<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 12/3/2019 6:46 μ.μ., Dean Coclin via
Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BN6PR14MB17776A52E7FCE1F0DA241B3292490@BN6PR14MB1777.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">In accordance with the CA/B Forum Bylaws
and the Charter of said working group, the Interim Chair
announces a call for Participants interested in joining the
Code Signing Working Group.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Current CA/B Forum members should submit
their names and company affiliations, as a formal declaration
of their intent (or provide them at the face to face meeting).</p>
</div>
</blockquote>
<br>
<br>
HARICA officially declares its intent to participate in the Code
Signing Certificate Working Group.<br>
<br>
Dimitris.<br>
<blockquote type="cite"
cite="mid:BN6PR14MB17776A52E7FCE1F0DA241B3292490@BN6PR14MB1777.namprd14.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Interested Parties are eligible to
participate once they provide the signed IPR agreement to the
Chair.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here is the text from the ballot relevant
to membership:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoPlainText">The CSCWG SHALL consist of two classes
of voting members, Certificate Issuers and Certificate
Consumers meeting the eligibility criteria below:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">(1) A Certificate Issuer eligible
for voting membership in the CSCWG MUST have a
publicly-available audit report or attestation statement in
accordance with one of the following schemes:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">* WebTrust for CAs v.2.0 or
newer; or <o:p></o:p></p>
<p class="MsoPlainText">* ETSI EN 319 411-1, which
includes normative references to ETSI EN 319 401 (the latest
version of the referenced ETSI documents should be applied);
or<o:p></o:p></p>
<p class="MsoPlainText">* If a Government Certificate
Issuer is required by its Certificate Policy to use a
different internal audit scheme, it MAY use such scheme
provided that the audit either (a) encompasses all
requirements of one of the above schemes or (b) consists of
comparable criteria that are available for public review.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">These audit reports must also meet the
following requirements:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">* They must report on the
operational effectiveness of controls for a historic period of
at least 60 days;<o:p></o:p></p>
<p class="MsoPlainText">* No more than 27 months have
elapsed since the beginning of the reported-on period and no
more than 15 months since the end of the reported-on period;
and<o:p></o:p></p>
<p class="MsoPlainText">* The audit report was
prepared by a Qualified Auditor. <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">In addition, the Certificate Issuer MUST
actively issue code signing certificates that are accepted for
use in computing platforms in which the platform supplier
accepts code signing certificates issued by such Certificate
Issuer. <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">(2) A Certificate Consumer (i.e. a
platform supplier) eligible for voting membership in the CSCWG
must produce a computing platform that accepts code signing
certificates issued by third-party Certificate Issuers who
meet criteria set by such Certificate Consumer.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">4.2.2 Membership
Application/Declaration process<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">A. An Applicant not already a
member of the Forum SHALL provide the following information: <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">* Confirmation that the
applicant satisfies at least one (1) of the membership
eligibility criteria (and if it satisfies more than one (1),
indication of the single category under which the applicant
wishes to apply).<o:p></o:p></p>
<p class="MsoPlainText">* The organization name, as
they wish it to appear on the Forum Web site and in official
Forum documents.<o:p></o:p></p>
<p class="MsoPlainText">* URL of the applicant's main
Web site.<o:p></o:p></p>
<p class="MsoPlainText">* Names and email addresses
of employees who will participate in the Working Group and
Forum as Member representatives.<o:p></o:p></p>
<p class="MsoPlainText">* Emergency contact
information for security issues related to certificate trust.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Applicants that qualify as Certificate
Issuers or Root Certificate Issuers must supply the following
additional information:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">* URL of the current
qualifying audit report.<o:p></o:p></p>
<p class="MsoPlainText">* The URL of at least one
third party website that includes a certificate issued by the
Applicant in the certificate chain.<o:p></o:p></p>
<p class="MsoPlainText">* Links or references to
issued end-entity certificates that demonstrate them being
treated as valid by a Certificate Consumer Member.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Such Applicant SHALL become a Member
once the CSCWG has determined by consensus among the Members
during a CSCWG Meeting or Teleconference that the Applicant
meets all of the requirements above or, upon the request of
any Member of the CSCWG, by a Ballot among Members of the
CSCWG. Acceptance by consensus shall be determined or a Ballot
of the Members shall be held as soon as the Applicant
indicates that it has presented all information required above
and has responded to all follow-up questions from the CSCWG
and the Member has complied with the requirements of Bylaw
5.5.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Certificate Issuer applicants that are
not actively issuing code signing certificates but otherwise
meet these membership criteria MAY request to the CSCWG that
they be granted an invitation for Associate Member status in
accordance with Bylaw 3.1, subject to conditions designated by
the CSCWG.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The CSCWG SHALL allow participation by
Interested Parties, as set forth in the Bylaws.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoNormal">An initial organizational meeting will take
place during this week’s face to face meeting followed by the
formal kickoff later in the week (see agenda for details).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dean Coclin<o:p></o:p></p>
<p class="MsoNormal">CA/B Forum Vice Chair<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org" moz-do-not-send="true">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public" moz-do-not-send="true">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>