[Cscwg-public] [EXTERNAL]Re: Ballot CSC-7: Update to merge EV and Non-EV clauses

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Mon Jan 11 06:40:26 UTC 2021 


On 8/1/2021 10:22 π.μ., Dimitris Zacharopoulos (HARICA) via Cscwg-public 
wrote:
> On 7/1/2021 10:28 μ.μ., Bruce Morton wrote:
>>
>> Hi Dimitris,
>>
>> Can you please propose a text change to help fix the issue?
>>
>
> Sure, I will try to get something on the list early next week.

Attached. I also updated table 2.2 adding these two dates as new rows. 
Please review.


Best regards,
Dimitris.

>
>
> Dimitris.
>
>
>> Thanks, Bruce.
>>
>> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
>> *Sent:* Thursday, January 7, 2021 2:33 AM
>> *To:* Bruce Morton <Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
>> *Subject:* [EXTERNAL]Re: [Cscwg-public] Ballot CSC-7: Update to merge 
>> EV and Non-EV clauses
>>
>> *WARNING:* This email originated outside of Entrust.
>> *DO NOT CLICK* links or attachments unless you trust the sender and 
>> know the content is safe.
>>
>> ------------------------------------------------------------------------
>>
>>
>> Bruce,
>>
>> Some of my concerns raised in 2020-12-16 are still unaddressed.
>>
>> 14.1 still seems to be a bit ambiguous. It points directly to the EV 
>> Guidelines section 14.1 but does it also apply for Employees that vet 
>> non-EV Code Signing? The answer seems to be "yes" which makes non-EV 
>> CS issuers non-conformant as soon as this becomes effective.
>>
>> The same applies for 16.2. We need an effective date for non-EV 
>> issuers to migrate to the stronger EV requirements.
>>
>> I would be fine with any effective date. 2021-06-01 seems to be an 
>> effective date for some changes regarding the key sizes so CAs 
>> already have their attention to this deadline. I suggest we have 
>> those two requirements phased-in for non-EV code signing certificate 
>> issuers.
>>
>>
>> Dimitris.
>>
>> On 4/1/2021 4:52 μ.μ., Bruce Morton via Cscwg-public wrote:
>>
>>     *Ballot CSC-7: Update to merge EV and Non-EV clauses*
>>
>>     Purpose of the Ballot:
>>
>>     The CSC-2 merger of the Code Signing BRs and the EV Code Signing
>>     Guidelines was done without technical changes. The result is that
>>     we have some sections where there is different text for Non-EV
>>     and EV Code Signing certificates. In many cases there was no
>>     reason to have two different requirements. In other cases, it
>>     made sense that they both have the same requirement. There were
>>     of course some items where EV is different and these clauses were
>>     not touched for now. These items were all discussed in our
>>     bi-weekly meetings. Other minor changes were the adding in a
>>     table for document revision and history and another table for
>>     effective dates within the BRs. There were also some errors
>>     corrected from the merger.
>>
>>     The following motion has been proposed by Bruce Morton of
>>     Entrust, and endorsed by Dimitris Zacharopoulos of HARICA and
>>     Dean Coclin of DigiCert.
>>
>>     --- MOTION BEGINS ---
>>
>>     This ballot modifies the “Baseline Requirements for the Issuance
>>     and Management of Publicly‐Trusted Code Signing Certificates"
>>     version 2.1 according to the attached redline.
>>
>>     --- MOTION ENDS ---
>>
>>     The procedure for approval of this ballot is as follows:
>>
>>     Discussion (7+ days)
>>     Start Time: 2021-01-04, 10:00 am Eastern Time (US)
>>     End Time: not before 2021-01-11, 10:00 am Eastern Time (US)
>>
>>     Vote for approval (7 days)
>>
>>     Start Time: TBD
>>
>>     End Time: TBD
>>
>>
>>
>>     _______________________________________________
>>
>>     Cscwg-public mailing list
>>
>>     Cscwg-public at cabforum.org  <mailto:Cscwg-public at cabforum.org>
>>
>>     https://lists.cabforum.org/mailman/listinfo/cscwg-public  <https://lists.cabforum.org/mailman/listinfo/cscwg-public>
>>
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210111/484cca33/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing - CSC-7 v4.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 128680 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210111/484cca33/attachment-0001.docx>

More information about the Cscwg-public mailing list