[Cscwg-public] Importing BRs to CSBRs

Tim Hollebeek tim.hollebeek at digicert.com
Tue Jul 11 15:34:39 UTC 2023

Thanks for all this work.  I dropped a nit or two into a review, but would be happy to endorse.


From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Dimitris Zacharopoulos (HARICA) via Cscwg-public
Sent: Tuesday, July 11, 2023 5:22 AM
To: cscwg-public at cabforum.org
Subject: Re: [Cscwg-public] Importing BRs to CSBRs

Dear Members,

With CSBR version 3.3 released, we can proceed with the ballot to import the TLS BRs into the CSBRs. The draft ballot language is available on the wiki<https://url.avanan.click/v2/___https:/wiki.cabforum.org/books/code-signing-certificate-wg/page/csc-19-draft-remove-ssl-br-references___.YXAzOmRpZ2ljZXJ0OmE6bzoxMTViMWE5ZGYzNWQ5ZDQ4ODgxZmNhYjNlMDM2MzU4NTo2OjU0OTM6ZTUxNzMzOWE1ZTE0NDdhMDJmYWIzMjRmODBlNmRmYzM3YmM1NmJlYjU0NjRhY2U1Yjg4MDBiMTAzYWE1MmRhNjpoOkY> and I am still looking for one more endorser.

You can check out the redline following this link:

  *   https://github.com/cabforum/code-signing/pull/16/files#diff-808316a5bc581afeb9178b30e20a9ab01f7d62f9<https://url.avanan.click/v2/___https:/github.com/cabforum/code-signing/pull/16/files%23diff-808316a5bc581afeb9178b30e20a9ab01f7d62f9___.YXAzOmRpZ2ljZXJ0OmE6bzoxMTViMWE5ZGYzNWQ5ZDQ4ODgxZmNhYjNlMDM2MzU4NTo2OjhjMTY6ZjBlMGNjYmY0OGI1NzZlMWQwZTNiYjQ1OGM2YTVlMjEzODBjNmM1NzI2N2EyMzNjOTc5YzYwMDZjOWIwOGJjMDpoOkY>

If you prefer to send comments directly to the pull request, please use https://github.com/cabforum/code-signing/pull/16<https://url.avanan.click/v2/___https:/github.com/cabforum/code-signing/pull/16___.YXAzOmRpZ2ljZXJ0OmE6bzoxMTViMWE5ZGYzNWQ5ZDQ4ODgxZmNhYjNlMDM2MzU4NTo2OjMwOTM6ZDEyZTQ4ZGJjNWE3NGUyMjYxYmU2YmZhODViNDFjNGQyYjM2NGUxYjJhNzA2YTg2NTY0OTEzMmUyNzU1M2Y2ZTpoOkY>.

Thank you,

On 5/4/2023 12:42 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:
Dear Members,

I made some further edits to the imported requirements from the TLS BRs. We can discuss tomorrow at the meeting and if there is agreement we can remove the editorial notes. Please review using the Pull Request link<https://url.avanan.click/v2/___https:/github.com/cabforum/code-signing/pull/16/files___.YXAzOmRpZ2ljZXJ0OmE6bzoxMTViMWE5ZGYzNWQ5ZDQ4ODgxZmNhYjNlMDM2MzU4NTo2OmFlOWI6ODg1MGI3MmMwMDIyZGU4NTIxZDRhZjFjMGE1MWI3ZmQzNzVhM2E5Mzg4NTk1OTg4MjU1ZjJiMjQ4MDQ2M2VhNDpoOkY>.

There is a task that needs to be performed throughout the entire document, and that is to scan for capitalized terms and check/confirm that these terms exist in section 1.6.1 (Definitions). If they do not exist, we must highlight them and then decide whether the term is ok to remain without capitalized letters or if we have to create a definition for them.

Is there anyone that would like to volunteer to work on this specific task?

Best regards,

On 15/12/2022 7:34 μ.μ., Dimitris Zacharopoulos (HARICA) wrote:

As we discussed on today's call, we can start reviewing the EDITOR comments at the upcoming meetings until we address all of them.

Of course Members can comment in parallel on GitHub.

For convenience, I created a Pull Request<https://url.avanan.click/v2/___https:/github.com/cabforum/code-signing/pull/16___.YXAzOmRpZ2ljZXJ0OmE6bzoxMTViMWE5ZGYzNWQ5ZDQ4ODgxZmNhYjNlMDM2MzU4NTo2OmFmYWM6NmQzODJjYTEwNTJlYTNjYjdmOWM5MmVlZTBhNDQxMTVmMWRkZTkzODk3MzZiNzU3NGRmMzNiOGVlYjUyZTQwZDpoOkY> for people to review more easily against the current CSBRs.


On 12/8/2022 2:40 PM, Martijn Katerbarg wrote:
I’ve continued from the point where Dimitris left off. I’ve also given it another pass and updated a few more sections. Every update has an editor note added to it, and is now available in GitHub.

The one section remaining to be done, is section  This section references BR Section 3.2 a number of times, so we appear to need to do a complete comparison of CSCBR Section 3.2 and BR Section 3.2, and import anything that’s “missing but relevant”.

I’ve also discovered 2 potential conflicts, which are called out in the text.  I’ll add github comments on these so we they become more visible to everyone, and people can chime in on the items easily.



From: Cscwg-public <cscwg-public-bounces at cabforum.org><mailto:cscwg-public-bounces at cabforum.org> On Behalf Of Martijn Katerbarg via Cscwg-public
Sent: Monday, 5 December 2022 11:02
To: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr><mailto:dzacharo at harica.gr>; cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: Re: [Cscwg-public] Importing BRs to CSBRs

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Dimitris, I’ll allot time this week to proceed from 7.1.4

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Dimitris Zacharopoulos (HARICA) via Cscwg-public
Sent: Monday, 5 December 2022 10:34
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: Re: [Cscwg-public] Importing BRs to CSBRs

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

I continued to work in this project and imported requirements all the way to section 7.1.4 (without working on 7.1.4) and would appreciate it if someone could pick up from there. The remaining references to a "BR Section" are very few but at the same time the editor must check every BR section that was not explicitly referenced by the CSBRs and import that language.

Please check for additional comments/concerns that need to be addressed, marked with the word "EDITOR".

On 30/10/2022 1:21 μ.μ., Dimitris Zacharopoulos (HARICA) via Cscwg-public wrote:

Dear friends,

With the publication of CSBRs version 3.2, I created a branch and started importing TLS BRs (already completed sections 1 and 2). You can monitor the progress in:

  1.  https://url.avanan.click/v2/___https://github.com/cabforum/code-signing/blob/importTLSBRrefs/docs/CSBR.md___.YXAzOmRpZ2ljZXJ0OmE6bzoxMTViMWE5ZGYzNWQ5ZDQ4ODgxZmNhYjNlMDM2MzU4NTo2Ojg3MzI6MDNlNjIwN2M2ZmUwOGE3ZTUwMzM4MDlkNGVjZThmNDAzYTlkMDc5YWRmMDhlYTI2ZTUzZGFjYzIwMTE3YmUyYTp0OkY<https://url.avanan.click/v2/___https:/github.com/cabforum/code-signing/blob/importTLSBRrefs/docs/CSBR.md___.YXAzOmRpZ2ljZXJ0OmE6bzoxMTViMWE5ZGYzNWQ5ZDQ4ODgxZmNhYjNlMDM2MzU4NTo2OjkyNjI6N2Q4NTQ4ZmFjMzUzMjk4ZDJhMzI1MDYyM2NlMWFlYjRjZTFiODc4Zjc4NzQyNjUxZmFjMzYwMDA0MGI3MTJlNDpoOkY>

Since we will make a full pass of the TLS BRs and EVGs, I believe it is a good opportunity to import the requirements from the latest TLS BRs/EVGs (1.8.4/1.7.9 respectively). If we encounter some controversial requirements between the latest versions and the ones currently referenced that need more discussion, we will bring this back to the WG to discuss/resolve.

Digicert (Corey) and Sectigo (Martijn) have already declared their intent to assist in this process. If there are more volunteers, please reply to this thread so we can possibly break-down the sections.

Please let me know if you have any questions or concerns.

Best regards,



Cscwg-public mailing list

Cscwg-public at cabforum.org<mailto:Cscwg-public at cabforum.org>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20230711/95df185a/attachment-0001.html>

More information about the Cscwg-public mailing list