[Cscwg-public] Ballot CSC-7: Update to merge EV and Non-EV clauses

Bruce Morton Bruce.Morton at entrust.com
Tue Dec 15 13:40:02 UTC 2020 

HI Dean,

My interpretation is that if you issue EV Code Signing certificates, then you will be audited to the new CSBR audit criteria which covers both Non-EV and EV Code Signing certificates, Since the CSBRs have references to both the SSL BRs and the SSL EV Guidelines, the CA will need controls to support requirements from those documents.

I assume for a CA which issues DV/OV SSL, EV SSL, Non-EV CS and EV CS certificates, these audits will be all blended together as there are many requirements which address more than one certificate type.

Not sure if that answers the question.

Bruce.

From: Dean Coclin <dean.coclin at digicert.com>
Sent: Monday, December 14, 2020 7:16 PM
To: Bruce Morton <Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
Subject: [EXTERNAL]RE: Ballot CSC-7: Update to merge EV and Non-EV clauses

Hey Bruce,
This doesn't change the need to have 2 separate audits for EV and non EV CS, correct?

Thanks
Dean

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Bruce Morton via Cscwg-public
Sent: Friday, November 6, 2020 3:35 PM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] Ballot CSC-7: Update to merge EV and Non-EV clauses

Purpose of Ballot CSC-7:

The CSC-2 merger of the Code Signing BRs and the EV Code Signing Guidelines was done without technical changes. The result is that we have some sections where there is different text for Non-EV and EV Code Signing certificates. In many cases there was no reason to have two different requirements. In other cases, it made sense that they both have the same requirement. There were of course some items where EV is different and these clauses were not touched for now. These items were all discussed in our bi-weekly meetings.

Other minor changes were the adding in a table for document revision and history and another table for effective dates within the BRs. There were also some errors corrected from the merger.

The proposed changes are redlined in the attached document. I am looking for two endorsers.

Thanks, Bruce.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20201215/18f41db8/attachment.html>

More information about the Cscwg-public mailing list