[Cscwg-public] Ballot CSC-8 v2: Update to Revocation response mechanisms and key protection for EV certificates

Ian McMillan ianmcm at microsoft.com
Fri Mar 12 17:22:19 UTC 2021 

Hi Folks,

I received feedback from both Bruce and Dimitris on adding the Common Criteria EAL 4+ to the Signing Service key protection requirements in section 16.2, and we ‘ve cleaned up numbering and formatting irregularities in the document. Please review the attached redline for this ballot.

Cheers,
Ian

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Ian McMillan via Cscwg-public
Sent: Thursday, March 11, 2021 5:37 PM
To: cscwg-public at cabforum.org
Subject: [EXTERNAL] [Cscwg-public] Ballot CSC-8 v2: Update to Revocation response mechanisms and key protection for EV certificates

Ballot CSC-8 v2: Update to Revocation response mechanisms and key protection for EV certificates

Purpose of this ballot:

Address the changes needed in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2 for:


  1.  Making OCSP optional with CRLs being required (13.2.1, 13.2.2, Appendix B: 3C, 5C)
  2.  Added Common Criteria EAL 4+ to the supported key protection crypto modules for EV certificates in light of support for RSA 3072 keys (16.3.2)



Additionally, in Appendix B, it was noted that the requirements for the Timestamping (5C) and Code Signing (3C) certificates had AIA value requirements to include the root certificate URL, but that should be the issuing CA URL. This has been included in this ballot.

The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Dimitris Zacharopoulos of HARICA and Bruce Morton of EnTrust.


--- MOTION BEGINS ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates" version 2.2 according to the attached redline.

--- MOTION ENDS ---

The procedure for approval of this ballot is as follows:

Discussion (7+ days)
Start Time: 2021-03-12, 08:00 Eastern Time (US)
End Time: not before 2021-03-19, 08:00 Eastern Time (US)

Vote for approval (7 days)
Start Time: 2021-03-20, 08:00 Eastern Time (US)
End Time: 2021-03-27, 08:00 Eastern Time (US)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210312/5bf295a7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: baseline_requirements_for_the_issuance_and_management_of_code_signing.v2.2-Ballot_CSC-8_v2.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 140403 bytes
Desc: baseline_requirements_for_the_issuance_and_management_of_code_signing.v2.2-Ballot_CSC-8_v2.docx
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210312/5bf295a7/attachment-0001.docx>

More information about the Cscwg-public mailing list