[Cscwg-public] Draft ballot to adopt Minimum Requirements for Code Signing

Dean Coclin dean.coclin at digicert.com
Tue May 7 05:54:37 MST 2019


OK, that makes sense.

 

Ben- can you make the suggested edits to the ballot please?

 

Can we get two endorsers please?

 

Thanks,

Dean

 

From: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr> 
Sent: Tuesday, May 7, 2019 8:26 AM
To: Dean Coclin <dean.coclin at digicert.com>; cscwg-public at cabforum.org
Subject: Re: [Cscwg-public] Draft ballot to adopt Minimum Requirements for Code Signing

 

Oops, I meant the minimum requirements to change to:

"Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates".

Dimitris.

On 7/5/2019 2:59 μ.μ., Dean Coclin wrote:

Isn’t that already a CA/B Forum product? (EV)

 

From: Dimitris Zacharopoulos (HARICA)  <mailto:dzacharo at harica.gr> <dzacharo at harica.gr> 
Sent: Tuesday, May 7, 2019 3:36 AM
To: Dean Coclin  <mailto:dean.coclin at digicert.com> <dean.coclin at digicert.com>; cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org> 
Subject: Re: [Cscwg-public] Draft ballot to adopt Minimum Requirements for Code Signing

 

I recommend that we bring back the name "Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates" as a CA/B Forum product.

This looks great as an introduction to the ballot. The actual ballot should introduce a version of the current "minimum requirements" document with a new title and probably revision number, and put to a vote following the Bylaws. Once we pass the Initial Vote, the IP Review period will start and last 60 days.

Ben will probably also need two endorsers. Any volunteers?


Dimitris.

On 30/4/2019 7:09 μ.μ., Dean Coclin wrote:

Thanks to Ben Wilson, we have a draft ballot for the Code Signing group to consider. I’ve pasted the text below. Remember, since this is a full guideline, it requires a 60 day IPR review. We can discuss on the list or at next week’s conference call:

 

Ballot begins:

 

Whereas between February 2013 and December 2015 members of the CA/Browser Forum developed a set of requirements for Certification Authorities issuing Code Signing Certificates (the “Minimum Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates” -- referred to herein as the “Minimum Requirements”), and

 

Whereas Ballot 158 from December 2015 failed to formally adopt the Minimum Requirements as Final Guidelines of the CA/B Forum, and

 

Whereas the Code Signing Certificate Working Group (CSCWG) of the CA/Browser Forum was dutifully chartered on March 8, 2019 by Ballot FORUM-8, and

 

Whereas the Charter specifies that the CSCWG would continue to work on the Minimum Requirements, subject to the CSCWG making a written finding that the provenance of such document is sufficiently covered by the Forum’s IPR Policy, and 

 

Whereas there is sufficient evidence to establish that the Minimum Requirements are covered by the Forum’s IPR Policy, and 

 

Whereas, in order to continue such work, it is advisable that the CSCWG propose adoption of the Minimum Requirements pursuant to procedures set forth in CA/B Forum IPR Policy v.1.3 (“IPR 1.3”), which include a 60-day Review Period during which a Draft Guideline may be reviewed for licensing obligations with respect to any Essential Claims that may be encompassed by such Draft Guideline. 

 

Now therefore, the CSCWG hereby makes the following written findings and, pursuant to IPR 1.3,  adopts the attached Minimum Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates as a Forum Guideline.

 

Findings 

 

1.	On April 8, 2012, the CA/B Forum adopted Intellectual Rights Policy, v. 1.0. (“IPR 1.0”) under which a contributor grants members a copyright license to its Contributions for the purpose of developing and publishing Draft Guidelines.
2.	Section 8.3 of IPR 1.0 defines “Contribution” as “material, including Draft Guidelines, Draft Guideline text, and modifications to other Contributions, made verbally or in a tangible form of expression (including in electronic media) which is provided by a Participant in the process of developing a Draft Guideline for the purpose of incorporating such material into a Draft Guideline …” and “Draft Guideline” as “a version of a CAB Forum guideline that has not been approved as a Final Guideline or Final Maintenance Guideline, regardless of whether or not the Draft Guideline has been published.”
3.	Beginning with the February 2013 Face-to-Face meeting of the CA/B Forum, the Forum started work on the Minimum Requirements as a Draft Guideline.
4.	From the period of March 2013 through November 2015, the group worked on the Minimum Requirements during bi-weekly teleconferences, at F2F meetings, and over email. Reports of the effort were provided at CA/B Forum meetings.
5.	The base document from which the Minimum Requirements were developed was the CA/Browser Forum’s “Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates,” licensed under a Creative Commons Attribution 4.0 International license.
6.	The entire work on the Minimum Requirements was performed by members of the CA/Browser Forum, as members of the CA/Browser Forum, all of whom were bound by IPR 1.0.  
7.	Any contributions from non-members of the CA/Browser Forum were subject to IPR 1.0 because there is an IPR Agreement on file with the CA/Browser Forum that covers the contribution by such entity.
8.	At the conclusion of the Review Period and adoption by the Forum of the Minimum Requirements as a Forum Guideline, the provenance and rights to the Minimum Requirements will be sufficiently covered by the Forum’s IPR Policy.

 

Furthermore, upon adoption by the CSCWG of this ballot, the Chair of the CA/Browser Forum shall publish a “Notice of Review Period” (60  days) pursuant to Section 4.1 of IPR 1.3 and attach a copy of the Minimum Requirements to such notice.  

 

 

 

Thanks,

 

Dean Coclin

Code Signing Working Group Chair

CA/Browser Forum

 






_______________________________________________
Cscwg-public mailing list
Cscwg-public at cabforum.org <mailto:Cscwg-public at cabforum.org> 
http://cabforum.org/mailman/listinfo/cscwg-public

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190507/4832e9e5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190507/4832e9e5/attachment-0001.p7s>


More information about the Cscwg-public mailing list