[Cscwg-public] VOTING BEGINS: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Christopher Kemmerer chris at ssl.com
Mon Jul 27 14:48:08 MST 2020


SSL.com votes YES on SCS-2.

Chris K

On 7/21/2020 5:24 PM, Bruce Morton via Cscwg-public wrote:
>
> This begins the voting period for Ballot CSC-2: Consolidate Baseline 
> and EV CSCWG Document
>
> Purpose of Ballot:
>
> The CA/Browser Forum currently has two code signing requirements 
> documents: 1) Baseline Requirements for the Issuance and Management of 
> Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The 
> Issuance And Management Of Extended Validation Code Signing 
> Certificates. The two documents are in similar format and cover many 
> of the same requirements. CAs which issue both types of certificates 
> must adhere to both documents and must be audited to two sets of 
> criteria. CA/Browser Forum members also need to manage two sets of 
> criteria. Auditors need to manage two sets of audit criteria.
>
> The greater goal is to 1) migrate the documents into one document 
> which will manage the requirements of both EV and non-EV code signing 
> certificates, 2) reformat the document to be in the RFC 3647 format 
> which will be in line with CPS format requirements and 3) change and 
> manage the requirements in an ongoing process.
>
> This ballot addresses item 1 of the process. The migration started 
> with using the Baseline Requirements for Code Signing and adding in 
> the EV Code Signing Requirements. The process was to minimize 
> technical change although there was some change to allow merging. The 
> process was not to correct issues, but a “parking lot” list was 
> created to capture changes to be addressed in the future.
>
> The following motion has been proposed by Bruce Morton of Entrust and 
> endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.
>
> --- MOTION BEGINS ---
>
> This ballot modifies the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates” based on 
> Version 1.2 and removes the requirements for “Guidelines For The 
> Issuance And Management Of Extended Validation Code Signing 
> Certificates” based on Version 1.4. A redline update is attached.
>
> Be it resolved that the CA / Browser Forum adopts the attached CA/B 
> Forum Baseline Requirements for the Issuance and Management of 
> Publicly‐Trusted Code Signing Certificates version 2.0 effective upon 
> adoption.
>
> --- MOTION ENDS ---
>
> This ballot proposes a Final Maintenance Guideline.
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: 9 July 2020 17:00:00 UTC
>
> End Time: 21 July 2020 22:00:00 UTC
>
> Vote for approval (7 days)
>
> Start Time: 21 July 2020 22:30:00 UTC
>
> End Time: 28 July 2020 23:00:00 UTC
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public

-- 
Chris Kemmerer
Manager of Operations
SSL.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ To find the reefs, look~~~~~~~~
~~~~     for the wrecks.    ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200727/8d8f7719/attachment-0001.html>


More information about the Cscwg-public mailing list