[cabfpub] Code Signing Working Group - Call for Participants

Moudrick M. Dadashov md at ssc.lt
Tue Mar 12 21:12:58 MST 2019 

Dean, SSC would like to join the group,

Thanks,
M.D.

On 3/12/2019 6:46 PM, Dean Coclin via Public wrote:
>
> In accordance with the CA/B Forum Bylaws and the Charter of said 
> working group, the Interim Chair announces a call for Participants 
> interested in joining the Code Signing Working Group.
>
> Current CA/B Forum members should submit their names and company 
> affiliations, as a formal declaration of their intent (or provide them 
> at the face to face meeting).
>
> Interested Parties are eligible to participate once they provide the 
> signed IPR agreement to the Chair.
>
> Here is the text from the ballot relevant to membership:
>
> The CSCWG SHALL consist of two classes of voting members, Certificate 
> Issuers and Certificate Consumers meeting the eligibility criteria below:
>
> (1)      A Certificate Issuer eligible for voting membership in the 
> CSCWG MUST have a publicly-available audit report or attestation 
> statement in accordance with one of the following schemes:
>
> *            WebTrust for CAs v.2.0 or newer; or
>
> *            ETSI EN 319 411-1, which includes normative references to 
> ETSI EN 319 401 (the latest version of the referenced ETSI documents 
> should be applied); or
>
> *            If a Government Certificate Issuer is required by its 
> Certificate Policy to use a different internal audit scheme, it MAY 
> use such scheme provided that the audit either (a) encompasses all 
> requirements of one of the above schemes or (b) consists of comparable 
> criteria that are available for public review.
>
> These audit reports must also meet the following requirements:
>
> *            They must report on the operational effectiveness of 
> controls for a historic period of at least 60 days;
>
> *            No more than 27 months have elapsed since the beginning 
> of the reported-on period and no more than 15 months since the end of 
> the reported-on period; and
>
> *            The audit report was prepared by a Qualified Auditor.
>
> In addition, the Certificate Issuer MUST actively issue code signing 
> certificates that are accepted for use in computing platforms in which 
> the platform supplier accepts code signing certificates issued by such 
> Certificate Issuer.
>
> (2)    A Certificate Consumer (i.e. a platform supplier) eligible for 
> voting membership in the CSCWG must produce a computing platform that 
> accepts code signing certificates issued by third-party Certificate 
> Issuers who meet criteria set by such Certificate Consumer.
>
> 4.2.2         Membership Application/Declaration process
>
> A.           An Applicant not already a member of the Forum SHALL 
> provide the following information:
>
> *            Confirmation that the applicant satisfies at least one 
> (1) of the membership eligibility criteria (and if it satisfies more 
> than one (1), indication of the single category under which the 
> applicant wishes to apply).
>
> *            The organization name, as they wish it to appear on the 
> Forum Web site and in official Forum documents.
>
> *            URL of the applicant's main Web site.
>
> *            Names and email addresses of employees who will 
> participate in the Working Group and Forum as Member representatives.
>
> *            Emergency contact information for security issues related 
> to certificate trust.
>
> Applicants that qualify as Certificate Issuers or Root Certificate 
> Issuers must supply the following additional information:
>
> *            URL of the current qualifying audit report.
>
> *            The URL of at least one third party website that includes 
> a certificate issued by the Applicant in the certificate chain.
>
> *            Links or references to issued end-entity certificates 
> that demonstrate them being treated as valid by a Certificate Consumer 
> Member.
>
> Such Applicant SHALL become a Member once the CSCWG has determined by 
> consensus among the Members during a CSCWG Meeting or Teleconference 
> that the Applicant meets all of the requirements above or, upon the 
> request of any Member of the CSCWG, by a Ballot among Members of the 
> CSCWG. Acceptance by consensus shall be determined or a Ballot of the 
> Members shall be held as soon as the Applicant indicates that it has 
> presented all information required above and has responded to all 
> follow-up questions from the CSCWG and the Member has complied with 
> the requirements of Bylaw 5.5.
>
> Certificate Issuer applicants that are not actively issuing code 
> signing certificates but otherwise meet these membership criteria MAY 
> request to the CSCWG that they be granted an invitation for Associate 
> Member status in accordance with Bylaw 3.1, subject to conditions 
> designated by the CSCWG.
>
> The CSCWG SHALL allow participation by Interested Parties, as set 
> forth in the Bylaws.
>
> An initial organizational meeting will take place during this week’s 
> face to face meeting followed by the formal kickoff later in the week 
> (see agenda for details).
>
> Dean Coclin
>
> CA/B Forum Vice Chair
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190313/1721b060/attachment.html>

More information about the Public mailing list