[Cscwg-public] [EXTERNAL] Re: Ballot CSC-9 - Spring 2021 Cleanup and Clarification

Bruce Morton Bruce.Morton at entrust.com
Fri Jul 23 12:59:33 UTC 2021

Hi Dimitris,

I agree that we should discuss using reserved certificate policy OIDs in Subscriber certificates in a future ballot. I assume that since Microsoft required the reserved certificate policy OIDs for SSL certificate, they might have a similar interest for Code Signing and Time-stamping. In addition, I feel that the reserved certificate policy OIDs give simple search items to sort out these certificates.

At a minimum, we should state in section 9.3.4 that the CA may also add the reserved certificate policy OID to their certificates.

Thanks, Bruce.

From: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
Sent: Friday, July 23, 2021 3:09 AM
To: Bruce Morton <Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
Subject: [EXTERNAL] Re: [Cscwg-public] Ballot CSC-9 - Spring 2021 Cleanup and Clarification

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
Hi Bruce,

Please notice that in the table of relevant dates, it would be best to add the deadline for the SHA1 change to Apr 30, 2022 in Appendix A. You an do that after the ballot passes according to our Bylaws.

For Appendix B (3) and (5), I realize that despite having identified CABF reserved policy OIDs, we don't want to enforce those to code signing and timestamping certificates, at least not yet. Is this something to discuss at a future ballot?

On 20/7/2021 6:25 μ.μ., Bruce Morton via Cscwg-public wrote:
Ballot CSC-9: Spring 2021 Cleanup and Clarification

Purpose of this ballot:
Cleanup and clarify requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.3.
The following motion has been proposed by Bruce Morton, and endorsed by Ian McMillan of Microsoft and Corey Bonnell of DigiCert.

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 2.3 according to the following redline.
Baseline Requirements for the Issuance and Management of Code Signing Ballot CSC-9<https://urldefense.com/v3/__https:/wiki.cabforum.org/_media/cscwg/baseline_requirements_for_the_issuance_and_management_of_code_signing_csc-9_redline.pdf__;!!FJ-Y8qCqXTj2!IbPmIk_cdylfKxUnq6enmBP1jJ0i9LoYktw5X7THSgYmOYmdFFH3zBlPhnwYVUbM3a8$>

The procedure for approval of this ballot is as follows:
Discussion (7 days) Start Time: 2021-07-20, 11:30 Eastern Time (US) End Time: not before 2021-07-27, 11:30 Eastern Time (US)
Vote for approval (7 days) Start Time:


Cscwg-public mailing list

Cscwg-public at cabforum.org<mailto:Cscwg-public at cabforum.org>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210723/39c61236/attachment-0001.html>

More information about the Cscwg-public mailing list