<font size=2 face="sans-serif">CERTUM votes YES</font>
<br>
<br>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">Od:
</font><font size=1 face="sans-serif">Dean Coclin <Dean_Coclin@symantec.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Do:
</font><font size=1 face="sans-serif">CABFPub <public@cabforum.org></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Data:
</font><font size=1 face="sans-serif">2015-12-03 22:26</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Temat:
</font><font size=1 face="sans-serif">Re: [cabfpub] Ballot
158: Adopt Code Signing Baseline Requirements</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Wysłane przez:
</font><font size=1 face="sans-serif">public-bounces@cabforum.org</font>
<br>
<hr noshade>
<br>
<br>
<br><font size=3 color=#004080 face="Calibri">Adding public link to final
version: </font><a href="https://cabforum.org/wp-content/uploads/Code-Signing-Requirements-2015-11-19.pdf"><font size=3 color=blue face="Calibri"><u>https://cabforum.org/wp-content/uploads/Code-Signing-Requirements-2015-11-19.pdf</u></font></a>
<br><font size=3 color=#004080 face="Calibri"> </font>
<br><font size=3 color=#004080 face="Calibri"> </font>
<br><font size=3 face="Tahoma"><b>From:</b> public-bounces@cabforum.org
[</font><a href="mailto:public-bounces@cabforum.org"><font size=3 face="Tahoma">mailto:public-bounces@cabforum.org</font></a><font size=3 face="Tahoma">]
<b>On Behalf Of </b>Dean Coclin<b><br>
Sent:</b> Thursday, December 03, 2015 4:04 PM<b><br>
To:</b> CABFPub<b><br>
Subject:</b> [cabfpub] Ballot 158: Adopt Code Signing Baseline Requirements</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">After a 2 week pre-ballot, the Code Signing
Working Group has now prepared the formal ballot below:</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri"><u>Ballot 158: Adopt Code Signing Baseline
Requirements</u></font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">The following motion is proposed by the
Code Signing Working Group and is endorsed by Microsoft, Trend Micro and
OATI. Further information on the ballot is in the email message below.</font>
<p><font size=3 face="Calibri"><b>- - - - Motion for Ballot 158 - - - -</b></font>
<p><font size=3 face="Calibri">Be it resolved that the CA / Browser Forum
adopts the recommendation of the Code Signing Working Group for Version
1.0 of the Baseline Requirements for Code Signing. Once adopted, the effective
date will be October 1, 2016.</font>
<p><font size=3 face="Calibri"><b>- - - - Motion Ends - - - -</b></font>
<br><font size=3 face="Calibri">The review period for this ballot shall
commence at 2200 UTC on 3 Dec 2015, and will close at 2200 UTC on 10 Dec
2015. Unless the motion is withdrawn during the review period, the voting
period will start immediately thereafter and will close at 2200 UTC on
17 Dec 2015. Votes must be cast by posting an on-list reply to this thread.
</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">A vote in favor of the motion must indicate
a clear 'yes' in the response. A vote against must indicate a clear 'no'
in the response. A vote to abstain must indicate a clear 'abstain' in the
response. Unclear responses will not be counted. The latest vote received
from any representative of a voting member before the close of the voting
period will be counted. Voting members are listed here: </font>
<br><font size=3 face="Calibri"> </font>
<br><a href=https://cabforum.org/members/><font size=3 color=blue face="Calibri"><u>https://cabforum.org/members/</u></font></a><font size=3 face="Calibri">
</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">In order for the motion to be adopted,
two thirds or more of the votes cast by members in the CA category and
greater than 50% of the votes cast by members in the browser category must
be in favor. Quorum is currently nine (9) members– at least nine members
must participate in the ballot, either by voting in favor, voting against,
or abstaining.</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">Dean Coclin and Jeremy Rowley</font>
<br><font size=3 face="Calibri">Code Signing Working Group co-chairs</font>
<br><font size=3 color=#004080 face="Calibri"> </font>
<br><font size=3 face="Tahoma"><b>From:</b> </font><a href="mailto:public-bounces@cabforum.org"><font size=3 color=blue face="Tahoma"><u>public-bounces@cabforum.org</u></font></a><font size=3 face="Tahoma">
[</font><a href="mailto:public-bounces@cabforum.org"><font size=3 color=blue face="Tahoma"><u>mailto:public-bounces@cabforum.org</u></font></a><font size=3 face="Tahoma">]
<b>On Behalf Of </b>Dean Coclin<b><br>
Sent:</b> Thursday, November 19, 2015 2:01 PM<b><br>
To:</b> CABFPub<b><br>
Subject:</b> [cabfpub] Pre-Ballot: Code Signing Baseline Requirements</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">The Code Signing Working Group of the CA/Browser
Forum has completed its work on Version 1 of the Code Signing Baseline
Requirements. The Working Group has been meeting over the last 2+
years to develop and bring this topic to the Forum for approval. </font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">This Working Group was chartered by the
Forum at the Mozilla face to face meeting in February 2013 and has brought
together forum members and outside participants to craft a document which
we believe will help improve the security of the ecosystem. Forum members
in the working group include: Comodo, Digicert, Entrust, ETSI, Federal
PKI, Firmaprofessional, Globalsign, Izenpe, Microsoft, Startcom,
SwissSign, Symantec, Trend Micro, WoSign as well as non-members: Cacert,
Intarsys, OTA, Richter, and Travelport. Also, there have been several
public commenting periods which resulted in changes and revisions to the
document. </font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">The stated goal of the group was to: “Create
a set of baseline requirements for code signing that will reduce the incidence
of signed malware”. We strived to work on 3 sub goals, which are by no
means 100% solved. However we feel that the document reflects progress
towards these goals which were:</font>
<br><font size=3 face="Calibri">1. Minimize private
key theft by moving toward more secure key storage (protection of private
keys)</font>
<br><font size=3 face="Calibri">2. Baseline authentication
and vetting procedures for all parties</font>
<br><font size=3 face="Calibri">3. Information sharing
(notification/revocation) for fraud detection. This piece was moved to
the Information Sharing Working Group</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri"><u>The document is now final and no further
changes are being accepted</u>. Comments and suggestions will be accumulated
for a future version of the document.</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">The group is seeking 2 endorsers for the
ballot below:</font>
<p><font size=3 face="Calibri"><b>- - - - Motion for Ballot XXX - - - -</b></font>
<p><font size=3 face="Calibri">Be it resolved that the CA / Browser Forum
adopts the recommendation of the Code Signing Working Group for Version
1.0 of the Baseline Requirements for Code Signing. Once adopted the effective
date will be October 1, 2016.</font>
<p><font size=3 face="Calibri"><b>- - - - Motion Ends - - - -</b></font>
<br><font size=3 face="Calibri">The review period for this ballot shall
commence at 2200 UTC on 3 Dec 2015, and will close at 2200 UTC on 10 Dec
2015. Unless the motion is withdrawn during the review period, the voting
period will start immediately thereafter and will close at 2200 UTC on
17 Dec 2015. Votes must be cast by posting an on-list reply to this thread.
</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">A vote in favor of the motion must indicate
a clear 'yes' in the response. A vote against must indicate a clear 'no'
in the response. A vote to abstain must indicate a clear 'abstain' in the
response. Unclear responses will not be counted. The latest vote received
from any representative of a voting member before the close of the voting
period will be counted. Voting members are listed here: </font>
<br><font size=3 face="Calibri"> </font>
<br><a href=https://cabforum.org/members/><font size=3 color=blue face="Calibri"><u>https://cabforum.org/members/</u></font></a><font size=3 face="Calibri">
</font>
<br><font size=3 face="Calibri"> </font>
<br><font size=3 face="Calibri">In order for the motion to be adopted,
two thirds or more of the votes cast by members in the CA category and
greater than 50% of the votes cast by members in the browser category must
be in favor. Quorum is currently nine (9) members– at least nine members
must participate in the ballot, either by voting in favor, voting against,
or abstaining.</font>
<br><font size=3 face="Calibri"> [załącznik "smime.p7s"
został usunięty przez użytkownika Piotr Matusiewicz/UNIZETO] </font><tt><font size=2>_______________________________________________<br>
Public mailing list<br>
Public@cabforum.org<br>
</font></tt><a href=https://cabforum.org/mailman/listinfo/public><tt><font size=2>https://cabforum.org/mailman/listinfo/public</font></tt></a><tt><font size=2><br>
</font></tt>
<br>