[Cscwg-public] Voting Begins: Ballot CSC-8 v3: Update to Revocation response mechanisms. key protection for EV certificates, and clean-up of 11.2.1 & Appendix B

Wojciech Trapczyński wtrapczynski at certum.pl
Thu Apr 1 07:59:57 UTC 2021 

Certum votes Yes on Ballot CSC-8 v3.

W dniu 26.03.2021 o 01:50, Ian McMillan via Cscwg-public pisze:
> *Ballot CSC-8 v3: Update to Revocation response mechanisms. key 
> protection for EV certificates, and clean-up of 11.2.1 & Appendix B*
> 
> Purpose of this ballot:
> 
> Address the changes needed in the Baseline Requirement for the Issuance 

> and Management of Publicly-Trusted Code Signing Certificates v2.2 for:
> 
>  1. Making OCSP optional with CRLs being required (13.2.1, 13.2.2,
>     Appendix B: 3C, 5C)
>  2. Added Common Criteria EAL 4+ to the supported key protection crypto
>     modules for EV certificates in light of support for RSA 3072 keys
>     (16.3.2)
>  3. Clean up of Appendix B[3C] & [5C] (AIA value requirements) and
>     section 11.2.1 contradiction with RFC3161
> 
> In Appendix B, it was noted that the requirements for the Timestamping 
> (5C) and Code Signing (3C) certificates had AIA value requirements to 
> include the root certificate URL, but that should be the issuing CA URL. 
> This has been included in this ballot.
> 
> Corey Bonnell noted a contradiction in the section 11.2.1 regarding 
> Timestamp in the clause “and appends it own Timestamp Certificate” is an 
> unconditional requirement for a timestamp response to include the TSA 
> certificate chain, but this conflicts with RFC3161 making this clause a 

> conditional requirement based on the certReq field (missing or set to 
> false). This clean up has the clause removed from section 11.2.1.
> 
> The following motion has been proposed by Ian McMillan of Microsoft, and 
> endorsed by Dimitris Zacharopoulos of HARICA and Bruce Morton of EnTrust.
> 
> --- MOTION BEGINS ---
> 
> This ballot modifies the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates" version 2.2 
> according to the attached redline.
> 
> --- MOTION ENDS ---
> 
> The procedure for approval of this ballot is as follows:
> 
> Discussion (7 days)
> Start Time: 2021-03-18, 17:30 Eastern Time (US)
> End Time: not before 2021-03-25, 17:30 Eastern Time (US)
> 
> Vote for approval (7 days)
> 
> Start Time: 2021-03-25, 17:30 Eastern Time (US)
> 
> End Time: 2021-04-01, 17:30 Eastern Time (US)
> 
> 
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3765 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210401/c150213f/attachment.p7s>

More information about the Cscwg-public mailing list