<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">Hi Martijn,</font></p>
<p><font face="Calibri">I can't find (in the call minutes) a past
discussion about that, however I assume it's fine for everyone
since I haven't seen any objections.<br>
</font></p>
<p><font face="Calibri">Adriano<br>
</font></p>
<p><font face="Calibri"><br>
</font></p>
<div class="moz-cite-prefix">Il 08/04/2024 10:08, Martijn Katerbarg
ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:SA1PR17MB65037C588A91DB2945A59335E3002@SA1PR17MB6503.namprd17.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
font-size:10.0pt;
font-family:"Courier New";}p.null, li.null, div.null
{mso-style-name:null;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}span.apple-converted-space
{mso-style-name:apple-converted-space;}span.pl-mh
{mso-style-name:pl-mh;}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas",serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0cm;}ul
{margin-bottom:0cm;}</style>
<div class="WordSection1">
<p class="MsoNormal">Hi Adriano,<br>
<br>
My apologies! It was in the past discussed about limiting
timestamping to 72 or 75 months alltogether, then not
requiring the SubCAs to be offline. The compromise here still
allows up to 135 month timestamp certificates, if the SubCAs
are offline. <br>
<br>
Mind you there’s no current limit to SubCA validity periods
yet, but I would like to limit this to in a future ballot as
well<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<br>
<br>
Martijn<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="mail-editor-reference-message-container">
<div>
<div
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="color:black">From: </span></b><span
style="color:black">Adriano Santoni
<a class="moz-txt-link-rfc2396E" href="mailto:adriano.santoni@staff.aruba.it"><adriano.santoni@staff.aruba.it></a><br>
<b>Date: </b>Monday, 8 April 2024 at 09:47<br>
<b>To: </b><a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public@cabforum.org"><cscwg-public@cabforum.org></a>, Martijn Katerbarg
<a class="moz-txt-link-rfc2396E" href="mailto:martijn.katerbarg@sectigo.com"><martijn.katerbarg@sectigo.com></a><br>
<b>Subject: </b>Re: [External Sender] [Cscwg-public]
[Discussion Period Begins] CSC-24 (v2): Timestamping
Private Key Protection</span><span
style="font-size:12.0pt;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<p><span style="font-family:"Calibri",sans-serif">Hi, </span><o:p></o:p></p>
<p><span style="font-family:"Calibri",sans-serif">wouldn't
it have been a little kinder to wait for an answer to
the question I asked on Friday 5? </span><o:p></o:p></p>
<p><span style="font-family:"Calibri",sans-serif">It
may be that the answer was obvious, but it remains
unclear to me where that 72 months comes from.....</span><o:p></o:p></p>
<p><span style="font-family:"Calibri",sans-serif">Adriano</span><o:p></o:p></p>
<p><o:p> </o:p></p>
<div>
<p class="MsoNormal">Il 08/04/2024 09:31, Martijn
Katerbarg via Cscwg-public ha scritto:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p><strong><span
style="font-family:"Aptos",sans-serif;color:#212121">Purpose
of the Ballot</span></strong><o:p></o:p></p>
<p class="MsoNormal" id="bkmrk-this-ballot-updates-"><span
style="color:#212121">This ballot updates the
“Baseline Requirements for the Issuance and Management
of Publicly</span><span
style="font-family:"Cambria Math",serif;color:#212121">‐</span><span
style="color:#212121">Trusted Code Signing
Certificates“ version 3.7 in order to clarify language
regarding Timestamp Authority Private Key Protection.
The main goals of this ballot are to:</span><o:p></o:p></p>
<ol id="bkmrk-remove-dependencies-" type="1" start="1">
<li class="null"
style="color:#212121;mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Require
newly issued Timestamp Authority Subordinate CA
Private Keys to be stored in offline HSMs</span></span><o:p></o:p></li>
<li class="null"
style="color:#212121;mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Add a
requirement to remove Private Keys associated with
Timestamp Certificates after a 18 months</span></span><o:p></o:p></li>
<li class="null"
style="color:#212121;mso-list:l1 level1 lfo3"><span
class="pl-mh"><span style="font-size:11.0pt">Add a
requirement to reject SHA-1 timestamp requests</span></span><o:p></o:p></li>
</ol>
<p class="MsoNormal" id="bkmrk-the-following-motion"><span
style="color:#212121">The following motion has been
proposed by Martijn Katerbarg of Sectigo and endorsed
by Bruce Morton of Entrust and Ian McMillan of
Microsoft.</span><o:p></o:p></p>
<p class="MsoNormal" id="bkmrk-%C2%A0motion-begins"><span
style="color:#212121"> <strong><span
style="font-family:"Aptos",sans-serif">MOTION
BEGINS</span></strong></span><o:p></o:p></p>
<p class="MsoNormal" id="bkmrk-this-ballot-updates--1"><span
style="color:#212121">This ballot updates the
“Baseline Requirements for the Issuance and Management
of Publicly</span><span
style="font-family:"Cambria Math",serif;color:#212121">‐</span><span
style="color:#212121">Trusted Code Signing
Certificates” ("Code Signing Baseline Requirements")
based on version 3.7. MODIFY the Code Signing Baseline
Requirements as specified in the following redline:<span
class="apple-converted-space"> </span><a
href="https://github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...84e8586846a0c836d5bccbe9ef74593358c5b421"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...84e8586846a0c836d5bccbe9ef74593358c5b421</a></span><o:p></o:p></p>
<p id="bkmrk-motion-ends"><strong><span
style="font-family:"Aptos",sans-serif;color:#212121">MOTION
ENDS</span></strong><o:p></o:p></p>
<p class="MsoNormal" id="bkmrk-the-procedure-for-th"><span
style="color:#212121">The procedure for this ballot is
as follows:</span><o:p></o:p></p>
<p id="bkmrk-discussion-%287-days%29"><span
style="color:#212121">Discussion (7 days)</span><o:p></o:p></p>
<ol style="margin-top:0cm" type="1" start="1">
<li class="MsoNormal"
style="color:#212121;mso-list:l3 level1 lfo6">Start
Time: 2024-04-08 09:00 UTC<o:p></o:p></li>
<li class="MsoNormal"
style="color:#212121;mso-list:l3 level1 lfo6">End
Time: Not before 2024-04-15 17:00 UTC<o:p></o:p></li>
</ol>
<p id="bkmrk-vote-for-approval-%287"><span
style="color:#212121">Vote for approval (7 days)</span><o:p></o:p></p>
<ol style="margin-top:0cm" type="1" start="1">
<li class="MsoNormal"
style="color:#212121;mso-list:l4 level1 lfo9">Start
Time: TBD<o:p></o:p></li>
<li class="MsoNormal"
style="color:#212121;mso-list:l4 level1 lfo9">End
Time: TBD<o:p></o:p></li>
</ol>
<p class="MsoNormal"><span style="color:#212121"> </span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Cscwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Cscwg-public@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">Cscwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a
href="https://lists.cabforum.org/mailman/listinfo/cscwg-public"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a><o:p></o:p></pre>
</blockquote>
</div>
</div>
</div>
</blockquote>
</body>
</html>