[Cscwg-public] New companies and EV Code Signing
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Sat Jul 24 08:12:54 UTC 2021
On 22/7/2021 7:11 μ.μ., Tim Hollebeek via Cscwg-public wrote:
>
> I’m hearing from our code signing validation people that 11.1.1, which
> refers to non-EV CS certificates, has a requirement for additional
> validation for companies less than three years old (we’ve discussed
> this recently), but this requirement is missing for EV code signing
> certificates.
>
> Is that what we want? It seems very odd that a higher level of
> validation has fewer requirements.
>
Hi Tim,
For EV CS certificates there is a direct reference to the EV Guidelines.
Specifically, 11.2.7 of the CSBRs point to EVG 11.6.
EVG 11.6.2 includes language for companies less than three years old. I
recall bringing this up in one of the previous calls where it was
pointed out that it's not necessary for a company to be less than 3
years old if the other verification methods described in 11.6.2 are used.
Hope this helps.
Dimitris.
> -Tim
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210724/85879606/attachment.html>
More information about the Cscwg-public
mailing list