[cabfpub] Code Signing Baseline Requirements - Final Draft for public exposure
sleevi at google.com
Tue Mar 10 22:12:44 MST 2015
Reposting with permission
On Mar 10, 2015 9:35 PM, "Peter Bowen" <pzbowen at gmail.com> wrote:
> On Thu, Feb 5, 2015 at 9:11 AM, Dean Coclin <Dean_Coclin at symantec.com>
> > The Code Signing Working Group of the CA/Browser Forum announces the
> > draft of the Code Signing Baseline Requirements. This version takes into
> > account comments received in the first round of public review as well as
> > comments from WebTrust auditors. Additional changes/corrections were
> > incorporated by the working group over the past 3 months.
> > This version is being sent out to the public mailing list and will be
> > on the CA/B Forum website for final comments until March 6th, 2015.
> Apologies for not reading these in detail until four days after the
> I am concerned that it seems that EV Code Signing certificates are not
> a super set of standard (Baseline) Code Signing certificates.
> Specifically, EVCS section 9.2.2 forbids subject alternative names in
> EVCS certificates while the BRCS section 9.2.1 requires a SAN.
> Similarly, EVCS 9.2.3 indicates common name is deprecated but BRCS
> 9.2.2 makes it mandatory.
> My expectation is that EV certificates always meet the requirements of
> the non-EV certificate such that systems that don't differentiate
> between EV and non-EV certificates can use EV certificates as standard
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public