<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">SSC votes: "Yes".<br>
<br>
Thanks,<br>
M.D.<br>
<br>
On 3/10/2014 6:24 PM, Ben Wilson wrote:<br>
</div>
<blockquote cite="mid:00f901cf3c7d$35106840$9f3138c0$@digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Ballot 117 - EV Code Signing Guidelines
Corrections<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Jeremy Rowley of DigiCert made the
following motion, and Iñigo Barreira of Izenpe and Rick
Andrews of Symantec endorsed it.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There are two issues with the EV code
signing guidelines that need correction:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">1. Section 9.2.2 of the EV code signing
guidelines recommends that CAs not include the SAN extension
in an EV certificate. However, section 9.7 requires that an
EV certificate include subjectAltName:permanentIdentifier.
Because the main concern is that a CA might include a domain
name in the SAN extension, we should specify that this
practice is not allowed and recognize that other information
may be present. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2. Because the EV Code Signing Guidelines
were originally based on the EV Guidelines for SSL, Section
9.2.3 of the EV code signing guidelines deprecates the CN
field. However, the CABF Code Signing Working Group received
a report that this field is still required by code signing
applications. We should still include the CN in code signing
certificates for the Subscriber’s legal name, even though the
field is deprecated for use in SSL/TLS certificates. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---Motion Begins---<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Effective immediately:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">a. Replace section 9.2.2 with
the following: <o:p></o:p></p>
<p class="MsoNormal">“9.2.2 Subject Alternative Name
Extension<o:p></o:p></p>
<p class="MsoNormal">This field MUST be present and MUST contain
the permanentIdentifier specified in Section 9.7. This field
MUST NOT contain a Domain Name or IP Address.”<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">b. Amend section 9.2.3 as
follows:<o:p></o:p></p>
<p class="MsoNormal">“9.2.2 Subject Common Name Field<o:p></o:p></p>
<p class="MsoNormal">Certificate field: subject:commonName (OID
2.5.4.3)<o:p></o:p></p>
<p class="MsoNormal">Required/Optional: Required<o:p></o:p></p>
<p class="MsoNormal">Contents: This field MUST contain the
Subject’s legal name as verified under Section 11.2.“<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---Motion ends---<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Motion Ends<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The review period for this ballot shall
commence at 2200 UTC on Monday, 10 March 2014, and will close
at 2200 UTC on Monday, 17 March 2014. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Unless the motion is withdrawn during the
review period, the voting period will start immediately
thereafter and will close at 2200 UTC on Monday, 24 March
2014. <o:p></o:p></p>
<p class="MsoNormal">Votes must be cast by posting an on-list
reply to this thread. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">A vote in favor of the motion must indicate
a clear 'yes' in the response.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">A vote against must indicate a clear 'no'
in the response. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">A vote to abstain must indicate a clear
'abstain' in the response. Unclear responses will not be
counted. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The latest vote received from any
representative of a voting member before the close of the
voting period will be counted. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Voting members are listed here: <a
moz-do-not-send="true" href="https://cabforum.org/members/">https://cabforum.org/members/</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In order for the motion to be adopted, two
thirds or more of the votes cast by members in the CA category
and more than one half of the votes cast by members in the
browser category must be in favor. <o:p></o:p></p>
<p class="MsoNormal">Quorum is currently six (6) members– at
least six members must participate in the ballot, either by
voting in favor, voting against, or by abstaining for the vote
to be valid.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>