[Cscwg-public] IPR Review Complete: Ballot CSC-14 - Convert Code Signing Baseline Requirements to RFC 3647 Framework

Dean Coclin dean.coclin at digicert.com
Thu Jun 30 18:05:59 UTC 2022


The IPR review period ended on June 25, 2022 and no exclusion notices were
filed.



The final document, CSBR 3.0 is attached, and is effective as of June 29,
2022.



Dean Coclin

Code Signing Certificate Working Group Chair



From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Bruce
Morton via Cscwg-public
Sent: Thursday, May 26, 2022 1:44 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Notice of IPR Review Period: Ballot CSC-14 - Convert
Code Signing Baseline Requirements to RFC 3647 Framework



NOTICE OF REVIEW PERIOD

This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’
s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days
is for two Final Maintenance Guidelines. The complete Draft Maintenance
Guidelines that are the subject of this Review Notice are attached to this
email, both in red-line and changes-accepted draft format, in Word and PDF
versions.



Summary of Review


Ballot for Review

Ballot CSC-14 - Convert Code Signing Baseline Requirements to RFC 3647
Framework


Start of Review Period

26 May 2022 at 18:00 UTC


End of Review Period

25 June 2022 at 18:00 UTC



Members with any Essential Claim(s) to exclude must forward a written Notice
to Exclude Essential Claims to the Working Group Chair (email to
dean.coclin at digicert.com <mailto:dean.coclin at digicert.com>  ) and also
submit a copy to the CA/B Forum public mailing list (email to
cscwg-public at cabform.org <mailto:cscwg-public at cabform.org>  ) before the end
of the Review Period.

For details, please see the current version of the CA/Browser Forum
Intellectual Property Rights Policy
<https://urldefense.com/v3/__https:/cabforum.org/wp-content/uploads/CABF-IPR
-Policy-v.1.3_4APR18.pdf__;!!FJ-Y8qCqXTj2!IIcC1cymYvD-x1EtkcMMowAMqmlw9GDlYO
wH-TWnqUAkMA6IThBuvUpYdTygF8c2qMw$> .

(An optional template for submitting an Exclusion Notice is available at
https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf
<https://urldefense.com/v3/__https:/cabforum.org/wp-content/uploads/Template
-for-Exclusion-Notice.pdf__;!!FJ-Y8qCqXTj2!IIcC1cymYvD-x1EtkcMMowAMqmlw9GDlY
OwH-TWnqUAkMA6IThBuvUpYdTyg-gU5mgo$> )



From: Bruce Morton
Sent: Wednesday, May 25, 2022 10:05 AM
To: cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
Subject: Voting Results: Ballot CSC-14 - Convert Code Signing Baseline
Requirements to RFC 3647 Framework



Voting has closed on CSCWG-14 and the ballot has passed.



Voting Results

Certificate Issuers

10 votes total, with 1 abstention:

*	9 Yes votes: Actalis, Certum (Asseco), DigiCert, eMudhra, Entrust,
GlobalSign, HARICA, SSL.com, SecureTrust
*	0 No votes
*	1 Abstention: Sectigo



Certificate Consumers

1 vote total, with no abstentions

*	1 Yes vote: Microsoft
*	0 No votes
*	0 Abstentions



Bylaw Requirements

1.     Bylaw 2.3(f) requires:

・      A "yes" vote by two-thirds of Certificate Issuer votes and by
50%-plus-one of Certificate Consumer votes. Votes to abstain are not counted
for this purpose.
This requirement was MET for Certificate Issuers and MET for Certificate
Consumers.

・      At least one Certificate Issuer and one Certificate Consumer Member
must vote in favor of a ballot for the ballot to be adopted.
This requirement was MET.

2.    Bylaw 2.3(g) requires that a ballot result only be considered valid
when “more than half of the number of currently active Members has
participated”. Votes to abstain are counted in determining quorum. Half of
the currently active members at the start of voting was 4, so the quorum was
5 for this ballot.
This requirement was MET.



This ballot now enters the IP Rights Review Period to permit members to
review the ballot for relevant IP rights issues.





Bruce.



From: Cscwg-public <cscwg-public-bounces at cabforum.org
<mailto:cscwg-public-bounces at cabforum.org> > On Behalf Of Corey Bonnell via
Cscwg-public
Sent: Tuesday, May 17, 2022 1:30 PM
To: cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
Subject: [EXTERNAL] [Cscwg-public] Voting period begins: Ballot CSC-14 -
Convert Code Signing Baseline Requirements to RFC 3647 Framework



WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the
content is safe.

  _____

Convert Code Signing Baseline Requirements to RFC 3647 Framework



Purpose of this ballot:

RFC 3647 defines a standard framework for outlining the obligations of
participants in a PKI. Following the recommended framework as specified in
RFC 3647 allows for easier comparison of “The Baseline Requirements for the
Issuance and Management of Publicly‐Trusted Code Signing Certificates”
with other policy documents, most notably work products of other CA/Browser
Forum working groups and individual Certification Authority Certificate
Policies and Certification Practice Statements. This ballot restates all
existing obligations and requirements that are contained in The Baseline
Requirements for the Issuance and Management of Publicly‐Trusted Code
Signing Certificates” in the outline recommended by RFC 3647.



The following motion has been proposed by Corey Bonnell of DigiCert and
endorsed by Ian McMillan of Microsoft and Dimitris Zacharopoulos of HARICA.



MOTION BEGINS

This ballot updates the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates” version 2.8 by
replacing the entirely of the content of the document with the attached
document.

MOTION ENDS

The procedure for approval of this ballot is as follows:

Discussion (7 days)

Start Time: 2022-05-10 16:45 UTC

End Time: 2022-05-17 17:30 UTC



Vote for approval (7 days)

Start Time: 2022-05-17 17:30 UTC

End Time: 2022-05-24 17:30 UTC





Any email and files/attachments transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If this message has been sent to you in error, you must not copy,
distribute or disclose of the information it contains. Please notify Entrust
immediately and delete the message from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220630/b26cff02/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline-Requirements-for-the-Issuance-and-Management-of-Code-Signing.v3.0.pdf
Type: application/pdf
Size: 189979 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220630/b26cff02/attachment-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220630/b26cff02/attachment-0001.p7s>


More information about the Cscwg-public mailing list