[Cscwg-public] [Voting Period Begins] CSC-24 (v3): Timestamping Private Key Protection

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu May 23 11:57:03 UTC 2024 

HARICA votes "yes" to ballot CSC-24 (v3).



On 20/5/2024 12:05 μ.μ., Martijn Katerbarg via Cscwg-public wrote:
>
> *Purpose of the Ballot*
>
> This ballot updates the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 
> in order to clarify language regarding Timestamp Authority Private Key 
> Protection. The main goals of this ballot are to:
>
>  1. Require Private Keys  associated with newly issued Timestamp
>     Authority Subordinate CA to be stored in offline HSMs
>  2. Require newly issued Timestamp Certificates to be issued from a
>     TSA CA with its Private key storedn in offline HSMs
>  3. Add a requirement to remove Private Keys associated with Timestamp
>     Certificates after a 18 months
>  4. Add a requirement to reject SHA-1 timestamp requests
>
> The following motion has been proposed by Martijn Katerbarg of Sectigo 
> and endorsed by Bruce Morton of Entrust and Ian McMillan of Microsoft.
>
> *MOTION BEGINS*
>
> This ballot updates the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates” ("Code 
> Signing Baseline Requirements") based on version 3.7. MODIFY the Code 
> Signing Baseline Requirements as specified in the following 
> redline:https://github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...61d9426e9025d448a13eb56fa75b9651b2136548 
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fcode-signing%2Fcompare%2Fd431d9104094f2b89f35ed4bf1d64b9a844e762b...61d9426e9025d448a13eb56fa75b9651b2136548&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7Caa1b8192390640ced2f608dc70d613fa%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638509311986804205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AQ8Z9jdMXCd%2FZtJHMaHlONu1OTZWqjz8qOrV13KLQX4%3D&reserved=0> 
>
>
> *MOTION ENDS*
>
> The procedure for this ballot is as follows:
>
> Discussion (7 days)
>
>   * Start Time: 2024-05-10 10:45 UTC
>   * End Time: Not before 2024-05-2009:05 UTC
>
> Vote for approval (7 days)
>
>   * Start Time: 2024-05-20 09:05 UTC
>   * End Time:2024-05-27 09:05 UTC
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240523/214be12e/attachment.html>

More information about the Cscwg-public mailing list