[Cscwg-public] Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria

Fri Aug 13 13:53:18 UTC 2021

Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria
This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.2).  This Review Period is for Final Maintenance Guidelines (30 day Review Period).  A complete draft of the Draft Guideline that is the subject of this Review Notice is attached.
Date Review Notice Sent:             August 13, 2021
Ballot for Review:                          Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria
Start of Review Period:                 August 13, 2021 at 14:00 UTC
End of Review Period:                  September 12, 2021 at 14:00 UTC
Please forward any Exclusion Notice relating to Essential Claims to the Chair by email to dean.coclin at digicert.com<mailto:dean.coclin at digicert.com> before the end of the Review Period.  See current version of CA/Browser Forum Intellectual Property Rights Policy for details.

Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria
- MOTION BEGINS -
Delete the following text from Section 17.1:
1. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Publicly Trusted Code Signing Certificates v1.0.1 or newer"; or
2. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Extended Validation Code Signing v1.4.1 or newer"; or
3. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 401 (the latest version of the referenced ETSI documents should be applied); or
4. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements of one of the above schemes or (b) consists of comparable criteria that are available for public review.
Insert the following text to Section 17.1:
1. For Audit Periods starting before 1 November 2020, "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Publicly Trusted Code Signing Certificates v1.0.1 or newer"; or
2. For Audit Periods starting before 1 November 2020, "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Extended Validation Code Signing v1.4.1 or newer"; or
3. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Code Signing Baseline Requirements v2.0 or newer"; or
4. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 401 (the latest version of the referenced ETSI documents should be applied); or
5. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements of one of the above schemes or (b) consists of comparable criteria that are available for public review.
- MOTION ENDS -

Bruce Morton
CA/Browser Forum CSCWG Vice Chair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210813/11e1a48e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v2.5_redline.pdf
Type: application/pdf
Size: 537635 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v2.5_redline.pdf
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210813/11e1a48e/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v2.5.pdf
Type: application/pdf
Size: 511385 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v2.5.pdf
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210813/11e1a48e/attachment-0003.pdf>