[cabfpub] Ballot 158: Adopt Code Signing Baseline Requirements

Dimitris Zacharopoulos jimmy at it.auth.gr
Thu Dec 17 09:33:07 UTC 2015 

HARICA abstains.

Dimitris Zacharopoulos.

On 3/12/2015 11:04 μμ, Dean Coclin wrote:
>
> After a 2 week pre-ballot, the Code Signing Working Group has now 
> prepared the formal ballot below:
>
> __
>
> _Ballot 158: Adopt Code Signing Baseline Requirements_
>
> The following motion is proposed by the Code Signing Working Group and 
> is endorsed by Microsoft, Trend Micro and OATI. Further information on 
> the ballot is in the email message below.
>
> *- - - - Motion for Ballot 158 - - - -*
>
> Be it resolved that the CA / Browser Forum adopts the recommendation 
> of the Code Signing Working Group for Version 1.0 of the Baseline 
> Requirements for Code Signing. Once adopted, the effective date will 
> be October 1, 2016.
>
> *- - - - Motion Ends - - - -*
>
> The review period for this ballot shall commence at 2200 UTC on 3 Dec 
> 2015, and will close at 2200 UTC on 10 Dec 2015. Unless the motion is 
> withdrawn during the review period, the voting period will start 
> immediately thereafter and will close at 2200 UTC on 17 Dec 2015. 
> Votes must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here:
>
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
> Dean Coclin and Jeremy Rowley
>
> Code Signing Working Group co-chairs
>
> *From:*public-bounces at cabforum.org 
> <mailto:public-bounces at cabforum.org>[mailto:public-bounces at cabforum.org] 
> *On Behalf Of *Dean Coclin
> *Sent:* Thursday, November 19, 2015 2:01 PM
> *To:* CABFPub
> *Subject:* [cabfpub] Pre-Ballot: Code Signing Baseline Requirements
>
> The Code Signing Working Group of the CA/Browser Forum has completed 
> its work on Version 1 of the Code Signing Baseline Requirements.  The 
> Working Group has been meeting over the last 2+ years to develop and 
> bring this topic to the Forum for approval.
>
> This Working Group was chartered by the Forum at the Mozilla face to 
> face meeting in February 2013 and has brought together forum members 
> and outside participants to craft a document which we believe will 
> help improve the security of the ecosystem. Forum members in the 
> working group include: Comodo, Digicert, Entrust, ETSI, Federal PKI, 
> Firmaprofessional,  Globalsign, Izenpe, Microsoft, Startcom, 
> SwissSign, Symantec, Trend Micro, WoSign as well as non-members: 
> Cacert, Intarsys, OTA, Richter, and Travelport. Also, there have been 
> several public commenting periods which resulted in changes and 
> revisions to the document.
>
> The stated goal of the group was to: “Create a set of baseline 
> requirements for code signing that will reduce the incidence of signed 
> malware”. We strived to work on 3 sub goals, which are by no means 
> 100% solved. However we feel that the document reflects progress 
> towards these goals which were:
>
> 1.Minimize private key theft by moving toward more secure key storage 
> (protection of private keys)
>
> 2.Baseline authentication and vetting procedures for all parties
>
> 3.Information sharing (notification/revocation) for fraud detection. 
> This piece was moved to the Information Sharing Working Group
>
> _The document is now final and no further changes are being accepted_. 
> Comments and suggestions will be accumulated for a future version of 
> the document.
>
> The group is seeking 2 endorsers for the ballot below:
>
> *- - - - Motion for Ballot XXX - - - -*
>
> Be it resolved that the CA / Browser Forum adopts the recommendation 
> of the Code Signing Working Group for Version 1.0 of the Baseline 
> Requirements for Code Signing. Once adopted the effective date will be 
> October 1, 2016.
>
> *- - - - Motion Ends - - - -*
>
> The review period for this ballot shall commence at 2200 UTC on 3 Dec 
> 2015, and will close at 2200 UTC on 10 Dec 2015. Unless the motion is 
> withdrawn during the review period, the voting period will start 
> immediately thereafter and will close at 2200 UTC on 17 Dec 2015. 
> Votes must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here:
>
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151217/3df3d3fb/attachment-0003.html>

More information about the Public mailing list