[Cscwg-public] Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria

Bruce Morton Bruce.Morton at entrust.com
Mon Sep 13 14:15:44 UTC 2021


The review period has ended and no exclusion notices were filed.

The final documents are attached with the effective date being 13 September 2021. The documents can also be found here, https://wiki.cabforum.org/code_signing.

Thanks, Bruce.

From: Bruce Morton
Sent: Friday, August 13, 2021 9:53 AM
To: cscwg-public at cabforum.org
Subject: Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria

Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria
This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's Intellectual Property Rights Policy (v1.2).  This Review Period is for Final Maintenance Guidelines (30 day Review Period).  A complete draft of the Draft Guideline that is the subject of this Review Notice is attached.
Date Review Notice Sent:             August 13, 2021
Ballot for Review:                          Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria
Start of Review Period:                 August 13, 2021 at 14:00 UTC
End of Review Period:                  September 12, 2021 at 14:00 UTC
Please forward any Exclusion Notice relating to Essential Claims to the Chair by email to dean.coclin at digicert.com<mailto:dean.coclin at digicert.com> before the end of the Review Period.  See current version of CA/Browser Forum Intellectual Property Rights Policy for details.

Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria
- MOTION BEGINS -
Delete the following text from Section 17.1:
1. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Publicly Trusted Code Signing Certificates v1.0.1 or newer"; or
2. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Extended Validation Code Signing v1.4.1 or newer"; or
3. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 401 (the latest version of the referenced ETSI documents should be applied); or
4. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements of one of the above schemes or (b) consists of comparable criteria that are available for public review.
Insert the following text to Section 17.1:
1. For Audit Periods starting before 1 November 2020, "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Publicly Trusted Code Signing Certificates v1.0.1 or newer"; or
2. For Audit Periods starting before 1 November 2020, "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Extended Validation Code Signing v1.4.1 or newer"; or
3. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification Authorities - Code Signing Baseline Requirements v2.0 or newer"; or
4. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 401 (the latest version of the referenced ETSI documents should be applied); or
5. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements of one of the above schemes or (b) consists of comparable criteria that are available for public review.
- MOTION ENDS -

Bruce Morton
CA/Browser Forum CSCWG Vice Chair
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210913/276a51bf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v2.5.pdf
Type: application/pdf
Size: 511532 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v2.5.pdf
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210913/276a51bf/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v2.5_redline.pdf
Type: application/pdf
Size: 538612 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v2.5_redline.pdf
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210913/276a51bf/attachment-0003.pdf>


More information about the Cscwg-public mailing list