[Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

[Bruce Morton]

Here is the ballot to the public list for discussion. The discussion period will be extended to minimum 7 days from today, so will end no earlier than 21 July 2020, 22:00 UTC.

Thanks, Bruce.

From: Bruce Morton
Sent: Thursday, July 9, 2020 8:58 AM
To: cscwg-management at cabforum.org
Subject: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

This begins the discussion period for the Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Purpose of Ballot:

The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates. The two documents are in similar format and cover many of the same requirements. CAs which issue both types of certificates must adhere to both documents and must be audited to two sets of criteria. CA/Browser Forum members also need to manage two sets of criteria. Auditors need to manage two sets of audit criteria.

The greater goal is to 1) migrate the documents into one document which will manage the requirements of both EV and non-EV code signing certificates, 2) reformat the document to be in the RFC 3647 format which will be in line with CPS format requirements and 3) change and manage the requirements in an ongoing process.

This ballot addresses item 1 of the process. The migration started with using the Baseline Requirements for Code Signing and adding in the EV Code Signing Requirements. The process was to minimize technical change although there was some change to allow merging. The process was not to correct issues, but a “parking lot” list was created to capture changes to be addressed in the future.

The following motion has been proposed by Bruce Morton of Entrust and endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.

--- MOTION BEGINS ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” based on Version 1.2 and removes the requirements for “Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates” based on Version 1.4. A redline update is attached.

Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates version 2.0 effective upon adoption.

--- MOTION ENDS ---

This ballot proposes a Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 9 July 2020 17:00:00 UTC

End Time: 16 July 2020 17:00:00 UTC

Vote for approval (7 days)

Start Time: TBD

End Time: TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200714/840bdbb2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v.2.0readline3.pdf
Type: application/pdf
Size: 580368 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v.2.0readline3.pdf
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200714/840bdbb2/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v.2.0 3.pdf
Type: application/pdf
Size: 495798 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v.2.0 3.pdf
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200714/840bdbb2/attachment-0003.pdf>