<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Cambria;
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:892011103;
        mso-list-type:hybrid;
        mso-list-template-ids:1077806206 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Cambria","serif"">Hi everyone, <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif"">In 2013, the CA/Browser Forum voted to create a Code Signing Working Group whose sole purpose was to come up with a set of Baseline Requirements for the issuance of Code Signing Certificates.
 The result of that effort is enclosed. Once approved by the CA/B Forum and subsequent audit standards are created, all Certificate Authorities will be obligated to follow these Requirements when issuing and managing code signing certificates.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif"">The goals of this project and resulting document are as follows:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:"Cambria","serif""><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">     
</span></span></span><![endif]><span style="font-family:"Cambria","serif"">Create uniform identification and vetting procedures that all Certificate Authorities must follow when issuing code signing certificates<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:"Cambria","serif""><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">     
</span></span></span><![endif]><span style="font-family:"Cambria","serif"">Identify ways to stop the theft of private keys and prevent key compromise by increasing the required levels of key protection<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:"Cambria","serif""><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">     
</span></span></span><![endif]><span style="font-family:"Cambria","serif"">I</span><span style="font-family:"Cambria","serif"">dentify origins of malware (geographic and otherwise) and implement procedures to reduce the incidence of signed malware<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:"Cambria","serif""><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">     
</span></span></span><![endif]><span style="font-family:"Cambria","serif"">Document</span><span style="font-family:"Cambria","serif""> standards for code signing “services” which store private code-signing keys in cloud-based service offerings<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif"">Although it may seem that the biggest beneficiaries of these guidelines will be large operating system vendors that utilize code signing certificates, the public as a whole will benefit from a
 reduced incidence of malware on their systems and devices. We urge users, the software development industry, and operating system platforms to carefully review this document and provide comments to the CA/B Forum by October 30, 2014. The Working Group will
 review every comment for incorporation into the final draft.  Comments should be sent to
<a href="mailto:questions@cabforum.org"><span style="color:windowtext;text-decoration:none">questions@cabforum.org</span></a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif""><br>
Thanks,<br>
The Code Signing Working Group<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Cambria","serif""><o:p> </o:p></span></p>
</div>
</body>
</html>