[cabfpub] Code Signing Working Group

Rob Stradling rob.stradling at comodo.com
Fri May 6 03:37:15 MST 2016


On 06/05/16 11:22, Gervase Markham wrote:
> On 06/05/16 10:56, Richard Wang wrote:
>> I don't think so. This is CABF meeting, CA/Browser Forum is not
>> SSL/Browser Forum,
>
> Notwithstanding the name, it is. That is precisely why we have a
> Governance Reform Working Group: to look at what it would mean to extend
> the jurisdiction of the Forum to code signing, email and other types of
> certificate.

Hi Gerv.  AIUI, this Forum does have an element of jurisdiction over 
code signing.

The "Code Signing BRs" have not been adopted by the Forum, but (like it 
or not) the "EV Code Signing Guidelines" is a Forum document.

> Other than the fact that we have convened that group, there are lots of
> bits of evidence which show that Forum is effectively the SSL/Browser
> Forum. The forum is open to CAs that "actively issue certificates to Web
> servers". The forum is not open to full participation for large parts of
> the code signing certificate ecosystem, because they don't meet the
> definition of "browser".
>
> But, even if Code Signing were within the current scope of the Forum, it
> would still be inappropriate to continue work on a document which has
> been rejected by the Forum (in a way which means editing the document
> won't help to pass it). While I wish Microsoft well with their efforts
> to bring a set of baseline requirements to their code signing program,
> that effort does not belong under the Forum umbrella.
>
> Gerv

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online



More information about the Public mailing list