<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 17/1/2024 7:58 μ.μ., Bruce Morton
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DS0PR11MB785152958A33DB88F13F4A3082722@DS0PR11MB7851.namprd11.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Aptos;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}p.null, li.null, div.null
{mso-style-name:null;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}span.pl-mh
{mso-style-name:pl-mh;}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:JA;}span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN">Yes,
that is the email which started the discussion period.
</span></p>
</div>
</blockquote>
<br>
Do we need to start over?<br>
<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:DS0PR11MB785152958A33DB88F13F4A3082722@DS0PR11MB7851.namprd11.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN">Bruce.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN">From:</span></b><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN">
Cscwg-public <a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public-bounces@cabforum.org"><cscwg-public-bounces@cabforum.org></a>
<b>On Behalf Of </b>Dimitris Zacharopoulos (HARICA) via
Cscwg-public<br>
<b>Sent:</b> Wednesday, January 17, 2024 12:10 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL] Re: [Cscwg-public] FW: Ballot
CSC-22: High Risk Requirements Update<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span
style="font-size:1.0pt;color:white">Dean, Bruce, Apologies
for not spotting this sooner. Can you please confirm if
this is the email that was sent to the public list to
start the discussion period?
https: //lists. cabforum. org/pipermail/cscwg-public/2023-December/001141. html
If
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span
style="font-size:1.0pt;color:white"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:11.0pt">Dean, Bruce,<br>
<br>
Apologies for not spotting this sooner. Can you please
confirm if this is the email that was sent to the public
list to start the discussion period?<br>
<br>
<a
href="https://urldefense.com/v3/__https:/lists.cabforum.org/pipermail/cscwg-public/2023-December/001141.html__;!!FJ-Y8qCqXTj2!fSDk2HOLnm7WIn39bQFF9-yDtQjM_HQmeMzH0CWlB2U54D1EYMxay5UCeLFyDe9zbdbMWsSBCoW8X4fz5-57vaIzDGRk$"
moz-do-not-send="true">https://lists.cabforum.org/pipermail/cscwg-public/2023-December/001141.html</a><br>
<br>
If this is the only email that was sent to start the
discussion period, I'm afraid it is not compliant with the
Bylaws because when the official discussion period started,
the ballot did not include two endorsers. Instead, it seems
that it went straight to voting, per <a
href="https://urldefense.com/v3/__https:/lists.cabforum.org/pipermail/cscwg-public/2024-January/001145.html__;!!FJ-Y8qCqXTj2!fSDk2HOLnm7WIn39bQFF9-yDtQjM_HQmeMzH0CWlB2U54D1EYMxay5UCeLFyDe9zbdbMWsSBCoW8X4fz5-57vQ0vidAH$"
moz-do-not-send="true">
https://lists.cabforum.org/pipermail/cscwg-public/2024-January/001145.html</a>.<br>
<br>
Again, sorry for not discovering this earlier and I would
definitely need another pair of eyes to confirm this.<br>
<br>
Dimitris.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">On
17/1/2024 6:36 μ.μ., Dean Coclin via Cscwg-public wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Resending
to the list…</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#0174C3;mso-fareast-language:EN-US">Dean
Coclin
</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">From:</span></b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">
Dean Coclin
<br>
<b>Sent:</b> Friday, January 12, 2024 4:26 PM<br>
<b>Subject:</b> Ballot CSC-22: High Risk Requirements
Update</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Voting
has concluded on Ballot CSC 22 and the results are as
follows:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Certificate
Issuers:
<br>
Yes: (7) Digicert, eMudra, Entrust, Globalsign, HARICA,
Sectigo, Viking Cloud</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">No:
(0)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Abstain:
(0)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Certificate
Consumers:<br>
Yes: (1) Microsoft</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">No:
(0)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Abstain:
(0)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Quorum
was achieved. Therefore the ballot passes.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#0174C3;mso-fareast-language:EN-US">Dean
Coclin
</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#48565E;mso-fareast-language:EN-US">CSCWG
Chair</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#48565E;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#48565E;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">From:</span></b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">
Cscwg-public <<a
href="mailto:cscwg-public-bounces@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">cscwg-public-bounces@cabforum.org</a>>
<b>On Behalf Of </b>Bruce Morton via Cscwg-public<br>
<b>Sent:</b> Friday, January 5, 2024 3:02 PM<br>
<b>To:</b> <a href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [Cscwg-public] Voting Period begins -
Ballot CSC-22: High Risk Requirements Update</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p style="margin:0in"><b><span
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:black">Purpose
of the Ballot</span></b><o:p></o:p></p>
<p class="MsoNormal" id="bkmrk-this-ballot-updates-"><span
style="font-size:11.0pt">This ballot updates the “Baseline
Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates“ version 3.4 in
order to clarify language regarding Signing Service and
signing requests. The main goals of this ballot are to:</span><o:p></o:p></p>
<ol id="bkmrk-remove-dependencies-" type="1" start="1">
<li class="null" style="mso-list:l0 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove
references to High Risk Certificate Request, since the
CSBRs do not provide any actions for a high risk
application.</span></span><o:p></o:p></li>
<li class="null" style="mso-list:l0 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove
references to High Risk Region of Concern, since the
CSBR appendix has never been populated.</span></span><o:p></o:p></li>
<li class="null" style="mso-list:l0 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove
rules for a Takeover Attack to require the Subscriber
to generate keys in a crypto device, since crypto
device key generation is now a baseline requirement
for all code signing certificates.</span></span><o:p></o:p></li>
<li class="null" style="mso-list:l0 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove
option to transfer private key which has been
generated in software.</span></span><o:p></o:p></li>
<li class="null" style="mso-list:l0 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Cleanup to
remove Subscriber key generation option which expired
effective 1 June 2023.</span></span><o:p></o:p></li>
<li class="null" style="mso-list:l0 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Cleanup to
remove “any other method” to verify the Subscriber key
was generated in a crypto device, since this option
expired 1 June 2023.</span></span><o:p></o:p></li>
</ol>
<p class="MsoNormal"><span style="font-size:11.0pt">The
following motion has been proposed by Bruce Morton of
Entrust and endorsed by Tim Hollebeek of DigiCert and Ian
McMillan of Microsoft.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p style="margin:0in"><b><span
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:#0E101A">MOTION
BEGINS</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">This
ballot updates the “Baseline Requirements for the Issuance
and Management of Publicly‐Trusted Code Signing
Certificates” ("Code Signing Baseline Requirements") based
on version 3.4. MODIFY the Code Signing Baseline
Requirements as specified in the following redline: <a
href="https://urldefense.com/v3/__https:/url.avanan.click/v2/___https:/urldefense.com/v3/__https:/github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26...50871dc08d39102daf6c93fa556a869790643fb6__;!!FJ-Y8qCqXTj2!eGQ4FLzNANTdAsLaGTDHePbCY7_W0AsXx1qTmmyTqiyaSVcoj5VGsgK7r7e1D0YQaI5U-YDAzAAi90kRle47DpUbNXxd$___.YXAzOmRpZ2ljZXJ0OmE6bzpkNzM2ZWY2OTUzNWVhMjY4M2JhMWY5ZDQ5ZmY0MjRkODo2OjNmNzk6OWNkNzk0NTVmM2U3NTY4NGE1NWE4MmI0M2ZjMmE1YzU0MGZiMDljODdiYzFhZTdhMDdhYTJiODZmZDM3OWQ5ZjpoOkY__;!!FJ-Y8qCqXTj2!fSDk2HOLnm7WIn39bQFF9-yDtQjM_HQmeMzH0CWlB2U54D1EYMxay5UCeLFyDe9zbdbMWsSBCoW8X4fz5-57vdp8Qrzd$"
title="Protected by Avanan: https://urldefense.com/v3/__https:/github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26...50871dc08d39102daf6c93fa556a869790643fb6__;!!FJ-Y8qCqXTj2!eGQ4FLzNANTdAsLaGTDHePbCY7_W0AsXx1qTmmyTqiyaSVcoj5VGsgK7r"
moz-do-not-send="true">
https://github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26...50871dc08d39102daf6c93fa556a869790643fb6</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p style="margin:0in"><b><span
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:#0E101A">MOTION
ENDS</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The
procedure for this ballot is as follows: Discussion
(minimum 7 days)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<ol style="margin-top:0in" type="1" start="1">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l4 level1 lfo6"><span
style="font-size:11.0pt">Start Time: 2023-12-15 00:00
UTC</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l4 level1 lfo6"><span
style="font-size:11.0pt">End Time: 2024-01-05 20:00 UTC</span><o:p></o:p></li>
</ol>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Vote for
approval (7 days)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<ol style="margin-top:0in" type="1" start="3">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l4 level1 lfo6"><span
style="font-size:11.0pt">Start Time: 2024-01-05 20:00
UTC</span><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l4 level1 lfo6"><span
style="font-size:11.0pt">End Time: 2024-01-12 20:00 UTC</span><o:p></o:p></li>
</ol>
<p class="MsoNormal"><i><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Any
email and files/attachments transmitted with it are
intended solely for the use of the individual or entity
to whom they are addressed. If this message has been
sent to you in error, you must not copy, distribute or
disclose of the information it contains.
<u>Please notify Entrust immediately and delete the
message from your system.</u></span></i><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Cscwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Cscwg-public@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">Cscwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a
href="https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/cscwg-public__;!!FJ-Y8qCqXTj2!fSDk2HOLnm7WIn39bQFF9-yDtQjM_HQmeMzH0CWlB2U54D1EYMxay5UCeLFyDe9zbdbMWsSBCoW8X4fz5-57vXXfnulw$"
moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:ZH-CN"><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
</body>
</html>