[Cscwg-public] New companies and EV Code Signing

Tim Hollebeek tim.hollebeek at digicert.com
Fri Jul 23 17:10:10 UTC 2021

Yes, I can draft some text if everyone agrees this is a good idea.




From: Bruce Morton <Bruce.Morton at entrust.com> 
Sent: Friday, July 23, 2021 9:15 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; cscwg-public at cabforum.org
Subject: RE: New companies and EV Code Signing


Hi Tim,


I agree that the requirement seems odd, which is probably why the original
questions was asked.


I think it would be great if your validation people proposed an update to
section 11.1.1, which we could add to a future ballot.


Thanks, Bruce.


From: Cscwg-public <cscwg-public-bounces at cabforum.org
<mailto:cscwg-public-bounces at cabforum.org> > On Behalf Of Tim Hollebeek via
Sent: Thursday, July 22, 2021 12:12 PM
To: cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org> 
Subject: [EXTERNAL] [Cscwg-public] New companies and EV Code Signing


WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the
content is safe.



I'm hearing from our code signing validation people that 11.1.1, which
refers to non-EV CS certificates, has a requirement for additional
validation for companies less than three years old (we've discussed this
recently), but this requirement is missing for EV code signing certificates.


Is that what we want?  It seems very odd that a higher level of validation
has fewer requirements.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210723/6be4da4f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210723/6be4da4f/attachment-0001.p7s>

More information about the Cscwg-public mailing list