[Cscwg-public] Draft ballot to adopt Minimum Requirements for Code Signing

Dean Coclin dean.coclin at digicert.com
Wed May 1 14:18:55 MST 2019 

I neglected to attach the document. See enclosed.

 

Dean Coclin

 

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Dean
Coclin
Sent: Tuesday, April 30, 2019 12:09 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Draft ballot to adopt Minimum Requirements for Code
Signing

 

Thanks to Ben Wilson, we have a draft ballot for the Code Signing group to
consider. I've pasted the text below. Remember, since this is a full
guideline, it requires a 60 day IPR review. We can discuss on the list or at
next week's conference call:

 

Ballot begins:

 

Whereas between February 2013 and December 2015 members of the CA/Browser
Forum developed a set of requirements for Certification Authorities issuing
Code Signing Certificates (the "Minimum Requirements for the Issuance and
Management of Publicly Trusted Code Signing Certificates" -- referred to
herein as the "Minimum Requirements"), and

 

Whereas Ballot 158 from December 2015 failed to formally adopt the Minimum
Requirements as Final Guidelines of the CA/B Forum, and

 

Whereas the Code Signing Certificate Working Group (CSCWG) of the CA/Browser
Forum was dutifully chartered on March 8, 2019 by Ballot FORUM-8, and

 

Whereas the Charter specifies that the CSCWG would continue to work on the
Minimum Requirements, subject to the CSCWG making a written finding that the
provenance of such document is sufficiently covered by the Forum's IPR
Policy, and 

 

Whereas there is sufficient evidence to establish that the Minimum
Requirements are covered by the Forum's IPR Policy, and 

 

Whereas, in order to continue such work, it is advisable that the CSCWG
propose adoption of the Minimum Requirements pursuant to procedures set
forth in CA/B Forum IPR Policy v.1.3 ("IPR 1.3"), which include a 60-day
Review Period during which a Draft Guideline may be reviewed for licensing
obligations with respect to any Essential Claims that may be encompassed by
such Draft Guideline. 

 

Now therefore, the CSCWG hereby makes the following written findings and,
pursuant to IPR 1.3,  adopts the attached Minimum Requirements for the
Issuance and Management of Publicly Trusted Code Signing Certificates as a
Forum Guideline.

 

Findings 

 

1.	On April 8, 2012, the CA/B Forum adopted Intellectual Rights Policy,
v. 1.0. ("IPR 1.0") under which a contributor grants members a copyright
license to its Contributions for the purpose of developing and publishing
Draft Guidelines.
2.	Section 8.3 of IPR 1.0 defines "Contribution" as "material,
including Draft Guidelines, Draft Guideline text, and modifications to other
Contributions, made verbally or in a tangible form of expression (including
in electronic media) which is provided by a Participant in the process of
developing a Draft Guideline for the purpose of incorporating such material
into a Draft Guideline ." and "Draft Guideline" as "a version of a CAB Forum
guideline that has not been approved as a Final Guideline or Final
Maintenance Guideline, regardless of whether or not the Draft Guideline has
been published."
3.	Beginning with the February 2013 Face-to-Face meeting of the CA/B
Forum, the Forum started work on the Minimum Requirements as a Draft
Guideline.
4.	From the period of March 2013 through November 2015, the group
worked on the Minimum Requirements during bi-weekly teleconferences, at F2F
meetings, and over email. Reports of the effort were provided at CA/B Forum
meetings.
5.	The base document from which the Minimum Requirements were developed
was the CA/Browser Forum's "Guidelines for the Issuance and Management of
Extended Validation Code Signing Certificates," licensed under a Creative
Commons Attribution 4.0 International license.
6.	The entire work on the Minimum Requirements was performed by members
of the CA/Browser Forum, as members of the CA/Browser Forum, all of whom
were bound by IPR 1.0.  
7.	Any contributions from non-members of the CA/Browser Forum were
subject to IPR 1.0 because there is an IPR Agreement on file with the
CA/Browser Forum that covers the contribution by such entity.
8.	At the conclusion of the Review Period and adoption by the Forum of
the Minimum Requirements as a Forum Guideline, the provenance and rights to
the Minimum Requirements will be sufficiently covered by the Forum's IPR
Policy.

 

Furthermore, upon adoption by the CSCWG of this ballot, the Chair of the
CA/Browser Forum shall publish a "Notice of Review Period" (60  days)
pursuant to Section 4.1 of IPR 1.3 and attach a copy of the Minimum
Requirements to such notice.  

 

 

 

Thanks,

 

Dean Coclin

Code Signing Working Group Chair

CA/Browser Forum

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190501/48ecbab4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Minimum-requirements-for-the-Issuance-and-Management-of-code-signing-(2).pdf
Type: application/pdf
Size: 718550 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190501/48ecbab4/attachment-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190501/48ecbab4/attachment-0001.p7s>

More information about the Cscwg-public mailing list