[cabfpub] Code Signing Working Group - Call for Participants

realsky(CHT) realsky at cht.com.tw
Tue Mar 12 14:42:49 MST 2019 

Chunghwa Telecom Co., Ltd. would like to to participate in the Code Signing WG.

The initial participants will be: Li-Chun Chen and Tsung-Min Kuo. 

However Chunghwa Telecom Co., Ltd. does not issue code-signing certs so we ask to be granted an invitation for Associate Member status first in this WG.

  Li-Chun Chen
  Chunghwa Telecom



-----Original message-----

On 03/12/2019 09:46 AM, Dean Coclin via Public wrote:
> In accordance with the CA/B Forum Bylaws and the Charter of said working
> group, the Interim Chair announces a call for Participants interested in
> joining the Code Signing Working Group.
> 
>  
> 
> Current CA/B Forum members should submit their names and company
> affiliations, as a formal declaration of their intent (or provide them
> at the face to face meeting).
> 
>  
> 
> Interested Parties are eligible to participate once they provide the
> signed IPR agreement to the Chair.
> 
>  
> 
> Here is the text from the ballot relevant to membership:
> 
>  
> 
> The CSCWG SHALL consist of two classes of voting members, Certificate
> Issuers and Certificate Consumers meeting the eligibility criteria below:
> 
>  
> 
> (1)      A Certificate Issuer eligible for voting membership in the
> CSCWG MUST have a publicly-available audit report or attestation
> statement in accordance with one of the following schemes:
> 
>  
> 
> *            WebTrust for CAs v.2.0 or newer; or
> 
> *            ETSI EN 319 411-1, which includes normative references to
> ETSI EN 319 401 (the latest version of the referenced ETSI documents
> should be applied); or
> 
> *            If a Government Certificate Issuer is required by its
> Certificate Policy to use a different internal audit scheme, it MAY use
> such scheme provided that the audit either (a) encompasses all
> requirements of one of the above schemes or (b) consists of comparable
> criteria that are available for public review.
> 
>  
> 
> These audit reports must also meet the following requirements:
> 
>  
> 
> *            They must report on the operational effectiveness of
> controls for a historic period of at least 60 days;
> 
> *            No more than 27 months have elapsed since the beginning of
> the reported-on period and no more than 15 months since the end of the
> reported-on period; and
> 
> *            The audit report was prepared by a Qualified Auditor.
> 
>  
> 
> In addition, the Certificate Issuer MUST actively issue code signing
> certificates that are accepted for use in computing platforms in which
> the platform supplier accepts code signing certificates issued by such
> Certificate Issuer.
> 
>  
> 
>  
> 
> (2)    A Certificate Consumer (i.e. a platform supplier) eligible for
> voting membership in the CSCWG must produce a computing platform that
> accepts code signing certificates issued by third-party Certificate
> Issuers who meet criteria set by such Certificate Consumer.
> 
>  
> 
>  
> 
> 4.2.2         Membership Application/Declaration process
> 
>  
> 
> A.           An Applicant not already a member of the Forum SHALL
> provide the following information:
> 
>  
> 
> *            Confirmation that the applicant satisfies at least one (1)
> of the membership eligibility criteria (and if it satisfies more than
> one (1), indication of the single category under which the applicant
> wishes to apply).
> 
> *            The organization name, as they wish it to appear on the
> Forum Web site and in official Forum documents.
> 
> *            URL of the applicant's main Web site.
> 
> *            Names and email addresses of employees who will participate
> in the Working Group and Forum as Member representatives.
> 
> *            Emergency contact information for security issues related
> to certificate trust.
> 
>  
> 
> Applicants that qualify as Certificate Issuers or Root Certificate
> Issuers must supply the following additional information:
> 
>  
> 
> *            URL of the current qualifying audit report.
> 
> *            The URL of at least one third party website that includes a
> certificate issued by the Applicant in the certificate chain.
> 
> *            Links or references to issued end-entity certificates that
> demonstrate them being treated as valid by a Certificate Consumer Member.
> 
>  
> 
> Such Applicant SHALL become a Member once the CSCWG has determined by
> consensus among the Members during a CSCWG Meeting or Teleconference
> that the Applicant meets all of the requirements above or, upon the
> request of any Member of the CSCWG, by a Ballot among Members of the
> CSCWG. Acceptance by consensus shall be determined or a Ballot of the
> Members shall be held as soon as the Applicant indicates that it has
> presented all information required above and has responded to all
> follow-up questions from the CSCWG and the Member has complied with the
> requirements of Bylaw 5.5.
> 
>  
> 
> Certificate Issuer applicants that are not actively issuing code signing
> certificates but otherwise meet these membership criteria MAY request to
> the CSCWG that they be granted an invitation for Associate Member status
> in accordance with Bylaw 3.1, subject to conditions designated by the CSCWG.
> 
>  
> 
> The CSCWG SHALL allow participation by Interested Parties, as set forth
> in the Bylaws.
> 
>  
> 
>  
> 
> An initial organizational meeting will take place during this week
> face to face meeting followed by the formal kickoff later in the week
> (see agenda for details).
> 
>  
> 
> Dean Coclin
> 
> CA/B Forum Vice Chair
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 

-- 
Fotis Loukos, PhD
Director of Security Architecture
SSL Corp
e: fotisl at ssl.com
w: https://www.ssl.com
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public


本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.

More information about the Public mailing list