[cabfpub] Ballot 132 - EV Code Signing Timestamp Validity Period

Wed Sep 10 08:22:44 UTC 2014

ANF AC votes yes.

ANF Autoridad de Certificación

*Enric Castillo*
Director Técnico
+34 626818285
+593 0 987684866
ANF Autoridad de Certificación
www.anf.es <https://www.anf.es>

*Aviso*

Este mensaje se dirige exclusivamente a su destinatario y puede contener
información privilegiada o confidencial y/o datos de carácter personal,
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y
la Ley de Servicios de la Sociedad de la Información. Si usted no es el
destinatario indicado (o el responsable de la entrega al mismo), no debe
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha
recibido este mensaje por error o lo ha conseguido por otros medios, le
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda
a su eliminación irreversible. Las opiniones, conclusiones y demás
informaciones incluidas en este mensaje que no estén relacionadas con
asuntos profesionales de ANF Autoridad de Certificación no están
respaldadas por la empresa.

El 02/09/2014 18:30, Ben Wilson escribió:
>
> *Ballot 132 - EV Code Signing Timestamp Validity Period*
>
> *Rationale for Ballot 132*
>
> 1. Ideally, TSA services should be consistent across the multiple
> services that rely on them (Code Signing, EV Code Signing, AATLs, etc.)
>
> 2. Time stamps are used not just to time-stamp code, but other
> objects, such as signed financial reports and other digital objects.
>
> 3 The EV Guidelines and some government archival systems require that
> signatures be capable of automatic verification for approximately ten
> years.
>
> 4. When the EV Guidelines for code signing were developed, it was
> thought that a 123-month period would provide a three-month cushion
> (120 months plus 3). But because the BRs for Code Signing anticipate
> that a new key pair will be cycled every 15 months, then a 15-month
> period should be added to the 10-year TSA certificate validity, not
> just for code signing, but for all other uses where those extra months
> can add a longer period for automatic validation of the time-stamp.
> This would equal 135 months (120 months plus 15).  
>
> 5. A longer validity period for the TSA certificate is also justified
> because the requirement of a new key pair every 15 months will reduce
> the risk severity due to a key compromise.
>
> 6. There are additional reasons to allow a longer period, including
> from Japan, the time-stamping regulations of the METI pursuant to
> Article 435 of the Japanese Companies Act, subsection 2 (Preparation
> and Retention of Financial Statements, etc.), subsection 4 (financial
> schedules to be retained for ten years from the time of preparation).
> See http://www.dekyo.or.jp/tb/english/index.html
>
> Steve Roylance of Globalsign made the following motion and Ben Wilson
> of Digicert and Rob Stradling of Comodo endorsed it:
>
> --Motion Begins --
>
> In Sections 8.2.1 and 9.4 of the EV Code Signing Guidelines replace
> "one hundred and twenty three months" with "one hundred and thirty
> five months" (in three places in each section) as follows:
>
> 8.2.1 Implementation
>
> Each Issuer MUST develop, implement, enforce, display prominently on
> its Web site, and periodically update as necessary its own auditable
> EV Code Signing Object practices, policies and procedures, such as a
> Certification Practice Statement (CPS) and Certificate Policy (CP) that:
>
> (A) Implement the requirements of these Guidelines as they are revised
> from time-to-time;
>
> (B) Implement the requirements of (i) the then-current WebTrust
> Program for CAs, and (ii) the then-current WebTrust EV Program or ETSI
> TS 102 042 V2.1.1; and
>
> (C) Specify the Issuer's (and applicable Root CA's) entire root
> certificate hierarchy including all roots that its EV Code Signing
> Certificates depend on for proof of those EV Code Signing
> Certificates' authenticity. With the exception of revocation checking
> for time-stamped and expired certificates, platforms are expected to
> validate signed code in accordance with RFC 5280.
>
> When a platform encounters a certificate that fails to validate due to
> revocation, the platform should reject the code. When a platform
> encounters a certificate that fails to validate for reasons other than
> revocation, the platform should treat the code as it would if it had
> been unsigned. Ordinarily, a code signature created by a Subscriber
> may be considered valid for a period of up to thirty-nine months.
> However, a code signature may be treated as valid for a period of up
> to one hundred and _thirty five_ twenty three months by means of one
> of the following methods:   the "Timestamp" method or the "Signing
> Authority" method.
>
> (A) Timestamp Method: In this method, the Subscriber signs the code,
> appends its EV Code Signing Certificate (whose expiration time is less
> than thirty-nine months in the future) and submits it to an EV
> Timestamp Authority to be time-stamped. The resulting package can be
> considered valid up to the expiration time of the timestamp
> certificate (which may be up to one hundred and _thirty five_ twenty
> three months in the future).
>
> (B) Signing Authority Method: In this method, the Subscriber submits
> the code, or a digest of the code, to an EV Signing Authority for
> signature. The resulting signature is valid up to the expiration time
> of the Signing Authority certificate (which may be up to one hundred
> and _thirty five_ twenty three months in the future).
>
> 9.4 Maximum Validity Period For EV Code Signing Certificate
>
> Code may be signed at any point in the development or distribution
> process, either by a software publisher or a user organization. Signed
> code may be verified at any time, including during: download,
> unpacking, installation, reinstallation, or execution, or during a
> forensic investigation. Subscribers may obtain an EV Code Signing
> Certificate with a validity period not exceeding thirty-nine months.
> Timestamp Authorities and Signing Authorities may obtain an EV
> Timestamp Certificate or EV Code Signing Certificate (respectively)
> with a validity period not exceeding one hundred and _thirty five_
> twenty three months. The validity period for an EV Code Signing
> Certificate issued to a Subscriber MUST NOT exceed thirty-nine months.
> The validity period for an EV Code Signing Certificate issued to a
> Signing Authority that fully complies with these Guidelines MUST NOT
> exceed one hundred and _thirty five_ twenty three months. The validity
> period for an EV Timestamp Certificate issued to a Timestamp Authority
> that fully complies with these Guidelines MUST NOT exceed one hundred
> and _thirty five _twenty three months.
>
> -- Motion Ends --
>
> The review period for this ballot shall commence at 2100 UTC on
> Tuesday, 2 September 2014, and will close at 2100 UTC on Tuesday, 9
> September 2014. Unless the motion is withdrawn during the review
> period, the voting period will start immediately thereafter and will
> close at 2100 UTC on Tuesday, 16 September 2014. Votes must be cast by
> posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the
> response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response.
> Unclear responses will not be counted. The latest vote received from
> any representative of a voting member before the close of the voting
> period will be counted. Voting members are listed here:
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes
> cast by members in the browser category must be in favor. Also, at
> least seven members must participate in the ballot, either by voting
> in favor, voting against, or abstaining.
>
>  
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140910/b9988396/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-anf.png
Type: image/png
Size: 4746 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140910/b9988396/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4389 bytes
Desc: Firma criptogr??fica S/MIME
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140910/b9988396/attachment-0001.p7s>