[Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Bruce Morton Bruce.Morton at entrustdatacard.com
Tue Jul 21 14:12:47 MST 2020


OK, sounds good.

Thanks, Bruce.

From: Tim Hollebeek <tim.hollebeek at digicert.com>
Sent: Tuesday, July 21, 2020 4:50 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; cscwg-public at cabforum.org; Bruce Morton <Bruce.Morton at entrustdatacard.com>; Dean Coclin <dean.coclin at digicert.com>; Atsushi Inaba <atsushi.inaba at globalsign.com>
Subject: [EXTERNAL]RE: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Also, we’re fine with handling it in a subsequent cleanup in order to avoid delay of the current ballot.

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Tim Hollebeek via Cscwg-public
Sent: Tuesday, July 21, 2020 4:09 PM
To: Bruce Morton <Bruce.Morton at entrustdatacard.com<mailto:Bruce.Morton at entrustdatacard.com>>; Dean Coclin <dean.coclin at digicert.com<mailto:dean.coclin at digicert.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>; Atsushi Inaba <atsushi.inaba at globalsign.com<mailto:atsushi.inaba at globalsign.com>>
Subject: Re: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Then isn’t it denied for both?  I think the document should specify what the right behavior/requirement is for both certificate types, and not be silent on one, even if one of the original documents is silent.

-Tim

From: Bruce Morton <Bruce.Morton at entrustdatacard.com<mailto:Bruce.Morton at entrustdatacard.com>>
Sent: Tuesday, July 21, 2020 4:05 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>; Dean Coclin <dean.coclin at digicert.com<mailto:dean.coclin at digicert.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>; Atsushi Inaba <atsushi.inaba at globalsign.com<mailto:atsushi.inaba at globalsign.com>>
Subject: RE: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Hi Tim,

I don’t see that DC is specified or define for EV Code Signing certificates as such, I don’t think we should say it is allowed for EV Code Signing certificates in this merged document.

Can we address at a later time? If so, I will put the current ballot out for voting.

Thanks, Bruce.

From: Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>
Sent: Tuesday, July 21, 2020 3:56 PM
To: Dean Coclin <dean.coclin at digicert.com<mailto:dean.coclin at digicert.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>; Atsushi Inaba <atsushi.inaba at globalsign.com<mailto:atsushi.inaba at globalsign.com>>; Bruce Morton <Bruce.Morton at entrustdatacard.com<mailto:Bruce.Morton at entrustdatacard.com>>
Subject: [EXTERNAL]RE: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Apologies for a tangent, but while looking at the current language, I noticed that it is silent on the requirement for EV code signing certs, which could lead to confusion.

If we’re trying to keep the current behavior, for additional clarity, it should say something like:

9.2.3. Subject Domain Component Field

This field MAY be present in EV Code Signing Certificates, but MUST NOT be present in Non-EV Code Signing Certificates.

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Dean Coclin via Cscwg-public
Sent: Tuesday, July 21, 2020 3:48 PM
To: Atsushi Inaba <atsushi.inaba at globalsign.com<mailto:atsushi.inaba at globalsign.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>; Bruce Morton <Bruce.Morton at entrustdatacard.com<mailto:Bruce.Morton at entrustdatacard.com>>
Subject: Re: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Hello Inaba-san,

I reviewed the document and compared it to the EV Code Signing Guidelines and the Baseline Requirements for Code Signing.  Section 9.2.3 with the Heading “Subject Domain Component Field” only appears in the Baseline Requirements. Hence it only applies to Non-EV certs.  That same section number in the EV document is titled, “Subject Business Category Field”. Bruce has moved that to section 9.2.5 in the new document.

Making the change you suggest, although probably a good one, would be beyond our guidance of no substantive changes for this ballot. We should consider it though for a future document update.

Bruce-if you agree, please don’t forget to start the voting later today.

Thanks
Dean

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Atsushi Inaba via Cscwg-public
Sent: Monday, July 20, 2020 1:01 AM
To: Bruce Morton <Bruce.Morton at entrustdatacard.com<mailto:Bruce.Morton at entrustdatacard.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: Re: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Dear Bruce,

Sorry to ask about such minor details.
How about trying to change the description of 9.2.3 slightly?

<From>
9.2.3 Subject Domain Component Field
For Non-EV Code Signing Certificates, this field MUST not be
present in a Code Signing Certificate.

<To>
9.2.3 Subject Domain Component Field
This field MUST not be present in a Code Signing Certificate.


Best regards,
Atsushi Inaba

―――――――――――――――――――――――――――――
GMO GlobalSign K.K.

Business Planning
Atsushi Inaba

1-2-3, Dogenzaka, Shibuya Ku, Tokyo, Japan
150-0043

TEL: +81-3-6370-6671
FAX: +81-3-6370-6505
E-MAIL: atsushi.inaba at globalsign.com<mailto:atsushi.inaba at globalsign.com>
URL:https://jp.globalsign.com/
―――――――――――――――――――――――――――――
THANK YOU 24 YEARS Internet for Everyone
―――――――――――――――――――――――――――――
■ GMO INTERNET GROUP ■ http://www.gmo.jp/
―――――――――――――――――――――――――――――
This e-mail message is intended to be conveyed only to the
designated recipient(s). If you are NOT the intended
recipient(s) of this e-mail, please kindly notify the sender
immediately and delete the original message from your system.

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Bruce Morton via Cscwg-public
Sent: Wednesday, July 15, 2020 6:36 AM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Here is the ballot to the public list for discussion. The discussion period will be extended to minimum 7 days from today, so will end no earlier than 21 July 2020, 22:00 UTC.

Thanks, Bruce.

From: Bruce Morton
Sent: Thursday, July 9, 2020 8:58 AM
To: cscwg-management at cabforum.org<mailto:cscwg-management at cabforum.org>
Subject: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

This begins the discussion period for the Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Purpose of Ballot:

The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates. The two documents are in similar format and cover many of the same requirements. CAs which issue both types of certificates must adhere to both documents and must be audited to two sets of criteria. CA/Browser Forum members also need to manage two sets of criteria. Auditors need to manage two sets of audit criteria.

The greater goal is to 1) migrate the documents into one document which will manage the requirements of both EV and non-EV code signing certificates, 2) reformat the document to be in the RFC 3647 format which will be in line with CPS format requirements and 3) change and manage the requirements in an ongoing process.

This ballot addresses item 1 of the process. The migration started with using the Baseline Requirements for Code Signing and adding in the EV Code Signing Requirements. The process was to minimize technical change although there was some change to allow merging. The process was not to correct issues, but a “parking lot” list was created to capture changes to be addressed in the future.

The following motion has been proposed by Bruce Morton of Entrust and endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.

--- MOTION BEGINS ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” based on Version 1.2 and removes the requirements for “Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates” based on Version 1.4. A redline update is attached.

Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates version 2.0 effective upon adoption.

--- MOTION ENDS ---

This ballot proposes a Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 9 July 2020 17:00:00 UTC

End Time: 16 July 2020 17:00:00 UTC

Vote for approval (7 days)

Start Time: TBD

End Time: TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200721/57b4338d/attachment-0001.html>


More information about the Cscwg-public mailing list