[Cscwg-public] Update to Subscriber Private Key Protection Requirements (CSC-6 to CSC-13)
Ian McMillan
ianmcm at microsoft.com
Wed Mar 2 22:55:31 UTC 2022
Thank you, Tim, I really like the structure suggestions here. I've made those updates per your suggestion in the attached copy of the redline document.
I'll note your endorsement.
Cheers,
Ian
From: Tim Hollebeek <tim.hollebeek at digicert.com>
Sent: Wednesday, March 2, 2022 4:57 PM
To: Ian McMillan <ianmcm at microsoft.com>; cscwg-public at cabforum.org; Doug Beattie <doug.beattie at globalsign.com>; Bruce Morton <bruce.morton at entrust.com>
Subject: [EXTERNAL] RE: Update to Subscriber Private Key Protection Requirements (CSC-6 to CSC-13)
I would recommend against using parentheticals to express the deprecation dates, as it makes the sentences more complicated than they need to be. I'd just modify the first sentence of each part so the structure is as follows:
For Non-EV Code Signing Certificates issued prior to November 15, 2022, ...
For EV Code Signing Certificates issued prior to November 15, 2022, ...
Effective November 15, 2022, ...
But otherwise, the updates look good and we are willing to endorse CSC-13.
-Tim
From: Ian McMillan <ianmcm at microsoft.com<mailto:ianmcm at microsoft.com>>
Sent: Wednesday, March 2, 2022 11:31 AM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>; Doug Beattie <doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>>; Bruce Morton <bruce.morton at entrust.com<mailto:bruce.morton at entrust.com>>; Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>
Subject: Update to Subscriber Private Key Protection Requirements (CSC-6 to CSC-13)
Hi Folks,
Attached you will find an updated redline doc of v2.7 of the CSBRs with the updates to the subscriber private key protection requirements as outlined previously in CSC-6. This updated version also includes edits to address issues Doug Beattie raised during the voting period of CSC-6, so I am looking for confirmation from Doug on these edits addressing the concerns he raised.
Additionally, I'm looking to get endorsements on this ballot under CSC 13 - Update to Subscriber Private Key Protection Requirements<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.cabforum.org%2Fcscwg%2Fcsc_13_-_update_to_subscriber_private_key_protection_requirements&data=04%7C01%7Cianmcm%40microsoft.com%7Cd4f1031bc20548d5353008d9fc978390%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637818549960291581%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=K2KcmHbxwQ0sUNuNRmUs709PD16hYnqvPbLB%2BGzExng%3D&reserved=0>, and hope that Bruce and Tim, as previous endorsers can review the edits and endorse the new ballot. Once we have endorsers I'll proceed with the formal ballot process.
Cheers,
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220302/a7deb390/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v2.7+CSC-13_redline_v1.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 167859 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v2.7+CSC-13_redline_v1.docx
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220302/a7deb390/attachment-0001.docx>
More information about the Cscwg-public
mailing list