[Cscwg-public] Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria

Corey Bonnell Corey.Bonnell at digicert.com
Mon Sep 13 15:11:00 UTC 2021 

The website has been updated
(https://cabforum.org/2021/08/13/ballot-csc-10-webtrust-csbr-v2-0-audit-crit
eria/, https://cabforum.org/baseline-requirements-code-signing/) with the
results of the IPR review and the latest document version.

 

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Bruce
Morton via Cscwg-public
Sent: Monday, September 13, 2021 10:16 AM
To: cscwg-public at cabforum.org
Subject: Re: [Cscwg-public] Notice of Review Period - Ballot CSC-10 -
WebTrust CSBR v2.0 Audit Criteria

 

The review period has ended and no exclusion notices were filed.

 

The final documents are attached with the effective date being 13 September
2021. The documents can also be found here,
https://wiki.cabforum.org/code_signing.

 

Thanks, Bruce.

 

From: Bruce Morton 
Sent: Friday, August 13, 2021 9:53 AM
To: cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org> 
Subject: Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit
Criteria

 

Notice of Review Period - Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria

This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum's
Intellectual Property Rights Policy (v1.2).  This Review Period is for Final
Maintenance Guidelines (30 day Review Period).  A complete draft of the
Draft Guideline that is the subject of this Review Notice is attached.

Date Review Notice Sent:             August 13, 2021

Ballot for Review:                          Ballot CSC-10 - WebTrust CSBR
v2.0 Audit Criteria

Start of Review Period:                 August 13, 2021 at 14:00 UTC

End of Review Period:                  September 12, 2021 at 14:00 UTC

Please forward any Exclusion Notice relating to Essential Claims to the
Chair by email to dean.coclin at digicert.com <mailto:dean.coclin at digicert.com>
before the end of the Review Period.  See current version of CA/Browser
Forum Intellectual Property Rights Policy for details.

 

Ballot CSC-10 - WebTrust CSBR v2.0 Audit Criteria

- MOTION BEGINS -

Delete the following text from Section 17.1:

1. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification
Authorities - Publicly Trusted Code Signing Certificates v1.0.1 or newer";
or

2. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification
Authorities - Extended Validation Code Signing v1.4.1 or newer"; or

3. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 401
(the latest version of the referenced ETSI documents should be applied); or

4. If a Government CA is required by its Certificate Policy to use a
different internal audit scheme, it MAY use such scheme provided that the
audit either (a) encompasses all requirements of one of the above schemes or
(b) consists of comparable criteria that are available for public review.

Insert the following text to Section 17.1:

1. For Audit Periods starting before 1 November 2020, "WebTrust for CAs v2.0
or newer" AND "WebTrust for Certification Authorities - Publicly Trusted
Code Signing Certificates v1.0.1 or newer"; or

2. For Audit Periods starting before 1 November 2020, "WebTrust for CAs v2.0
or newer" AND "WebTrust for Certification Authorities - Extended Validation
Code Signing v1.4.1 or newer"; or

3. "WebTrust for CAs v2.0 or newer" AND "WebTrust for Certification
Authorities - Code Signing Baseline Requirements v2.0 or newer"; or

4. ETSI EN 319 411-1, which includes normative references to ETSI EN 319 401
(the latest version of the referenced ETSI documents should be applied); or

5. If a Government CA is required by its Certificate Policy to use a
different internal audit scheme, it MAY use such scheme provided that the
audit either (a) encompasses all requirements of one of the above schemes or
(b) consists of comparable criteria that are available for public review.

- MOTION ENDS -

 

Bruce Morton

CA/Browser Forum CSCWG Vice Chair

Any email and files/attachments transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If this message has been sent to you in error, you must not copy,
distribute or disclose of the information it contains. Please notify Entrust
immediately and delete the message from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210913/23f547cf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210913/23f547cf/attachment-0001.p7s>

More information about the Cscwg-public mailing list