[Cscwg-public] [EXTERNAL] Re: Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

Ian McMillan ianmcm at microsoft.com
Fri Sep 16 15:32:03 UTC 2022


Hi Inigo,

Please see attached thread, and here is the link to the ballot on the wiki: cscwg:csc_17_-_subscriber_private_key_protection_extension [CAB Forum Wiki]<https://wiki.cabforum.org/cscwg/csc_17_-_subscriber_private_key_protection_extension>.

Thanks,
Ian

From: Inigo Barreira <Inigo.Barreira at sectigo.com>
Sent: Friday, September 16, 2022 10:27 AM
To: Ian McMillan <ianmcm at microsoft.com>; cscwg-public at cabforum.org; Bruce Morton <Bruce.Morton at entrust.com>; Tim Hollebeek <tim.hollebeek at digicert.com>
Subject: RE: [Cscwg-public] [EXTERNAL] Re: Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

Ian, all,

I read the post has been reposted but I can´t find in the email list nor in the cabforum ballots site.
Has this ballot been reposted? Can you point it out to me or resend me the email?

Regards

De: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> En nombre de Ian McMillan via Cscwg-public
Enviado el: sábado, 10 de septiembre de 2022 0:06
Para: Bruce Morton <Bruce.Morton at entrust.com<mailto:Bruce.Morton at entrust.com>>; Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Asunto: Re: [Cscwg-public] [EXTERNAL] Re: Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Great, thank you! I’ve reposted.

Thanks,
Ian

From: Bruce Morton <Bruce.Morton at entrust.com<mailto:Bruce.Morton at entrust.com>>
Sent: Friday, September 9, 2022 3:47 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>; Ian McMillan <ianmcm at microsoft.com<mailto:ianmcm at microsoft.com>>
Subject: RE: [EXTERNAL] Re: [Cscwg-public] Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

I will also endorse, but agree with Tim.

Thanks, Bruce.

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Tim Hollebeek via Cscwg-public
Sent: Friday, September 9, 2022 3:44 PM
To: Ian McMillan <ianmcm at microsoft.com<mailto:ianmcm at microsoft.com>>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [EXTERNAL] Re: [Cscwg-public] Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Still willing to endorse, however Discussion Start Time is the time when you have two endorsers and post the ballot, which is basically now.  I’d recommend fixing that and immediately reposting.

Discussion end time / Voting start time is any time after 7 days from the Discussion Start Time, so voting could start late on the 16th.  You need to repost the ballot on that day after seven full days have elapsed to start officially voting.  I’ll help you with that.

Voting would the end on the 23rd.  The chair has a few days to start IPR, but let’s say that’s September 26th.  30 day IPR would then close October 26th.

Which shows how little slack time we actually have …

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Ian McMillan via Cscwg-public
Sent: Friday, September 9, 2022 3:37 PM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] Draft Ballot CSC 17 - Subscriber Private Key Protection Extension

Hi Folks,

Per the meeting outcome yesterday and wanting to move quickly, I have drafted up a ballot for discussion and have listed Tim and Bruce as endorsers, but I’ll be looking to confirm their endorsement with the draft ballot now.

Please note that this is based on the v3.1 that is in IPR now and will complete IPR on 09-18-2022 14:00 Eastern Time, so I’ve reflected that date in the “Discussion” period proposed dates. I wasn’t sure we could officially get going earlier, so please correct me if I am wrong.

Thanks,
Ian

Draft Ballot:
cscwg:csc_17_-_subscriber_private_key_protection_extension [CAB Forum Wiki]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwiki.cabforum.org%2Fcscwg%2Fcsc_17_-_subscriber_private_key_protection_extension__%3B!!FJ-Y8qCqXTj2!dFinfCgelYN3MHQ7XZAGWove3Vg06ZBumUcR4y9gKz-GG4efVklW8AN6OB_ZV1HQ9B2JgjWoG9vu_x8mdAb1dOnVvIFg%24&data=05%7C01%7Cinigo.barreira%40sectigo.com%7C5e920b81d15a4fd8396108da92af8ac9%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637983579918500195%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ZLNVTTSf47m4y1vmCEmn%2FbbOWtGv1LW9ztYgJ2zxfPU%3D&reserved=0>

Purpose of this ballot: This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.1 according to the attached redline which includes the change of the effective date of November 15, 2021, to June 1, 2023, subscriber key protection and verification requirements in the following sections:

·       Section 6.2.7.4.1 Subscriber Private Key protection

·       Section 6.2.7.4.2 Subscriber Private Key verification

·       Section 1.2.2 Relevant Dates

The change to extend the effective date for these sections regarding subscriber private key protection is to provide approximately 1 year of time from the public announcement of the requirement change for all effected parties to implement the changes.

The following motion has been proposed by Ian McMillan of Microsoft and endorsed by Tim Hollebeek of DigiCert and Bruce Morton of Entrust.

MOTION BEGINS

This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” version 3.1 by replacing the entirely of the content of the document with the attached document.

MOTION ENDS

The procedure for approval of this ballot is as follows:

Discussion (7 days)

·       Start Time: 09-18-2022 14:00 Eastern Time

·       End Time: 09-25-2022 14:00 Eastern Time

Vote for approval (7 days)

·       Start Time: TBD

·       End Time: TBD



Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220916/f9b2977c/attachment-0001.html>
-------------- next part --------------
An embedded message was scrubbed...
From: Ian McMillan via Cscwg-public <cscwg-public at cabforum.org>
Subject: [EXTERNAL] [Cscwg-public] DISCUSSION BEGINS: Ballot CSC 17 - Subscriber Private Key Protection Extension
Date: Fri, 9 Sep 2022 22:06:03 +0000
Size: 167040
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220916/f9b2977c/attachment-0001.mht>


More information about the Cscwg-public mailing list