[Cscwg-public] VOTING BEGINS: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document
Adriano Santoni
adriano.santoni at staff.aruba.it
Tue Jul 28 05:05:18 MST 2020
Actalis votes "yes".
Il 22/07/2020 00:24, Bruce Morton via Cscwg-public ha scritto:
>
> This begins the voting period for Ballot CSC-2: Consolidate Baseline
> and EV CSCWG Document
>
> Purpose of Ballot:
>
> The CA/Browser Forum currently has two code signing requirements
> documents: 1) Baseline Requirements for the Issuance and Management of
> Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The
> Issuance And Management Of Extended Validation Code Signing
> Certificates. The two documents are in similar format and cover many
> of the same requirements. CAs which issue both types of certificates
> must adhere to both documents and must be audited to two sets of
> criteria. CA/Browser Forum members also need to manage two sets of
> criteria. Auditors need to manage two sets of audit criteria.
>
> The greater goal is to 1) migrate the documents into one document
> which will manage the requirements of both EV and non-EV code signing
> certificates, 2) reformat the document to be in the RFC 3647 format
> which will be in line with CPS format requirements and 3) change and
> manage the requirements in an ongoing process.
>
> This ballot addresses item 1 of the process. The migration started
> with using the Baseline Requirements for Code Signing and adding in
> the EV Code Signing Requirements. The process was to minimize
> technical change although there was some change to allow merging. The
> process was not to correct issues, but a “parking lot” list was
> created to capture changes to be addressed in the future.
>
> The following motion has been proposed by Bruce Morton of Entrust and
> endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.
>
> --- MOTION BEGINS ---
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly‐Trusted Code Signing Certificates” based on
> Version 1.2 and removes the requirements for “Guidelines For The
> Issuance And Management Of Extended Validation Code Signing
> Certificates” based on Version 1.4. A redline update is attached.
>
> Be it resolved that the CA / Browser Forum adopts the attached CA/B
> Forum Baseline Requirements for the Issuance and Management of
> Publicly‐Trusted Code Signing Certificates version 2.0 effective upon
> adoption.
>
> --- MOTION ENDS ---
>
> This ballot proposes a Final Maintenance Guideline.
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: 9 July 2020 17:00:00 UTC
>
> End Time: 21 July 2020 22:00:00 UTC
>
> Vote for approval (7 days)
>
> Start Time: 21 July 2020 22:30:00 UTC
>
> End Time: 28 July 2020 23:00:00 UTC
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200728/f2975e76/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200728/f2975e76/attachment-0001.p7s>
More information about the Cscwg-public
mailing list