[Cscwg-public] DISCUSSION BEGINS: Ballot CSC-18 - Update Revocation Requirements

Bruce Morton Bruce.Morton at entrust.com
Thu Apr 20 12:47:13 UTC 2023


Should we have an effective date on the ballot?

I understand that most changes are clarifications, but this text “The CA SHALL set a historic date as revocationDate if deemed appropriate”, could be a product change a CA must make to allow revocation of the certificate more than once. This would happen when we revoke a certificate at present time, but later determine that we need to perform the revocation again to set a historic date.


Thanks, Bruce.

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Martijn Katerbarg via Cscwg-public
Sent: Thursday, April 20, 2023 4:09 AM
To: cscwg-public at cabforum.org
Subject: [EXTERNAL] Re: [Cscwg-public] DISCUSSION BEGINS: Ballot CSC-18 - Update Revocation Requirements

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Ian has requested an addition to the language. This was pushed this morning (https://github.com/cabforum/code-signing/pull/17/commits/0545bb2a92e99e21e90f0a3d774419358c26672c)

Unless I’m mistaken, due to the language addition, this requires a new call for the discussion period as a v2 ballot. I will send this out over the next few days.

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Martijn Katerbarg via Cscwg-public
Sent: Wednesday, 12 April 2023 16:01
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] DISCUSSION BEGINS: Ballot CSC-18 - Update Revocation Requirements

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Purpose of this ballot: This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.2, Section 4.9.1 - "Circumstances for revocation" in order to align it with the TLS and S/MIME BRs and set stricter requirements for revocation due to Private Key Compromise and use in Suspect Code.
The following motion has been proposed by Martijn Katerbarg of Sectigo and endorsed by Ian McMillan of Microsoft and Bruce Morton of Entrust.
MOTION BEGINS:
This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” ("Code Signing Baseline Requirements") based on version 3.2.
MODIFY the Code Signing Baseline Requirements as specified in the following redline: https://github.com/cabforum/code-signing/pull/17/files#diff-904962f0e52198f4a232d6ef6732d57ccb47433d4bba47b3472d681405360e31
MOTION ENDS
The procedure for approval of this ballot is as follows:
Discussion (7 days)

  *   Start Time: 2023-04-12 16:00 CEST
  *   End Time: Not before 2023-04-19 16:00 CEST
Vote for approval (7 days)

  *   Start Time: TBD
  *   End Time: TBD

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20230420/20545822/attachment-0001.html>


More information about the Cscwg-public mailing list