<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Dean, Bruce,<br>
<br>
Apologies for not spotting this sooner. Can you please confirm if
this is the email that was sent to the public list to start the
discussion period?<br>
<br>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/pipermail/cscwg-public/2023-December/001141.html">https://lists.cabforum.org/pipermail/cscwg-public/2023-December/001141.html</a><br>
<br>
If this is the only email that was sent to start the discussion
period, I'm afraid it is not compliant with the Bylaws because when
the official discussion period started, the ballot did not include
two endorsers. Instead, it seems that it went straight to voting,
per
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/pipermail/cscwg-public/2024-January/001145.html">https://lists.cabforum.org/pipermail/cscwg-public/2024-January/001145.html</a>.<br>
<br>
Again, sorry for not discovering this earlier and I would definitely
need another pair of eyes to confirm this.<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 17/1/2024 6:36 μ.μ., Dean Coclin via
Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100018d1847f5eb-821df87c-31cd-4b5e-b933-0ef6fead440b-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Aptos;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}p.null, li.null, div.null
{mso-style-name:null;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}span.pl-mh
{mso-style-name:pl-mh;}span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Resending
to the list…<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#0174C3;mso-fareast-language:EN-US">Dean
Coclin <o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">From:</span></b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">
Dean Coclin <br>
<b>Sent:</b> Friday, January 12, 2024 4:26 PM<br>
<b>Subject:</b> Ballot CSC-22: High Risk Requirements
Update<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Voting
has concluded on Ballot CSC 22 and the results are as
follows:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Certificate
Issuers: <br>
Yes: (7) Digicert, eMudra, Entrust, Globalsign, HARICA,
Sectigo, Viking Cloud<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">No:
(0)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Abstain:
(0)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Certificate
Consumers:<br>
Yes: (1) Microsoft<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">No:
(0)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Abstain:
(0)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Quorum
was achieved. Therefore the ballot passes.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#0174C3;mso-fareast-language:EN-US">Dean
Coclin <o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#48565E;mso-fareast-language:EN-US">CSCWG
Chair<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#48565E;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#48565E;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">From:</span></b><span
style="font-size:11.0pt;mso-fareast-language:EN-US">
Cscwg-public <<a
href="mailto:cscwg-public-bounces@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">cscwg-public-bounces@cabforum.org</a>>
<b>On Behalf Of </b>Bruce Morton via Cscwg-public<br>
<b>Sent:</b> Friday, January 5, 2024 3:02 PM<br>
<b>To:</b> <a href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [Cscwg-public] Voting Period begins -
Ballot CSC-22: High Risk Requirements Update<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p style="margin:0in"><b><span
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:black">Purpose
of the Ballot</span></b><o:p></o:p></p>
<p class="MsoNormal" id="bkmrk-this-ballot-updates-"><span
style="font-size:11.0pt">This ballot updates the “Baseline
Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates“ version 3.4 in
order to clarify language regarding Signing Service and
signing requests. The main goals of this ballot are to:<o:p></o:p></span></p>
<ol id="bkmrk-remove-dependencies-" type="1" start="1">
<li class="null" style="mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove
references to High Risk Certificate Request, since the
CSBRs do not provide any actions for a high risk
application.</span></span><span class="pl-mh"><o:p></o:p></span></li>
<li class="null" style="mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove
references to High Risk Region of Concern, since the
CSBR appendix has never been populated.<o:p></o:p></span></span></li>
<li class="null" style="mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove rules
for a Takeover Attack to require the Subscriber to
generate keys in a crypto device, since crypto device
key generation is now a baseline requirement for all
code signing certificates.<o:p></o:p></span></span></li>
<li class="null" style="mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Remove option
to transfer private key which has been generated in
software.<o:p></o:p></span></span></li>
<li class="null" style="mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Cleanup to
remove Subscriber key generation option which expired
effective 1 June 2023.<o:p></o:p></span></span></li>
<li class="null" style="mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Cleanup to
remove “any other method” to verify the Subscriber key
was generated in a crypto device, since this option
expired 1 June 2023.</span></span><o:p></o:p></li>
</ol>
<p class="MsoNormal"><span style="font-size:11.0pt">The
following motion has been proposed by Bruce Morton of
Entrust and endorsed by Tim Hollebeek of DigiCert and Ian
McMillan of Microsoft.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <o:p></o:p></span></p>
<p style="margin:0in"><b><span
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:#0E101A">MOTION
BEGINS</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">This ballot
updates the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates”
("Code Signing Baseline Requirements") based on version 3.4.
MODIFY the Code Signing Baseline Requirements as specified
in the following redline: <a
href="https://url.avanan.click/v2/___https:/urldefense.com/v3/__https:/github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26...50871dc08d39102daf6c93fa556a869790643fb6__;!!FJ-Y8qCqXTj2!eGQ4FLzNANTdAsLaGTDHePbCY7_W0AsXx1qTmmyTqiyaSVcoj5VGsgK7r7e1D0YQaI5U-YDAzAAi90kRle47DpUbNXxd$___.YXAzOmRpZ2ljZXJ0OmE6bzpkNzM2ZWY2OTUzNWVhMjY4M2JhMWY5ZDQ5ZmY0MjRkODo2OjNmNzk6OWNkNzk0NTVmM2U3NTY4NGE1NWE4MmI0M2ZjMmE1YzU0MGZiMDljODdiYzFhZTdhMDdhYTJiODZmZDM3OWQ5ZjpoOkY"
title="Protected by Avanan: https://urldefense.com/v3/__https:/github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26...50871dc08d39102daf6c93fa556a869790643fb6__;!!FJ-Y8qCqXTj2!eGQ4FLzNANTdAsLaGTDHePbCY7_W0AsXx1qTmmyTqiyaSVcoj5VGsgK7r"
moz-do-not-send="true">https://github.com/cabforum/code-signing/compare/e0da5532ab81e35e2e92536c1bc9ea3c36765b26...50871dc08d39102daf6c93fa556a869790643fb6</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p style="margin:0in"><b><span
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:#0E101A">MOTION
ENDS</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The
procedure for this ballot is as follows: Discussion (minimum
7 days)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l3 level1 lfo6"><span
style="font-size:11.0pt">Start Time: 2023-12-15 00:00 UTC<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l3 level1 lfo6"><span
style="font-size:11.0pt">End Time: 2024-01-05 20:00 UTC<o:p></o:p></span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Vote for
approval (7 days)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l3 level1 lfo6"><span
style="font-size:11.0pt">Start Time: 2024-01-05 20:00 UTC<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l3 level1 lfo6"><span
style="font-size:11.0pt">End Time: 2024-01-12 20:00 UTC<o:p></o:p></span></li>
</ul>
<p class="MsoNormal"><i><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Any
email and files/attachments transmitted with it are
intended solely for the use of the individual or entity to
whom they are addressed. If this message has been sent to
you in error, you must not copy, distribute or disclose of
the information it contains. <u>Please notify Entrust
immediately and delete the message from your system.</u></span></i><span
style="font-size:12.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">
<o:p></o:p></span></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>