[cabfpub] Code Signing Working Group - Call for Participants

James Burton burton at typewritten.net
Tue Mar 12 11:23:56 MST 2019


I would like to participate in this working group.

Thank you,

Burton

On Tue, Mar 12, 2019 at 4:46 PM Dean Coclin via Public <public at cabforum.org>
wrote:

> In accordance with the CA/B Forum Bylaws and the Charter of said working
> group, the Interim Chair announces a call for Participants interested in
> joining the Code Signing Working Group.
>
>
>
> Current CA/B Forum members should submit their names and company
> affiliations, as a formal declaration of their intent (or provide them at
> the face to face meeting).
>
>
>
> Interested Parties are eligible to participate once they provide the
> signed IPR agreement to the Chair.
>
>
>
> Here is the text from the ballot relevant to membership:
>
>
>
> The CSCWG SHALL consist of two classes of voting members, Certificate
> Issuers and Certificate Consumers meeting the eligibility criteria below:
>
>
>
> (1)      A Certificate Issuer eligible for voting membership in the CSCWG
> MUST have a publicly-available audit report or attestation statement in
> accordance with one of the following schemes:
>
>
>
> *            WebTrust for CAs v.2.0 or newer; or
>
> *            ETSI EN 319 411-1, which includes normative references to
> ETSI EN 319 401 (the latest version of the referenced ETSI documents should
> be applied); or
>
> *            If a Government Certificate Issuer is required by its
> Certificate Policy to use a different internal audit scheme, it MAY use
> such scheme provided that the audit either (a) encompasses all requirements
> of one of the above schemes or (b) consists of comparable criteria that are
> available for public review.
>
>
>
> These audit reports must also meet the following requirements:
>
>
>
> *            They must report on the operational effectiveness of controls
> for a historic period of at least 60 days;
>
> *            No more than 27 months have elapsed since the beginning of
> the reported-on period and no more than 15 months since the end of the
> reported-on period; and
>
> *            The audit report was prepared by a Qualified Auditor.
>
>
>
> In addition, the Certificate Issuer MUST actively issue code signing
> certificates that are accepted for use in computing platforms in which the
> platform supplier accepts code signing certificates issued by such
> Certificate Issuer.
>
>
>
>
>
> (2)    A Certificate Consumer (i.e. a platform supplier) eligible for
> voting membership in the CSCWG must produce a computing platform that
> accepts code signing certificates issued by third-party Certificate Issuers
> who meet criteria set by such Certificate Consumer.
>
>
>
>
>
> 4.2.2         Membership Application/Declaration process
>
>
>
> A.           An Applicant not already a member of the Forum SHALL provide
> the following information:
>
>
>
> *            Confirmation that the applicant satisfies at least one (1) of
> the membership eligibility criteria (and if it satisfies more than one (1),
> indication of the single category under which the applicant wishes to
> apply).
>
> *            The organization name, as they wish it to appear on the Forum
> Web site and in official Forum documents.
>
> *            URL of the applicant's main Web site.
>
> *            Names and email addresses of employees who will participate
> in the Working Group and Forum as Member representatives.
>
> *            Emergency contact information for security issues related to
> certificate trust.
>
>
>
> Applicants that qualify as Certificate Issuers or Root Certificate Issuers
> must supply the following additional information:
>
>
>
> *            URL of the current qualifying audit report.
>
> *            The URL of at least one third party website that includes a
> certificate issued by the Applicant in the certificate chain.
>
> *            Links or references to issued end-entity certificates that
> demonstrate them being treated as valid by a Certificate Consumer Member.
>
>
>
> Such Applicant SHALL become a Member once the CSCWG has determined by
> consensus among the Members during a CSCWG Meeting or Teleconference that
> the Applicant meets all of the requirements above or, upon the request of
> any Member of the CSCWG, by a Ballot among Members of the CSCWG. Acceptance
> by consensus shall be determined or a Ballot of the Members shall be held
> as soon as the Applicant indicates that it has presented all information
> required above and has responded to all follow-up questions from the CSCWG
> and the Member has complied with the requirements of Bylaw 5.5.
>
>
>
> Certificate Issuer applicants that are not actively issuing code signing
> certificates but otherwise meet these membership criteria MAY request to
> the CSCWG that they be granted an invitation for Associate Member status in
> accordance with Bylaw 3.1, subject to conditions designated by the CSCWG.
>
>
>
> The CSCWG SHALL allow participation by Interested Parties, as set forth in
> the Bylaws.
>
>
>
>
>
> An initial organizational meeting will take place during this week’s face
> to face meeting followed by the formal kickoff later in the week (see
> agenda for details).
>
>
>
> Dean Coclin
>
> CA/B Forum Vice Chair
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190312/8ea7c496/attachment-0001.html>


More information about the Public mailing list