[Cscwg-public] Ballot CSC-4 v1: Move compliance deadlines away from January 1st.

Tue Sep 29 10:10:20 MST 2020

I intend to start voting tomorrow, unless anyone has any remaining concerns.

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Tim
Hollebeek via Cscwg-public
Sent: Wednesday, September 23, 2020 3:37 PM
To: Ian McMillan <ianmcm at microsoft.com>; cscwg-public at cabforum.org
Subject: Re: [Cscwg-public] Ballot CSC-4 v1: Move compliance deadlines away
from January 1st.

Ok, we’ll go with the current draft, then.

-Tim

From: Ian McMillan <ianmcm at microsoft.com <mailto:ianmcm at microsoft.com> >
Sent: Wednesday, September 23, 2020 3:36 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com
<mailto:tim.hollebeek at digicert.com> >; cscwg-public at cabforum.org
<mailto:cscwg-public at cabforum.org>
Subject: RE: [Cscwg-public] Ballot CSC-4 v1: Move compliance deadlines away
from January 1st.

We really cannot endorse moving the SHA-1 digest algorithm dates for certs.
Moving the SHA-1 digest algorithm for certs has broader implication to the
SHA-1 deprecation public dates for Windows, which is set for May 9, 2021,
and we have to have all certs off of SHA-1 well before that May date.

Thanks,

Ian

From: Cscwg-public <cscwg-public-bounces at cabforum.org
<mailto:cscwg-public-bounces at cabforum.org> > On Behalf Of Tim Hollebeek via
Cscwg-public
Sent: Wednesday, September 23, 2020 11:19 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com
<mailto:tim.hollebeek at digicert.com> >; cscwg-public at cabforum.org
<mailto:cscwg-public at cabforum.org>
Subject: [EXTERNAL] Re: [Cscwg-public] Ballot CSC-4 v1: Move compliance
deadlines away from January 1st.

One comment I have received is whether it is better to move the “legacy
SHA-1 message digest” deadline away from January 1st, 2021 as well.  The
draft below moves the RSA deadline and the timestamp token deadline, but not
the legacy SHA-1 message digest deadline.  Is that what people want?  Or
should the SHA-1 message digest deadline move to June 1st, 2021 as well.

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org
<mailto:cscwg-public-bounces at cabforum.org> > On Behalf Of Tim Hollebeek via
Cscwg-public
Sent: Tuesday, September 22, 2020 12:49 PM
To: cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] Ballot CSC-4 v1: Move compliance deadlines away from
January 1st.

Ballot CSC-4 v1: Move deadline for transition to RSA-3072 and SHA-2
timestamp tokens

Purpose of the Ballot:

The current deadline for moving from RSA-2048 to RSA-3072 and from SHA-1 to
SHA-2 for timestamp tokens falls on January 1, 2021, which is inconvenient
due to code freezes due to the winter holidays.  This ballot delays the
deadline to June 1, 2021 for RSA-3072 and April 30, 2022 for SHA-2 timestamp
tokens.

The following motion has been proposed by Tim Hollebeek of DigiCert, and
endorsed by Ian McMillan of Microsoft and Hugh Mercer of GlobalSign.

--- MOTION BEGINS ---

This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates" version 2.0
according to the attached redline.

--- MOTION ENDS ---

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 2020-09-22, 12:45pm Eastern Time (US)

End Time: not before 2020-09-29, 12:45pm Eastern Time (US)

Vote for approval (7 days)

Start Time: TBD

End Time: TBD

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200929/351ac4f5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200929/351ac4f5/attachment.p7s>