-style-name:null;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}
span.pl-mh
{mso-style-name:pl-mh;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:683479429;
mso-list-template-ids:2013194948;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:992025958;
mso-list-type:hybrid;
mso-list-template-ids:962625554 -1028629442 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:52.2pt;
text-indent:-34.2pt;
font-family:Symbol;
mso-fareast-font-family:"MS PGothic";
mso-bidi-font-family:Calibri;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:1774327089;
mso-list-template-ids:2035555572;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">I plan to wait a few more days to see if there are any other comments, then issue a version 2 of the ballot assuming the endorsers agree with the change.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">Thanks, Bruce.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">From:</span></b><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"> Ian McMillan <ianmcm@microsoft.com>
<br>
<b>Sent:</b> Friday, October 13, 2023 10:59 AM<br>
<b>To:</b> Bruce Morton <Bruce.Morton@entrust.com>; cscwg-public@cabforum.org; Martijn Katerbarg <martijn.katerbarg@sectigo.com><br>
<b>Subject:</b> [EXTERNAL] RE: Ballot CSC-21: Signing Service Update<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span style="font-size:1.0pt;color:white">Agreed, that is a very good clarification. Thanks, Ian From: Cscwg-public <cscwg-public-bounces@ cabforum. org> On Behalf Of Bruce Morton via Cscwg-public Sent:
Friday, October 13, 2023 9: 33 AM To: Martijn Katerbarg <martijn. katerbarg@ sectigo. com>;
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span style="font-size:1.0pt;color:white"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Agreed, that is a very good clarification.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Thanks,<br>
Ian <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">From:</span></b><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"> Cscwg-public <<a href="mailto:cscwg-public-bounces@cabforum.org">cscwg-public-bounces@cabforum.org</a>>
<b>On Behalf Of </b>Bruce Morton via Cscwg-public<br>
<b>Sent:</b> Friday, October 13, 2023 9:33 AM<br>
<b>To:</b> Martijn Katerbarg <<a href="mailto:martijn.katerbarg@sectigo.com">martijn.katerbarg@sectigo.com</a>>;
<a href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL] Re: [Cscwg-public] Ballot CSC-21: Signing Service Update<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">Hi Martijn,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">I think this is a good clarification to separate the Signing Service from the Subscriber.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">Thanks, Bruce.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;mso-fareast-language:ZH-CN">From:</span></b><span style="font-size:11.0pt;mso-fareast-language:ZH-CN"> Martijn Katerbarg <<a href="mailto:martijn.katerbarg@sectigo.com">martijn.katerbarg@sectigo.com</a>>
<br>
<b>Sent:</b> Friday, October 13, 2023 9:17 AM<br>
<b>To:</b> Bruce Morton <<a href="mailto:Bruce.Morton@entrust.com">Bruce.Morton@entrust.com</a>>;
<a href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL] Re: Ballot CSC-21: Signing Service Update<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Hi Bruce,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">I have a concern with the “Signing Service” definition:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">“**Signing Service**: An organization that generates the Key Pair and securely manages the Private Key associated with a Subscriber's Code Signing Certificate.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">For subscribers that generate their own private keys and use these for signing (i.e., they manage them) I’m inclined to say that this would define them as a Signing Service.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Should we reword this to “An organization other than the Subscriber or any of its Affiliates, that generates the Key Pair and securely manages the Private Key associated with a Subscriber's
Code Signing Certificate”?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Regards,<br>
<br>
Martijn<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black;mso-fareast-language:EN-GB">From:
</span></b><span style="font-size:12.0pt;color:black;mso-fareast-language:EN-GB">Cscwg-public <<a href="mailto:cscwg-public-bounces@cabforum.org">cscwg-public-bounces@cabforum.org</a>> on behalf of Bruce Morton via Cscwg-public <<a href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a>><br>
<b>Date: </b>Thursday, 12 October 2023 at 21:59<br>
<b>To: </b><a href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a> <<a href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a>><br>
<b>Subject: </b>[Cscwg-public] Ballot CSC-21: Signing Service Update<o:p></o:p></span></p>
</div>
<div style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal" style="line-height:12.0pt;background:#FAFA03"><span style="color:black;mso-fareast-language:EN-GB">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and
know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<div>
<p style="margin:0in"><b><span style="font-size:13.5pt;font-family:"Arial",sans-serif;color:black">Purpose of the Ballot</span></b><o:p></o:p></p>
<p class="MsoNormal" id="bkmrk-this-ballot-updates-"><span style="font-size:11.0pt">This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.4 in order to clarify language regarding
Signing Service and signing requests. The main goals of this ballot are to:</span><o:p></o:p></p>
<ol start="1" type="1" id="bkmrk-remove-dependencies-">
<li class="null" style="mso-list:l0 level1 lfo3"><span class="pl-mh"><span style="font-size:11.0pt">Clarify the Signing Service definition and the expected deployment model.</span></span><o:p></o:p></li><li class="null" style="mso-list:l0 level1 lfo3"><span class="pl-mh"><span style="font-size:11.0pt">Remove requirements for signing request.</span></span><o:p></o:p></li><li class="null" style="mso-list:l0 level1 lfo3"><span class="pl-mh"><span style="font-size:11.0pt">Change text so Signing Service is not categorized as a Delegated Third Party.</span></span><o:p></o:p></li><li class="null" style="mso-list:l0 level1 lfo3"><span class="pl-mh"><span style="font-size:11.0pt">Not allow Signing Service to transport Private Key to Subscriber.</span></span><o:p></o:p></li><li class="null" style="mso-list:l0 level1 lfo3"><span class="pl-mh"><span style="font-size:11.0pt">Ensure Network Security Requirements are applicable to Signing Service.</span></span><o:p></o:p></li><li class="null" style="mso-list:l0 level1 lfo3"><span class="pl-mh"><span style="font-size:11.0pt">State audit requirements for Signing Service.</span></span><o:p></o:p></li></ol>
<p class="MsoNormal"><span style="font-size:11.0pt">The following motion has been proposed by Bruce Morton of Entrust and endorsed by Tim Hollebeek of DigiCert and Ian McMillan.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p style="margin:0in"><b><span style="font-size:13.5pt;font-family:"Arial",sans-serif;color:#0E101A">MOTION BEGINS</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” ("Code Signing Baseline Requirements") based on version 3.4. MODIFY the Code Signing
Baseline Requirements as specified in the following redline: <a href="https://urldefense.com/v3/__https:/github.com/cabforum/code-signing/compare/93ee9976cdc4e1104952146e3556800459694874..701d195fa95fe49e8a02435fc40fb0a018686866__;!!FJ-Y8qCqXTj2!ai_SiHTiSodTE_VWwZi8Z8QT_M2lCkP6nJYlFupqIB2vMo07Rcbx2E0bKw4GyZ1-pOj0h-PvD9Z5okpQ_IY$">
https://github.com/cabforum/code-signing/compare/93ee9976cdc4e1104952146e3556800459694874..701d195fa95fe49e8a02435fc40fb0a018686866</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p style="margin:0in"><b><span style="font-size:13.5pt;font-family:"Arial",sans-serif;color:#0E101A">MOTION ENDS</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The procedure for this ballot is as follows:</span> Discussion (7 days)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:52.2pt;text-indent:-34.2pt;mso-list:l1 level1 lfo5">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Start Time: 2023-10-12 20:00 UTC<o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:52.2pt;text-indent:-34.2pt;mso-list:l1 level1 lfo5">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>End Time: Not before 2023-10-19 20:00 UTC<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:52.2pt;text-indent:-34.2pt;mso-list:l1 level1 lfo5">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Start Time: TBD<o:p></o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:52.2pt;text-indent:-34.2pt;mso-list:l1 level1 lfo5">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>End Time: TBD<o:p></o:p></p>
</div>
</div>
</div>
</div>
<i>Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains.
<u>Please notify Entrust immediately and delete the message from your system.</u></i>
</body>
</html>