[Cscwg-public] [EXTERNAL] [Voting begins] Ballot CSC-25: Import EV Guidelines into the Code Signing Baseline Requirements

Wed Jun 19 15:59:19 UTC 2024

On 19/6/2024 6:49 μ.μ., Ian McMillan wrote:
>
> Dimitris,
>
> One thing that is a bit out of sorts here is the in the first line of 
> the “Purpose of the Ballot” stating this ballot is to clarify language 
> regarding the Timestamp Authority Private Key Protection. I know this 
> ballot is not doing that and the following line that outlines the 
> goals clarifies this ballot is for importing the EV guidelines into 
> the CSBRs so I don’t feel this is an issue.
>

You are absolutely right, apologies for the copy-paste leftover. Indeed, 
the main goals of the ballot in the second sentence are setting the 
scope correctly.

Thank you Ian,
Dimitris.

> On the behalf of Microsoft, I vote “YES” to ballot CSC-25.
>
> Cheers,
>
> Ian
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf Of 
> *Dimitris Zacharopoulos (HARICA) via Cscwg-public
> *Sent:* Wednesday, June 19, 2024 6:16 AM
> *To:* cscwg-public at cabforum.org
> *Subject:* [EXTERNAL] [Cscwg-public] [Voting begins] Ballot CSC-25: 
> Import EV Guidelines into the Code Signing Baseline Requirements
>
> Voting begins for this ballot.
>
>
>   CSC-25 Import EV Guidelines into the Code Signing Baseline Requirements
>
>
>     *Purpose of the Ballot*
>
> This ballot updates the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 
> in order to clarify language regarding Timestamp Authority Private Key 
> Protection. The main goals of this ballot are to:
>
>  1. Import all CSBR references that point to the EV Guidelines with
>     the actual language of corresponding sections of version 1.8.0 of
>     the EV Guidelines, in order to remove external dependencies.
>  2. The Code Signing Working Group decided not to import rules related
>     to the subject:organizationIdentifier field.
>
> The following motion has been proposed by Dimitris Zacharopoulos of 
> HARICA and endorsed by Martijn Katerbarg of Sectigo and Corey Bonnell 
> of Digicert.
>
> You can view the github pull request representing this ballot here 
> <https://github.com/cabforum/code-signing/pull/38>.
>
>
>     Motion Begins
>
> MODIFY the “Baseline Requirements for the Issuance and Management of 
> Publicly‐Trusted Code Signing Certificates” ("Code Signing Baseline 
> Requirements") based on version 3.7 as specified in the following redline:
>
>   * https://github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...d5af6d895b3666b5351509ad25d47ac5e87321fc
>
>
>
>     Motion Ends
>
> This ballot proposes a Final Maintenance Guideline. The procedure for 
> approval of this ballot is as follows:
>
>
>         Discussion (at least 7 days)
>
>   * Start time: 2024-06-12 07:00:00 UTC
>   * End time: on or after 2024-06-19 07:00:00 UTC
>
>
>         Vote for approval (7 days)
>
>   * Start time: 2024-06-19 10:15:00 UTC
>   * End time: 2024-06-26 10:15:00 UTC
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240619/62f16d0d/attachment.html>