<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Microsoft YaHei UI";
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:"\@Microsoft YaHei UI";
panose-1:2 11 5 3 2 2 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texte de bulles Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.TextedebullesCar
{mso-style-name:"Texte de bulles Car";
mso-style-priority:99;
mso-style-link:"Texte de bulles";
font-family:"Segoe UI","sans-serif";}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
p.BalloonText, li.BalloonText, div.BalloonText
{mso-style-name:"Balloon Text";
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p.a, li.a, div.a
{mso-style-name:批注框文本;
mso-style-link:"批注框文本 Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.Char
{mso-style-name:"批注框文本 Char";
mso-style-priority:99;
mso-style-link:批注框文本;
font-family:"Microsoft YaHei UI","sans-serif";}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.u
{mso-style-name:u;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;
text-decoration:none none;}
span.EmailStyle29
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;}
span.EmailStyle30
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle31
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle33
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;}
span.EmailStyle34
{mso-style-type:personal-compose;
font-family:"Arial","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=FR link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-language:EN-US'>OpenTrust votes Yes.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Rémi.</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-language:EN-US'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Ben Wilson<br><b>Sent:</b> 02 September 2014 17:30<br><b>To:</b> <a href="mailto:public@cabforum.org">public@cabforum.org</a> (<a href="mailto:public@cabforum.org">public@cabforum.org</a>)<br><b>Subject:</b> [cabfpub] Ballot 132 - EV Code Signing Timestamp Validity Period<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=line867><strong><span lang=EN-US>Ballot 132 - EV Code Signing Timestamp Validity Period</span></strong><span lang=EN-US> <o:p></o:p></span></p><p class=line867><strong><span lang=EN-US>Rationale for Ballot 132</span></strong><span lang=EN-US> <o:p></o:p></span></p><p class=line874><span lang=EN-US>1. Ideally, TSA services should be consistent across the multiple services that rely on them (Code Signing, EV Code Signing, AATLs, etc.) <o:p></o:p></span></p><p class=line874><span lang=EN-US>2. Time stamps are used not just to time-stamp code, but other objects, such as signed financial reports and other digital objects. <o:p></o:p></span></p><p class=line874><span lang=EN-US>3 The EV Guidelines and some government archival systems require that signatures be capable of automatic verification for approximately ten years. <o:p></o:p></span></p><p class=line874><span lang=EN-US>4. When the EV Guidelines for code signing were developed, it was thought that a 123-month period would provide a three-month cushion (120 months plus 3). But because the BRs for Code Signing anticipate that a new key pair will be cycled every 15 months, then a 15-month period should be added to the 10-year TSA certificate validity, not just for code signing, but for all other uses where those extra months can add a longer period for automatic validation of the time-stamp. This would equal 135 months (120 months plus 15). <o:p></o:p></span></p><p class=line874><span lang=EN-US>5. A longer validity period for the TSA certificate is also justified because the requirement of a new key pair every 15 months will reduce the risk severity due to a key compromise. <o:p></o:p></span></p><p class=line862><span lang=EN-US>6. There are additional reasons to allow a longer period, including from Japan, the time-stamping regulations of the METI pursuant to Article 435 of the Japanese Companies Act, subsection 2 (Preparation and Retention of Financial Statements, etc.), subsection 4 (financial schedules to be retained for ten years from the time of preparation). See <a href="http://www.dekyo.or.jp/tb/english/index.html">http://www.dekyo.or.jp/tb/english/index.html</a> <o:p></o:p></span></p><p class=line874><span lang=EN-US>Steve Roylance of Globalsign made the following motion and Ben Wilson of Digicert and Rob Stradling of Comodo endorsed it: <o:p></o:p></span></p><p class=line874><span lang=EN-US>--Motion Begins -- <o:p></o:p></span></p><p class=line874><span lang=EN-US>In Sections 8.2.1 and 9.4 of the EV Code Signing Guidelines replace "one hundred and twenty three months" with "one hundred and thirty five months" (in three places in each section) as follows:<o:p></o:p></span></p><p class=line874><span lang=EN-US>8.2.1 Implementation <o:p></o:p></span></p><p class=line874><span lang=EN-US>Each Issuer MUST develop, implement, enforce, display prominently on its Web site, and periodically update as necessary its own auditable EV Code Signing Object practices, policies and procedures, such as a Certification Practice Statement (CPS) and Certificate Policy (CP) that: <o:p></o:p></span></p><p class=line874><span lang=EN-US>(A) Implement the requirements of these Guidelines as they are revised from time-to-time; <o:p></o:p></span></p><p class=line874><span lang=EN-US>(B) Implement the requirements of (i) the then-current WebTrust Program for CAs, and (ii) the then-current WebTrust EV Program or ETSI TS 102 042 V2.1.1; and <o:p></o:p></span></p><p class=line874><span lang=EN-US>(C) Specify the Issuer’s (and applicable Root CA’s) entire root certificate hierarchy including all roots that its EV Code Signing Certificates depend on for proof of those EV Code Signing Certificates’ authenticity. With the exception of revocation checking for time-stamped and expired certificates, platforms are expected to validate signed code in accordance with RFC 5280. <o:p></o:p></span></p><p class=line874><span lang=EN-US>When a platform encounters a certificate that fails to validate due to revocation, the platform should reject the code. When a platform encounters a certificate that fails to validate for reasons other than revocation, the platform should treat the code as it would if it had been unsigned. Ordinarily, a code signature created by a Subscriber may be considered valid for a period of up to thirty-nine months. However, a code signature may be treated as valid for a period of up to one hundred and <u>thirty five</u> <s>twenty three</s> months by means of one of the following methods: the “Timestamp” method or the “Signing Authority” method. <o:p></o:p></span></p><p class=line874><span lang=EN-US>(A) Timestamp Method: In this method, the Subscriber signs the code, appends its EV Code Signing Certificate (whose expiration time is less than thirty-nine months in the future) and submits it to an EV Timestamp Authority to be time-stamped. The resulting package can be considered valid up to the expiration time of the timestamp certificate (which may be up to one hundred and <u>thirty five</u> <s>twenty three</s> months in the future). <o:p></o:p></span></p><p class=line874><span lang=EN-US>(B) Signing Authority Method: In this method, the Subscriber submits the code, or a digest of the code, to an EV Signing Authority for signature. The resulting signature is valid up to the expiration time of the Signing Authority certificate (which may be up to one hundred and <u>thirty five</u> <s>twenty three</s> months in the future). <o:p></o:p></span></p><p class=line874><span lang=EN-US>9.4 Maximum Validity Period For EV Code Signing Certificate<o:p></o:p></span></p><p class=line874><span lang=EN-US>Code may be signed at any point in the development or distribution process, either by a software publisher or a user organization. Signed code may be verified at any time, including during: download, unpacking, installation, reinstallation, or execution, or during a forensic investigation. Subscribers may obtain an EV Code Signing Certificate with a validity period not exceeding thirty-nine months. Timestamp Authorities and Signing Authorities may obtain an EV Timestamp Certificate or EV Code Signing Certificate (respectively) with a validity period not exceeding one hundred and <u>thirty five</u> <s>twenty three</s> months. The validity period for an EV Code Signing Certificate issued to a Subscriber MUST NOT exceed thirty-nine months. The validity period for an EV Code Signing Certificate issued to a Signing Authority that fully complies with these Guidelines MUST NOT exceed one hundred and <u>thirty five</u> <s>twenty three</s> months. The validity period for an EV Timestamp Certificate issued to a Timestamp Authority that fully complies with these Guidelines MUST NOT exceed one hundred and <u>thirty five </u><s>twenty three</s> months. <o:p></o:p></span></p><p class=line874><span lang=EN-US>-- Motion Ends --<o:p></o:p></span></p><p class=line874><span lang=EN-US>The review period for this ballot shall commence at 2100 UTC on Tuesday, 2 September 2014, and will close at 2100 UTC on Tuesday, 9 September 2014. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2100 UTC on Tuesday, 16 September 2014. Votes must be cast by posting an on-list reply to this thread. <o:p></o:p></span></p><p class=line862><span lang=EN-US>A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: <a href="https://cabforum.org/members/">https://cabforum.org/members/</a> <o:p></o:p></span></p><p class=line874><span lang=EN-US>In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Also, at least seven members must participate in the ballot, either by voting in favor, voting against, or abstaining. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div></div></div></body></html>