[Cscwg-public] Ballot CSC-8 v2: Update to Revocation response mechanisms and key protection for EV certificates

Ian McMillan ianmcm at microsoft.com
Fri Mar 12 01:36:36 UTC 2021 

Ballot CSC-8 v2: Update to Revocation response mechanisms and key protection for EV certificates

Purpose of this ballot:

Address the changes needed in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2 for:


  1.  Making OCSP optional with CRLs being required (13.2.1, 13.2.2, Appendix B: 3C, 5C)
  2.  Added Common Criteria EAL 4+ to the supported key protection crypto modules for EV certificates in light of support for RSA 3072 keys (16.3.2)



Additionally, in Appendix B, it was noted that the requirements for the Timestamping (5C) and Code Signing (3C) certificates had AIA value requirements to include the root certificate URL, but that should be the issuing CA URL. This has been included in this ballot.

The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Dimitris Zacharopoulos of HARICA and Bruce Morton of EnTrust.


--- MOTION BEGINS ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates" version 2.2 according to the attached redline.

--- MOTION ENDS ---

The procedure for approval of this ballot is as follows:

Discussion (7+ days)
Start Time: 2021-03-12, 08:00 Eastern Time (US)
End Time: not before 2021-03-19, 08:00 Eastern Time (US)

Vote for approval (7 days)
Start Time: 2021-03-20, 08:00 Eastern Time (US)
End Time: 2021-03-27, 08:00 Eastern Time (US)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210312/c6cd104d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: baseline_requirements_for_the_issuance_and_management_of_code_signing.v2.2-Ballot_CSC-8.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 133084 bytes
Desc: baseline_requirements_for_the_issuance_and_management_of_code_signing.v2.2-Ballot_CSC-8.docx
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210312/c6cd104d/attachment-0001.docx>

More information about the Cscwg-public mailing list