[Cscwg-public] [External Sender] Re: Ballot CSC-25: Import EV Guidelines into the Code Signing Baseline Requirements

Adriano Santoni adriano.santoni at staff.aruba.it
Thu Jun 13 12:55:56 UTC 2024 

Dimitris,

we are not against this ballot, per se, but I wonder what is the point 
of regulating EV code signing certificates considering that "Starting 
February 2024, Microsoft will no longer accept or recognize EV Code 
Signing Certificates" [1] and there are no platforms other than Windows 
that treat EV code signing certificates differently than plain (non-EV) 
code signing certificates, at least as far as I know (I could be wrong).

Adriano

[1] 
https://learn.microsoft.com/en-us/security/trusted-root/program-requirements


Il 12/06/2024 09:09, Dimitris Zacharopoulos (HARICA) via Cscwg-public ha 
scritto:
> NOTICE: Pay attention - external email - Sender is 
> 010001900b48090a-44470727-22cc-4fbc-a44e-c7eab85c5cd8-000000 at amazonses.com 
>
>
>
>
> Members can also review the INFORMATIVE attached documents, which are 
> produced by the automated markdown to PDF/DOCX conversion process, 
> implemented by the Infrastructure Subcommittee.
>
> Dimitris.
>
> On 12/6/2024 10:04 π.μ., Dimitris Zacharopoulos (HARICA) via 
> Cscwg-public wrote:
>>
>>
>>   CSC-25 Import EV Guidelines into the Code Signing Baseline Requirements
>>
>>
>>     *Purpose of the Ballot*
>>
>> This ballot updates the “Baseline Requirements for the Issuance and 
>> Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 
>> in order to clarify language regarding Timestamp Authority Private 
>> Key Protection. The main goals of this ballot are to:
>>
>>  1. Import all CSBR references that point to the EV Guidelines with
>>     the actual language of corresponding sections of version 1.8.0 of
>>     the EV Guidelines, in order to remove external dependencies.
>>  2. The Code Signing Working Group decided not to import rules
>>     related to the subject:organizationIdentifier field.
>>
>> The following motion has been proposed by Dimitris Zacharopoulos of 
>> HARICA and endorsed by Martijn Katerbarg of Sectigo and Corey Bonnell 
>> of Digicert.
>>
>> You can view the github pull request representing this ballot here 
>> <https://github.com/cabforum/code-signing/pull/38>.
>>
>>
>>     Motion Begins
>>
>> MODIFY the “Baseline Requirements for the Issuance and Management of 
>> Publicly‐Trusted Code Signing Certificates” ("Code Signing Baseline 
>> Requirements") based on version 3.7 as specified in the following 
>> redline:
>>
>>   * https://github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...d5af6d895b3666b5351509ad25d47ac5e87321fc
>>
>>
>>     Motion Ends
>>
>> This ballot proposes a Final Maintenance Guideline. The procedure for 
>> approval of this ballot is as follows:
>>
>>
>>         Discussion (at least 7 days)
>>
>>   * Start time: 2024-06-12 07:00:00 UTC
>>   * End time: on or after 2024-06-19 07:00:00 UTC
>>
>>
>>         Vote for approval (7 days)
>>
>>   * Start time: TBD
>>   * End time: TBD
>>
>>
>>
>> _______________________________________________
>> Cscwg-public mailing list
>> Cscwg-public at cabforum.org
>> https://lists.cabforum.org/mailman/listinfo/cscwg-public
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240613/45d355b9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240613/45d355b9/attachment.p7s>

More information about the Cscwg-public mailing list