[Cscwg-public] VOTING BEGINS: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document
Daniela Hood
dxhood at godaddy.com
Mon Jul 27 11:51:56 MST 2020
GoDaddy votes Yes on ballot CSC-2.
Daniela Hood
GoDaddy | Compliance Manager
[https://email-sig.gd-resources.net/img/godaddy-logo-outline.png]
+16026881766
Gilbert, Arizona, United States
dxhood at godaddy.com<mailto:dxhood at godaddy.com>
From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Bruce Morton via Cscwg-public
Sent: Tuesday, July 21, 2020 3:24 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] VOTING BEGINS: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document
Notice: This email is from an external sender.
This begins the voting period for Ballot CSC-2: Consolidate Baseline and EV CSCWG Document
Purpose of Ballot:
The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates. The two documents are in similar format and cover many of the same requirements. CAs which issue both types of certificates must adhere to both documents and must be audited to two sets of criteria. CA/Browser Forum members also need to manage two sets of criteria. Auditors need to manage two sets of audit criteria.
The greater goal is to 1) migrate the documents into one document which will manage the requirements of both EV and non-EV code signing certificates, 2) reformat the document to be in the RFC 3647 format which will be in line with CPS format requirements and 3) change and manage the requirements in an ongoing process.
This ballot addresses item 1 of the process. The migration started with using the Baseline Requirements for Code Signing and adding in the EV Code Signing Requirements. The process was to minimize technical change although there was some change to allow merging. The process was not to correct issues, but a “parking lot” list was created to capture changes to be addressed in the future.
The following motion has been proposed by Bruce Morton of Entrust and endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.
--- MOTION BEGINS ---
This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” based on Version 1.2 and removes the requirements for “Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates” based on Version 1.4. A redline update is attached.
Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates version 2.0 effective upon adoption.
--- MOTION ENDS ---
This ballot proposes a Final Maintenance Guideline.
The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time: 9 July 2020 17:00:00 UTC
End Time: 21 July 2020 22:00:00 UTC
Vote for approval (7 days)
Start Time: 21 July 2020 22:30:00 UTC
End Time: 28 July 2020 23:00:00 UTC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200727/36d5754c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 13061 bytes
Desc: image002.png
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200727/36d5754c/attachment-0001.png>
More information about the Cscwg-public
mailing list