[cabfpub] Code Signing Working Group
Gervase Markham
gerv at mozilla.org
Fri May 6 03:22:29 MST 2016
On 06/05/16 10:56, Richard Wang wrote:
> I don't think so. This is CABF meeting, CA/Browser Forum is not
> SSL/Browser Forum,
Notwithstanding the name, it is. That is precisely why we have a
Governance Reform Working Group: to look at what it would mean to extend
the jurisdiction of the Forum to code signing, email and other types of
certificate.
Other than the fact that we have convened that group, there are lots of
bits of evidence which show that Forum is effectively the SSL/Browser
Forum. The forum is open to CAs that "actively issue certificates to Web
servers". The forum is not open to full participation for large parts of
the code signing certificate ecosystem, because they don't meet the
definition of "browser".
But, even if Code Signing were within the current scope of the Forum, it
would still be inappropriate to continue work on a document which has
been rejected by the Forum (in a way which means editing the document
won't help to pass it). While I wish Microsoft well with their efforts
to bring a set of baseline requirements to their code signing program,
that effort does not belong under the Forum umbrella.
Gerv
More information about the Public
mailing list