[Cscwg-public] Draft ballot to adopt Minimum Requirements for Code Signing

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue May 7 00:36:04 MST 2019


I recommend that we bring back the name "Guidelines for the Issuance and 
Management of Extended Validation Code Signing Certificates" as a CA/B 
Forum product.

This looks great as an introduction to the ballot. The actual ballot 
should introduce a version of the current "minimum requirements" 
document with a new title and probably revision number, and put to a 
vote following the Bylaws. Once we pass the Initial Vote, the IP Review 
period will start and last 60 days.

Ben will probably also need two endorsers. Any volunteers?


Dimitris.

On 30/4/2019 7:09 μ.μ., Dean Coclin wrote:
>
> Thanks to Ben Wilson, we have a draft ballot for the Code Signing 
> group to consider. I’ve pasted the text below. Remember, since this is 
> a full guideline, it requires a 60 day IPR review. We can discuss on 
> the list or at next week’s conference call:
>
> Ballot begins:
>
> Whereas between February 2013 and December 2015 members of the 
> CA/Browser Forum developed a set of requirements for Certification 
> Authorities issuing Code Signing Certificates (the “Minimum 
> Requirements for the Issuance and Management of Publicly Trusted Code 
> Signing Certificates” -- referred to herein as the “Minimum 
> Requirements”), and
>
> Whereas Ballot 158 from December 2015 failed to formally adopt the 
> Minimum Requirements as Final Guidelines of the CA/B Forum, and
>
> Whereas the Code Signing Certificate Working Group (CSCWG) of the 
> CA/Browser Forum was dutifully chartered on March 8, 2019 by Ballot 
> FORUM-8, and
>
> Whereas the Charter specifies that the CSCWG would continue to work on 
> the Minimum Requirements, subject to the CSCWG making a written 
> finding that the provenance of such document is sufficiently covered 
> by the Forum’s IPR Policy, and
>
> Whereas there is sufficient evidence to establish that the Minimum 
> Requirements are covered by the Forum’s IPR Policy, and
>
> Whereas, in order to continue such work, it is advisable that the 
> CSCWG propose adoption of the Minimum Requirements pursuant to 
> procedures set forth in CA/B Forum IPR Policy v.1.3 (“IPR 1.3”), which 
> include a 60-day Review Period during which a Draft Guideline may be 
> reviewed for licensing obligations with respect to any Essential 
> Claims that may be encompassed by such Draft Guideline.
>
> Now therefore, the CSCWG hereby makes the following written findings 
> and, pursuant to IPR 1.3, *adopts the attached Minimum Requirements 
> for the Issuance and Management of Publicly Trusted Code Signing 
> Certificates as a Forum Guideline*.
>
> *Findings *
>
>  1. On April 8, 2012, the CA/B Forum adopted Intellectual Rights
>     Policy, v. 1.0. (“IPR 1.0”) under which a contributor grants
>     members a copyright license to its Contributions for the purpose
>     of developing and publishing Draft Guidelines.
>  2. Section 8.3 of IPR 1.0 defines “Contribution” as “material,
>     including Draft Guidelines, Draft Guideline text, and
>     modifications to other Contributions, made verbally or in a
>     tangible form of expression (including in electronic media) which
>     is provided by a Participant in the process of developing a Draft
>     Guideline for the purpose of incorporating such material into a
>     Draft Guideline …” and “Draft Guideline” as “a version of a CAB
>     Forum guideline that has not been approved as a Final Guideline or
>     Final Maintenance Guideline, regardless of whether or not the
>     Draft Guideline has been published.”
>  3. Beginning with the February 2013 Face-to-Face meeting of the CA/B
>     Forum, the Forum started work on the Minimum Requirements as a
>     Draft Guideline.
>  4. From the period of March 2013 through November 2015, the group
>     worked on the Minimum Requirements during bi-weekly
>     teleconferences, at F2F meetings, and over email. Reports of the
>     effort were provided at CA/B Forum meetings.
>  5. The base document from which the Minimum Requirements were
>     developed was the CA/Browser Forum’s “Guidelines for the Issuance
>     and Management of Extended Validation Code Signing Certificates,”
>     licensed under a Creative Commons Attribution 4.0 International
>     license.
>  6. The entire work on the Minimum Requirements was performed by
>     members of the CA/Browser Forum, as members of the CA/Browser
>     Forum, all of whom were bound by IPR 1.0.
>  7. Any contributions from non-members of the CA/Browser Forum were
>     subject to IPR 1.0 because there is an IPR Agreement on file with
>     the CA/Browser Forum that covers the contribution by such entity.
>  8. At the conclusion of the Review Period and adoption by the Forum
>     of the Minimum Requirements as a Forum Guideline, the provenance
>     and rights to the Minimum Requirements will be sufficiently
>     covered by the Forum’s IPR Policy.
>
> Furthermore, upon adoption by the CSCWG of this ballot, the Chair of 
> the CA/Browser Forum shall publish a “Notice of Review Period” (60  
> days) pursuant to Section 4.1 of IPR 1.3 and attach a copy of the 
> Minimum Requirements to such notice.
>
> Thanks,
>
> Dean Coclin
>
> Code Signing Working Group Chair
>
> CA/Browser Forum
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> http://cabforum.org/mailman/listinfo/cscwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190507/d2227896/attachment.html>


More information about the Cscwg-public mailing list