[Cscwg-public] Ballot CSC-10: WebTrust CSBR v2.0 Audit Criteria- Voting Begins

Tue Aug 10 05:03:29 UTC 2021

Certum votes yes on Ballot CSC-10.

W dniu 05.08.2021 o 20:06, Dean Coclin via Cscwg-public pisze:
> Voting begins on Ballot CSC-10 now.
> 
> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf Of 
> *Bruce Morton via Cscwg-public
> *Sent:* Thursday, July 29, 2021 1:38 PM
> *To:* cscwg-public at cabforum.org
> *Subject:* [Cscwg-public] Ballot CSC-10: WebTrust CSBR v2.0 Audit Criteria
> 
> Ballot CSC-10: WebTrust CSBR v2.0 Audit Criteria
> 
> Purpose of the Ballot: For Baseline Requirement for the Issuance and 
> Management of Publicly-Trusted Code Signing Certificates v2.3, the 
> purpose is to allow the new WebTrust CSBR 2.0 or later audit scheme. The 
> ballot allows the older WebTrust audits to continue for audit periods 
> which start before 1 November 2020. There is no specific start date for 
> the CSBR 2.0 audit scheme, which allows it also to be used for audit 
> periods starting before 1 November 2021.
> 
> The following motion has been proposed by Bruce Morton of Entrust, and 
> endorsed by Sebastian Schulz of GlobalSign and Inigo Barreira of Sectigo.
> 
> - MOTION BEGINS -
> 
> Delete the following text from Section 17.1:
> 
> 1. “WebTrust for CAs v2.0 or newer” AND “WebTrust for Certification 
> Authorities – Publicly Trusted Code Signing Certificates v1.0.1 or 
> newer”; or
> 
> 2. “WebTrust for CAs v2.0 or newer” AND “WebTrust for Certification 
> Authorities – Extended Validation Code Signing v1.4.1 or newer”; or
> 
> 3. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 
> 401 (the latest version of the referenced ETSI documents should be 
> applied); or
> 
> 4. If a Government CA is required by its Certificate Policy to use a 
> different internal audit scheme, it MAY use such scheme provided that 
> the audit either (a) encompasses all requirements of one of the above 
> schemes or (b) consists of comparable criteria that are available for 
> public review.
> 
> Insert the following text to Section 17.1:
> 
> 1. For Audit Periods starting before 1 November 2020, “WebTrust for CAs 
> v2.0 or newer” AND “WebTrust for Certification Authorities – Publicly 
> Trusted Code Signing Certificates v1.0.1 or newer”; or
> 
> 2. For Audit Periods starting before 1 November 2020, “WebTrust for CAs 
> v2.0 or newer” AND “WebTrust for Certification Authorities – Extended 
> Validation Code Signing v1.4.1 or newer”; or
> 
> 3. “WebTrust for CAs v2.0 or newer” AND “WebTrust for Certification 
> Authorities – Code Signing Baseline Requirements v2.0 or newer”; or
> 
> 4. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 
> 401 (the latest version of the referenced ETSI documents should be 
> applied); or
> 
> 5. If a Government CA is required by its Certificate Policy to use a 
> different internal audit scheme, it MAY use such scheme provided that 
> the audit either (a) encompasses all requirements of one of the above 
> schemes or (b) consists of comparable criteria that are available for 
> public review.
> 
> - MOTION ENDS -
> 
> The procedure for approval of this ballot is as follows:
> 
> Discussion (7 days) Start Time: 2021-07-29, 14:00 Eastern Time (US) End 
> Time: not before 2021-08-05, 14:00 Eastern Time (US)
> 
> Vote for approval (7 days) Start Time:
> 
> 
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3765 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210810/3004351f/attachment-0001.p7s>