[Cscwg-public] Signing Service Update

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Nov 15 07:39:39 UTC 2022

On 4/11/2022 4:08 μ.μ., Bruce Morton wrote:
> Please find attached the proposal for the Signing Service update.
> https://github.com/cabforum/code-signing/pull/12/commits/0ea86c90f90bdd39581f36214dfb6690f09b32de
> @Dimitris Zacharopoulos (HARICA) <mailto:dzacharo at harica.gr>, could 
> you please review sections 8.4.2 and 8.4.3 to make sure I have covered 
> the ETSI audit criteria.

Hi Bruce,

I added a proposed change 
<https://github.com/cabforum/code-signing/pull/12/files#r1022431181> for 
the Time-stamping audit scheme under ETSI.

I have not had time to review the entire PR but I would like to explore 
the option of adding the CEN 419 241 audit scheme as a 3rd option for 
signing services in section 8.4.2 which provides an excellent assurance 
level for service providers managing signing keys on behalf of Subscribers.


> I am looking for any other proposed changes, plus two endorsers.
> Thanks, Bruce.
> /Any email and files/attachments transmitted with it are confidential 
> and are intended solely for the use of the individual or entity to 
> whom they are addressed. If this message has been sent to you in 
> error, you must not copy, distribute or disclose of the information it 
> contains. _Please notify Entrust immediately_ and delete the message 
> from your system./ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20221115/4da79ddb/attachment.html>

More information about the Cscwg-public mailing list