[cabfpub] Ballot 117 - EV Code Signing Guidelines Corrections

Moudrick M. Dadashov md at ssc.lt
Wed Mar 19 18:07:28 UTC 2014


SSC votes: "Yes".

Thanks,
M.D.

On 3/10/2014 6:24 PM, Ben Wilson wrote:
>
> Ballot 117 - EV Code Signing Guidelines Corrections
>
> Jeremy Rowley of DigiCert made the following motion, and Iñigo 
> Barreira of Izenpe and Rick Andrews of Symantec endorsed it.
>
> There are two issues with the EV code signing guidelines that need 
> correction:
>
> 1.  Section 9.2.2 of the EV code signing guidelines recommends that 
> CAs not include the SAN extension in an EV certificate.  However, 
> section 9.7 requires that an EV certificate include 
> subjectAltName:permanentIdentifier. Because the main concern is that a 
> CA might include a domain name in the SAN extension, we should specify 
> that this practice is not allowed and recognize that other information 
> may be present.
>
> 2.  Because the EV Code Signing Guidelines were originally based on 
> the EV Guidelines for SSL, Section 9.2.3 of the EV code signing 
> guidelines deprecates the CN field.  However, the CABF Code Signing 
> Working Group received a report that this field is still required by 
> code signing applications. We should still include the CN in code 
> signing certificates for the Subscriber's legal name, even though the 
> field is deprecated for use in SSL/TLS certificates.
>
> ---Motion Begins---
>
> Effective immediately:
>
> a.            Replace section 9.2.2 with the following:
>
> "9.2.2    Subject Alternative Name Extension
>
> This field MUST be present and MUST contain the permanentIdentifier 
> specified in Section 9.7. This field MUST NOT contain a Domain Name or 
> IP Address."
>
> b.            Amend section 9.2.3 as follows:
>
> "9.2.2    Subject Common Name Field
>
> Certificate field: subject:commonName (OID 2.5.4.3)
>
> Required/Optional: Required
>
> Contents: This field MUST contain the Subject's legal name as verified 
> under Section 11.2."
>
> ---Motion ends---
>
> Motion Ends
>
> The review period for this ballot shall commence at 2200 UTC on 
> Monday, 10 March 2014, and will close at 2200 UTC on Monday, 17 March 
> 2014.
>
> Unless the motion is withdrawn during the review period, the voting 
> period will start immediately thereafter and will close at 2200 UTC on 
> Monday, 24 March 2014.
>
> Votes must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the response.
>
> A vote against must indicate a clear 'no' in the response.
>
> A vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted.
>
> The latest vote received from any representative of a voting member 
> before the close of the voting period will be counted.
>
> Voting members are listed here: https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and more than one half of the votes 
> cast by members in the browser category must be in favor.
>
> Quorum is currently six (6) members-- at least six members must 
> participate in the ballot, either by voting in favor, voting against, 
> or by abstaining for the vote to be valid.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140319/493100d2/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3663 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140319/493100d2/attachment-0001.p7s>


More information about the Public mailing list