[Cscwg-public] 答复: VOTING BEGINS: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

[Xiu Lei]

GDCA votes YES on Ballot CSC-2.

 

Thanks.

  _____  

Best regards,

Xiu Lei

Security Policy Committee

Global Digital Cybersecurity Authority CO., LTD. (GDCA) 

 <http://www.gdca.com.cn> http://www.gdca.com.cn 

 

·¢¼þÈË: cscwg-public-bounces at cabforum.org
[mailto:cscwg-public-bounces at cabforum.org] ´ú±í Bruce Morton via
Cscwg-public
·¢ËÍʱ¼ä: 2020Äê7ÔÂ22ÈÕ 6:24
ÊÕ¼þÈË: cscwg-public at cabforum.org
Ö÷Ìâ: [Cscwg-public] VOTING BEGINS: Ballot CSC-2: Consolidate Baseline and
EV CSCWG Document

 

This begins the voting period for Ballot CSC-2: Consolidate Baseline and EV
CSCWG Document

 

Purpose of Ballot:

 

The CA/Browser Forum currently has two code signing requirements documents:
1) Baseline Requirements for the Issuance and Management of Publicly©\
Trusted Code Signing Certificates and 2) Guidelines For The Issuance And
Management Of Extended Validation Code Signing Certificates. The two
documents are in similar format and cover many of the same requirements. CAs
which issue both types of certificates must adhere to both documents and
must be audited to two sets of criteria. CA/Browser Forum members also need
to manage two sets of criteria. Auditors need to manage two sets of audit
criteria.

 

The greater goal is to 1) migrate the documents into one document which will
manage the requirements of both EV and non-EV code signing certificates, 2)
reformat the document to be in the RFC 3647 format which will be in line
with CPS format requirements and 3) change and manage the requirements in an
ongoing process.

 

This ballot addresses item 1 of the process. The migration started with
using the Baseline Requirements for Code Signing and adding in the EV Code
Signing Requirements. The process was to minimize technical change although
there was some change to allow merging. The process was not to correct
issues, but a ¡°parking lot¡± list was created to capture changes to be
addressed in the future.

 

The following motion has been proposed by Bruce Morton of Entrust and
endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.

 

--- MOTION BEGINS ---

 

This ballot modifies the ¡°Baseline Requirements for the Issuance and
Management of Publicly©\Trusted Code Signing Certificates¡± based on Version
1.2 and removes the requirements for ¡°Guidelines For The Issuance And
Management Of Extended Validation Code Signing Certificates¡± based on
Version 1.4. A redline update is attached.

 

Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum
Baseline Requirements for the Issuance and Management of Publicly©\Trusted
Code Signing Certificates version 2.0 effective upon adoption.

 

--- MOTION ENDS ---

 

This ballot proposes a Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 9 July 2020 17:00:00 UTC

End Time: 21 July 2020 22:00:00 UTC

Vote for approval (7 days)

 

Start Time: 21 July 2020 22:30:00 UTC

 

End Time: 28 July 2020 23:00:00 UTC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200728/6ad1e6d8/attachment-0001.html>