[Cscwg-public] Ballot CSC-10: WebTrust CSBR v2.0 Audit Criteria- Voting Begins

Fri Aug 6 05:50:42 UTC 2021

Dean,

Pleass clearly indicate when the voting ends.

The section of the original email does not state when the voting begins 
or ends.

Thanks,
Dimitris.

On 5/8/2021 9:06 μ.μ., Dean Coclin via Cscwg-public wrote:
>
> Voting begins on Ballot CSC-10 now.
>
> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf Of 
> *Bruce Morton via Cscwg-public
> *Sent:* Thursday, July 29, 2021 1:38 PM
> *To:* cscwg-public at cabforum.org
> *Subject:* [Cscwg-public] Ballot CSC-10: WebTrust CSBR v2.0 Audit Criteria
>
> Ballot CSC-10: WebTrust CSBR v2.0 Audit Criteria
>
> Purpose of the Ballot: For Baseline Requirement for the Issuance and 
> Management of Publicly-Trusted Code Signing Certificates v2.3, the 
> purpose is to allow the new WebTrust CSBR 2.0 or later audit scheme. 
> The ballot allows the older WebTrust audits to continue for audit 
> periods which start before 1 November 2020. There is no specific start 
> date for the CSBR 2.0 audit scheme, which allows it also to be used 
> for audit periods starting before 1 November 2021.
>
> The following motion has been proposed by Bruce Morton of Entrust, and 
> endorsed by Sebastian Schulz of GlobalSign and Inigo Barreira of Sectigo.
>
> - MOTION BEGINS -
>
> Delete the following text from Section 17.1:
>
> 1. “WebTrust for CAs v2.0 or newer” AND “WebTrust for Certification 
> Authorities – Publicly Trusted Code Signing Certificates v1.0.1 or 
> newer”; or
>
> 2. “WebTrust for CAs v2.0 or newer” AND “WebTrust for Certification 
> Authorities – Extended Validation Code Signing v1.4.1 or newer”; or
>
> 3. ETSI EN 319 411-1, which includes normative references to ETSI EN 
> 319 401 (the latest version of the referenced ETSI documents should be 
> applied); or
>
> 4. If a Government CA is required by its Certificate Policy to use a 
> different internal audit scheme, it MAY use such scheme provided that 
> the audit either (a) encompasses all requirements of one of the above 
> schemes or (b) consists of comparable criteria that are available for 
> public review.
>
> Insert the following text to Section 17.1:
>
> 1. For Audit Periods starting before 1 November 2020, “WebTrust for 
> CAs v2.0 or newer” AND “WebTrust for Certification Authorities – 
> Publicly Trusted Code Signing Certificates v1.0.1 or newer”; or
>
> 2. For Audit Periods starting before 1 November 2020, “WebTrust for 
> CAs v2.0 or newer” AND “WebTrust for Certification Authorities – 
> Extended Validation Code Signing v1.4.1 or newer”; or
>
> 3. “WebTrust for CAs v2.0 or newer” AND “WebTrust for Certification 
> Authorities – Code Signing Baseline Requirements v2.0 or newer”; or
>
> 4. ETSI EN 319 411-1, which includes normative references to ETSI EN 
> 319 401 (the latest version of the referenced ETSI documents should be 
> applied); or
>
> 5. If a Government CA is required by its Certificate Policy to use a 
> different internal audit scheme, it MAY use such scheme provided that 
> the audit either (a) encompasses all requirements of one of the above 
> schemes or (b) consists of comparable criteria that are available for 
> public review.
>
> - MOTION ENDS -
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7 days) Start Time: 2021-07-29, 14:00 Eastern Time (US) 
> End Time: not before 2021-08-05, 14:00 Eastern Time (US)
>
> Vote for approval (7 days) Start Time:
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210806/8351df45/attachment-0001.html>