[Cscwg-public] [EXTERNAL]Re: Ballot CSC-7: Update to merge EV and Non-EV clauses
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Fri Jan 8 08:22:01 UTC 2021
On 7/1/2021 10:28 μ.μ., Bruce Morton wrote:
>
> Hi Dimitris,
>
> Can you please propose a text change to help fix the issue?
>
Sure, I will try to get something on the list early next week.
Dimitris.
> Thanks, Bruce.
>
> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Sent:* Thursday, January 7, 2021 2:33 AM
> *To:* Bruce Morton <Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
> *Subject:* [EXTERNAL]Re: [Cscwg-public] Ballot CSC-7: Update to merge
> EV and Non-EV clauses
>
> *WARNING:* This email originated outside of Entrust.
> *DO NOT CLICK* links or attachments unless you trust the sender and
> know the content is safe.
>
> ------------------------------------------------------------------------
>
>
> Bruce,
>
> Some of my concerns raised in 2020-12-16 are still unaddressed.
>
> 14.1 still seems to be a bit ambiguous. It points directly to the EV
> Guidelines section 14.1 but does it also apply for Employees that vet
> non-EV Code Signing? The answer seems to be "yes" which makes non-EV
> CS issuers non-conformant as soon as this becomes effective.
>
> The same applies for 16.2. We need an effective date for non-EV
> issuers to migrate to the stronger EV requirements.
>
> I would be fine with any effective date. 2021-06-01 seems to be an
> effective date for some changes regarding the key sizes so CAs already
> have their attention to this deadline. I suggest we have those two
> requirements phased-in for non-EV code signing certificate issuers.
>
>
> Dimitris.
>
> On 4/1/2021 4:52 μ.μ., Bruce Morton via Cscwg-public wrote:
>
> *Ballot CSC-7: Update to merge EV and Non-EV clauses*
>
> Purpose of the Ballot:
>
> The CSC-2 merger of the Code Signing BRs and the EV Code Signing
> Guidelines was done without technical changes. The result is that
> we have some sections where there is different text for Non-EV and
> EV Code Signing certificates. In many cases there was no reason to
> have two different requirements. In other cases, it made sense
> that they both have the same requirement. There were of course
> some items where EV is different and these clauses were not
> touched for now. These items were all discussed in our bi-weekly
> meetings. Other minor changes were the adding in a table for
> document revision and history and another table for effective
> dates within the BRs. There were also some errors corrected from
> the merger.
>
> The following motion has been proposed by Bruce Morton of Entrust,
> and endorsed by Dimitris Zacharopoulos of HARICA and Dean Coclin
> of DigiCert.
>
> --- MOTION BEGINS ---
>
> This ballot modifies the “Baseline Requirements for the Issuance
> and Management of Publicly‐Trusted Code Signing Certificates"
> version 2.1 according to the attached redline.
>
> --- MOTION ENDS ---
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
> Start Time: 2021-01-04, 10:00 am Eastern Time (US)
> End Time: not before 2021-01-11, 10:00 am Eastern Time (US)
>
> Vote for approval (7 days)
>
> Start Time: TBD
>
> End Time: TBD
>
>
>
> _______________________________________________
>
> Cscwg-public mailing list
>
> Cscwg-public at cabforum.org <mailto:Cscwg-public at cabforum.org>
>
> https://lists.cabforum.org/mailman/listinfo/cscwg-public <https://lists.cabforum.org/mailman/listinfo/cscwg-public>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210108/f710b1fb/attachment-0001.html>
More information about the Cscwg-public
mailing list