[Cscwg-public] Draft ballot to adopt Minimum Requirements for Code Signing

[Dimitris Zacharopoulos (HARICA)]

Oops, I meant the minimum requirements to change to:

"Baseline Requirements for the Issuance and Management of 
Publicly-Trusted Code Signing Certificates".

Dimitris.

On 7/5/2019 2:59 μ.μ., Dean Coclin wrote:
>
> Isn’t that already a CA/B Forum product? (EV)
>
> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Sent:* Tuesday, May 7, 2019 3:36 AM
> *To:* Dean Coclin <dean.coclin at digicert.com>; cscwg-public at cabforum.org
> *Subject:* Re: [Cscwg-public] Draft ballot to adopt Minimum 
> Requirements for Code Signing
>
> I recommend that we bring back the name "Guidelines for the Issuance 
> and Management of Extended Validation Code Signing Certificates" as a 
> CA/B Forum product.
>
> This looks great as an introduction to the ballot. The actual ballot 
> should introduce a version of the current "minimum requirements" 
> document with a new title and probably revision number, and put to a 
> vote following the Bylaws. Once we pass the Initial Vote, the IP 
> Review period will start and last 60 days.
>
> Ben will probably also need two endorsers. Any volunteers?
>
>
> Dimitris.
>
> On 30/4/2019 7:09 μ.μ., Dean Coclin wrote:
>
>     Thanks to Ben Wilson, we have a draft ballot for the Code Signing
>     group to consider. I’ve pasted the text below. Remember, since
>     this is a full guideline, it requires a 60 day IPR review. We can
>     discuss on the list or at next week’s conference call:
>
>     Ballot begins:
>
>     Whereas between February 2013 and December 2015 members of the
>     CA/Browser Forum developed a set of requirements for Certification
>     Authorities issuing Code Signing Certificates (the “Minimum
>     Requirements for the Issuance and Management of Publicly Trusted
>     Code Signing Certificates” -- referred to herein as the “Minimum
>     Requirements”), and
>
>     Whereas Ballot 158 from December 2015 failed to formally adopt the
>     Minimum Requirements as Final Guidelines of the CA/B Forum, and
>
>     Whereas the Code Signing Certificate Working Group (CSCWG) of the
>     CA/Browser Forum was dutifully chartered on March 8, 2019 by
>     Ballot FORUM-8, and
>
>     Whereas the Charter specifies that the CSCWG would continue to
>     work on the Minimum Requirements, subject to the CSCWG making a
>     written finding that the provenance of such document is
>     sufficiently covered by the Forum’s IPR Policy, and
>
>     Whereas there is sufficient evidence to establish that the Minimum
>     Requirements are covered by the Forum’s IPR Policy, and
>
>     Whereas, in order to continue such work, it is advisable that the
>     CSCWG propose adoption of the Minimum Requirements pursuant to
>     procedures set forth in CA/B Forum IPR Policy v.1.3 (“IPR 1.3”),
>     which include a 60-day Review Period during which a Draft
>     Guideline may be reviewed for licensing obligations with respect
>     to any Essential Claims that may be encompassed by such Draft
>     Guideline.
>
>     Now therefore, the CSCWG hereby makes the following written
>     findings and, pursuant to IPR 1.3, *adopts the attached Minimum
>     Requirements for the Issuance and Management of Publicly Trusted
>     Code Signing Certificates as a Forum Guideline*.
>
>     *Findings *
>
>      1. On April 8, 2012, the CA/B Forum adopted Intellectual Rights
>         Policy, v. 1.0. (“IPR 1.0”) under which a contributor grants
>         members a copyright license to its Contributions for the
>         purpose of developing and publishing Draft Guidelines.
>      2. Section 8.3 of IPR 1.0 defines “Contribution” as “material,
>         including Draft Guidelines, Draft Guideline text, and
>         modifications to other Contributions, made verbally or in a
>         tangible form of expression (including in electronic media)
>         which is provided by a Participant in the process of
>         developing a Draft Guideline for the purpose of incorporating
>         such material into a Draft Guideline …” and “Draft Guideline”
>         as “a version of a CAB Forum guideline that has not been
>         approved as a Final Guideline or Final Maintenance Guideline,
>         regardless of whether or not the Draft Guideline has been
>         published.”
>      3. Beginning with the February 2013 Face-to-Face meeting of the
>         CA/B Forum, the Forum started work on the Minimum Requirements
>         as a Draft Guideline.
>      4. From the period of March 2013 through November 2015, the group
>         worked on the Minimum Requirements during bi-weekly
>         teleconferences, at F2F meetings, and over email. Reports of
>         the effort were provided at CA/B Forum meetings.
>      5. The base document from which the Minimum Requirements were
>         developed was the CA/Browser Forum’s “Guidelines for the
>         Issuance and Management of Extended Validation Code Signing
>         Certificates,” licensed under a Creative Commons Attribution
>         4.0 International license.
>      6. The entire work on the Minimum Requirements was performed by
>         members of the CA/Browser Forum, as members of the CA/Browser
>         Forum, all of whom were bound by IPR 1.0.
>      7. Any contributions from non-members of the CA/Browser Forum
>         were subject to IPR 1.0 because there is an IPR Agreement on
>         file with the CA/Browser Forum that covers the contribution by
>         such entity.
>      8. At the conclusion of the Review Period and adoption by the
>         Forum of the Minimum Requirements as a Forum Guideline, the
>         provenance and rights to the Minimum Requirements will be
>         sufficiently covered by the Forum’s IPR Policy.
>
>     Furthermore, upon adoption by the CSCWG of this ballot, the Chair
>     of the CA/Browser Forum shall publish a “Notice of Review Period”
>     (60  days) pursuant to Section 4.1 of IPR 1.3 and attach a copy of
>     the Minimum Requirements to such notice.
>
>     Thanks,
>
>     Dean Coclin
>
>     Code Signing Working Group Chair
>
>     CA/Browser Forum
>
>
>
>     _______________________________________________
>
>     Cscwg-public mailing list
>
>     Cscwg-public at cabforum.org  <mailto:Cscwg-public at cabforum.org>
>
>     http://cabforum.org/mailman/listinfo/cscwg-public
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190507/3e593376/attachment.html>