[Cscwg-public] Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

Ian McMillan ianmcm at microsoft.com
Fri Sep 9 19:37:10 UTC 2022 

Hi Folks,

Per the meeting outcome yesterday and wanting to move quickly, I have drafted up a ballot for discussion and have listed Tim and Bruce as endorsers, but I’ll be looking to confirm their endorsement with the draft ballot now.

Please note that this is based on the v3.1 that is in IPR now and will complete IPR on 09-18-2022 14:00 Eastern Time, so I’ve reflected that date in the “Discussion” period proposed dates. I wasn’t sure we could officially get going earlier, so please correct me if I am wrong.

Thanks,
Ian

Draft Ballot:
cscwg:csc_17_-_subscriber_private_key_protection_extension [CAB Forum Wiki]<https://wiki.cabforum.org/cscwg/csc_17_-_subscriber_private_key_protection_extension>

Purpose of this ballot: This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.1 according to the attached redline which includes the change of the effective date of November 15, 2021, to June 1, 2023, subscriber key protection and verification requirements in the following sections:

*       Section 6.2.7.4.1 Subscriber Private Key protection

*       Section 6.2.7.4.2 Subscriber Private Key verification

*       Section 1.2.2 Relevant Dates

The change to extend the effective date for these sections regarding subscriber private key protection is to provide approximately 1 year of time from the public announcement of the requirement change for all effected parties to implement the changes.

The following motion has been proposed by Ian McMillan of Microsoft and endorsed by Tim Hollebeek of DigiCert and Bruce Morton of Entrust.

MOTION BEGINS

This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” version 3.1 by replacing the entirely of the content of the document with the attached document.

MOTION ENDS

The procedure for approval of this ballot is as follows:

Discussion (7 days)

*       Start Time: 09-18-2022 14:00 Eastern Time

*       End Time: 09-25-2022 14:00 Eastern Time

Vote for approval (7 days)

*       Start Time: TBD

*       End Time: TBD



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220909/7a21fcd5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline-Requirements-for-the-Issuance-and-Management-of-Code-Signing.v3.1-CSC-17-Redline.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 98280 bytes
Desc: Baseline-Requirements-for-the-Issuance-and-Management-of-Code-Signing.v3.1-CSC-17-Redline.docx
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220909/7a21fcd5/attachment-0001.docx>

More information about the Cscwg-public mailing list