[Cscwg-public] Ballot CSC-7: Update to merge EV and Non-EV clauses

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Jan 7 07:33:17 UTC 2021 

Bruce,

Some of my concerns raised in 2020-12-16 are still unaddressed.

14.1 still seems to be a bit ambiguous. It points directly to the EV 
Guidelines section 14.1 but does it also apply for Employees that vet 
non-EV Code Signing? The answer seems to be "yes" which makes non-EV CS 
issuers non-conformant as soon as this becomes effective.

The same applies for 16.2. We need an effective date for non-EV issuers 
to migrate to the stronger EV requirements.

I would be fine with any effective date. 2021-06-01 seems to be an 
effective date for some changes regarding the key sizes so CAs already 
have their attention to this deadline. I suggest we have those two 
requirements phased-in for non-EV code signing certificate issuers.


Dimitris.


On 4/1/2021 4:52 μ.μ., Bruce Morton via Cscwg-public wrote:
>
> *Ballot CSC-7: Update to merge EV and Non-EV clauses*
>
> Purpose of the Ballot:
>
> The CSC-2 merger of the Code Signing BRs and the EV Code Signing 
> Guidelines was done without technical changes. The result is that we 
> have some sections where there is different text for Non-EV and EV 
> Code Signing certificates. In many cases there was no reason to have 
> two different requirements. In other cases, it made sense that they 
> both have the same requirement. There were of course some items where 
> EV is different and these clauses were not touched for now. These 
> items were all discussed in our bi-weekly meetings. Other minor 
> changes were the adding in a table for document revision and history 
> and another table for effective dates within the BRs. There were also 
> some errors corrected from the merger.
>
> The following motion has been proposed by Bruce Morton of Entrust, and 
> endorsed by Dimitris Zacharopoulos of HARICA and Dean Coclin of DigiCert.
>
> --- MOTION BEGINS ---
>
> This ballot modifies the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates" version 2.1 
> according to the attached redline.
>
> --- MOTION ENDS ---
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
> Start Time: 2021-01-04, 10:00 am Eastern Time (US)
> End Time: not before 2021-01-11, 10:00 am Eastern Time (US)
>
> Vote for approval (7 days)
>
> Start Time: TBD
>
> End Time: TBD
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210107/a581f2b2/attachment.html>

More information about the Cscwg-public mailing list