[Cscwg-public] Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

Tim Hollebeek tim.hollebeek at digicert.com
Fri Sep 9 19:43:27 UTC 2022


Still willing to endorse, however Discussion Start Time is the time when you have two endorsers and post the ballot, which is basically now.  I’d recommend fixing that and immediately reposting.

Discussion end time / Voting start time is any time after 7 days from the Discussion Start Time, so voting could start late on the 16th.  You need to repost the ballot on that day after seven full days have elapsed to start officially voting.  I’ll help you with that.

Voting would the end on the 23rd.  The chair has a few days to start IPR, but let’s say that’s September 26th.  30 day IPR would then close October 26th.

Which shows how little slack time we actually have …

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Ian McMillan via Cscwg-public
Sent: Friday, September 9, 2022 3:37 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

Hi Folks,

Per the meeting outcome yesterday and wanting to move quickly, I have drafted up a ballot for discussion and have listed Tim and Bruce as endorsers, but I’ll be looking to confirm their endorsement with the draft ballot now.

Please note that this is based on the v3.1 that is in IPR now and will complete IPR on 09-18-2022 14:00 Eastern Time, so I’ve reflected that date in the “Discussion” period proposed dates. I wasn’t sure we could officially get going earlier, so please correct me if I am wrong.

Thanks,
Ian

Draft Ballot:
cscwg:csc_17_-_subscriber_private_key_protection_extension [CAB Forum Wiki]<https://wiki.cabforum.org/cscwg/csc_17_-_subscriber_private_key_protection_extension>

Purpose of this ballot: This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.1 according to the attached redline which includes the change of the effective date of November 15, 2021, to June 1, 2023, subscriber key protection and verification requirements in the following sections:

*       Section 6.2.7.4.1 Subscriber Private Key protection

*       Section 6.2.7.4.2 Subscriber Private Key verification

*       Section 1.2.2 Relevant Dates

The change to extend the effective date for these sections regarding subscriber private key protection is to provide approximately 1 year of time from the public announcement of the requirement change for all effected parties to implement the changes.

The following motion has been proposed by Ian McMillan of Microsoft and endorsed by Tim Hollebeek of DigiCert and Bruce Morton of Entrust.

MOTION BEGINS

This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” version 3.1 by replacing the entirely of the content of the document with the attached document.

MOTION ENDS

The procedure for approval of this ballot is as follows:

Discussion (7 days)

*       Start Time: 09-18-2022 14:00 Eastern Time

*       End Time: 09-25-2022 14:00 Eastern Time

Vote for approval (7 days)

*       Start Time: TBD

*       End Time: TBD



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220909/2e0d0c48/attachment-0001.html>


More information about the Cscwg-public mailing list