[Cscwg-public] Draft ballot CSC-4

Tim Hollebeek tim.hollebeek at digicert.com
Tue Sep 22 09:36:48 MST 2020


I actually looked at doing that, since there are more than two dates, and
it’s inconvenient to try to fit that into the two column format the table
is currently in.  One solution is to simply move to a new format that can
better and more clearly express the multiple compliance dates (Jan 2021,
June 2021, and May 2022).  I’ve tried that approach in the draft ballot I’
m about to post.

Another solution, as you noted, would be to simply reduce the complexity and
try to align the transitions better.  But that would have some rather
serious implications which we’d have to be ok with:

1.	Moving the SHA-1 date back do June, instead of leaving it in January
and only moving the RSA-2048 date (ouch?).

2a.  Moving the token date forward by a year (ouch)

2b.  Moving RSA-2048 another year back to match the token date (ouch)

So it depends how much we’re willing to move dates around in order to
simplify the requirements.  I think the new format I’m about to propose
fixes that problem without having to move the dates, but (as always) I’m
interested in hearing what others think.


From: Bruce Morton <Bruce.Morton at entrust.com>
Sent: Monday, September 21, 2020 8:33 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; cscwg-public at cabforum.org
Subject: RE: Draft ballot CSC-4


I think that the ballot would have better clarity if we just replaced
“January” with “May” in four places.


From: Cscwg-public <cscwg-public-bounces at cabforum.org
<mailto:cscwg-public-bounces at cabforum.org> > On Behalf Of Tim Hollebeek via
Sent: Friday, September 18, 2020 1:43 PM
To: cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
Subject: [EXTERNAL][Cscwg-public] Draft ballot CSC-4

Looking for endorsers …

Ballot CSC-4: Move deadline for transition to RSA-3072

Purpose of the Ballot:

The current deadline for moving from RSA-2048 to RSA-3072 falls on January
1, 2021, which is inconvenient due to code freezes due to the winter
holidays.  This ballot delays the deadline to April 30, 2021.

The following motion has been proposed by Tim Hollebeek of DigiCert, and
endorsed by XXX and YYY.


This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates" version 2.0
according to the attached redline.


The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: TBD

End Time: TBD

Vote for approval (7 days)

Start Time: TBD

End Time: TBD

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200922/777a550b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200922/777a550b/attachment-0001.p7s>

More information about the Cscwg-public mailing list