[Cscwg-public] New companies and EV Code Signing

Bruce Morton Bruce.Morton at entrust.com
Fri Jul 23 13:15:11 UTC 2021

Hi Tim,

I agree that the requirement seems odd, which is probably why the original questions was asked.

I think it would be great if your validation people proposed an update to section 11.1.1, which we could add to a future ballot.

Thanks, Bruce.

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Tim Hollebeek via Cscwg-public
Sent: Thursday, July 22, 2021 12:12 PM
To: cscwg-public at cabforum.org
Subject: [EXTERNAL] [Cscwg-public] New companies and EV Code Signing

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

I'm hearing from our code signing validation people that 11.1.1, which refers to non-EV CS certificates, has a requirement for additional validation for companies less than three years old (we've discussed this recently), but this requirement is missing for EV code signing certificates.

Is that what we want?  It seems very odd that a higher level of validation has fewer requirements.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210723/4db931f7/attachment.html>

More information about the Cscwg-public mailing list