[cabfpub] Code Signing Working Group - Call for Participants

Mads Egil Henriksveen Mads.Henriksveen at buypass.no
Thu Mar 14 04:53:57 MST 2019


Hi Dean


Buypass would like to participate in the Code Signing Working Group and ask to be granted an invitation as an Associate Member since we do not (yet) issue Code Signing Certificates.



The initial participant will be Mads Henriksveen.



Regards

Mads



From: Public <public-bounces at cabforum.org> On Behalf Of Dean Coclin via Public
Sent: tirsdag 12. mars 2019 17:46
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] Code Signing Working Group - Call for Participants



In accordance with the CA/B Forum Bylaws and the Charter of said working group, the Interim Chair announces a call for Participants interested in joining the Code Signing Working Group.



Current CA/B Forum members should submit their names and company affiliations, as a formal declaration of their intent (or provide them at the face to face meeting).



Interested Parties are eligible to participate once they provide the signed IPR agreement to the Chair.



Here is the text from the ballot relevant to membership:



The CSCWG SHALL consist of two classes of voting members, Certificate Issuers and Certificate Consumers meeting the eligibility criteria below:



(1)      A Certificate Issuer eligible for voting membership in the CSCWG MUST have a publicly-available audit report or attestation statement in accordance with one of the following schemes:



*            WebTrust for CAs v.2.0 or newer; or

*            ETSI EN 319 411-1, which includes normative references to ETSI EN 319 401 (the latest version of the referenced ETSI documents should be applied); or

*            If a Government Certificate Issuer is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements of one of the above schemes or (b) consists of comparable criteria that are available for public review.



These audit reports must also meet the following requirements:



*            They must report on the operational effectiveness of controls for a historic period of at least 60 days;

*            No more than 27 months have elapsed since the beginning of the reported-on period and no more than 15 months since the end of the reported-on period; and

*            The audit report was prepared by a Qualified Auditor.



In addition, the Certificate Issuer MUST actively issue code signing certificates that are accepted for use in computing platforms in which the platform supplier accepts code signing certificates issued by such Certificate Issuer.





(2)    A Certificate Consumer (i.e. a platform supplier) eligible for voting membership in the CSCWG must produce a computing platform that accepts code signing certificates issued by third-party Certificate Issuers who meet criteria set by such Certificate Consumer.







4.2.2         Membership Application/Declaration process





A.           An Applicant not already a member of the Forum SHALL provide the following information:



*            Confirmation that the applicant satisfies at least one (1) of the membership eligibility criteria (and if it satisfies more than one (1), indication of the single category under which the applicant wishes to apply).

*            The organization name, as they wish it to appear on the Forum Web site and in official Forum documents.

*            URL of the applicant's main Web site.

*            Names and email addresses of employees who will participate in the Working Group and Forum as Member representatives.

*            Emergency contact information for security issues related to certificate trust.





Applicants that qualify as Certificate Issuers or Root Certificate Issuers must supply the following additional information:



*            URL of the current qualifying audit report.

*            The URL of at least one third party website that includes a certificate issued by the Applicant in the certificate chain.

*            Links or references to issued end-entity certificates that demonstrate them being treated as valid by a Certificate Consumer Member.





Such Applicant SHALL become a Member once the CSCWG has determined by consensus among the Members during a CSCWG Meeting or Teleconference that the Applicant meets all of the requirements above or, upon the request of any Member of the CSCWG, by a Ballot among Members of the CSCWG. Acceptance by consensus shall be determined or a Ballot of the Members shall be held as soon as the Applicant indicates that it has presented all information required above and has responded to all follow-up questions from the CSCWG and the Member has complied with the requirements of Bylaw 5.5.





Certificate Issuer applicants that are not actively issuing code signing certificates but otherwise meet these membership criteria MAY request to the CSCWG that they be granted an invitation for Associate Member status in accordance with Bylaw 3.1, subject to conditions designated by the CSCWG.



The CSCWG SHALL allow participation by Interested Parties, as set forth in the Bylaws.





An initial organizational meeting will take place during this week's face to face meeting followed by the formal kickoff later in the week (see agenda for details).



Dean Coclin

CA/B Forum Vice Chair





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190314/9085f259/attachment.html>


More information about the Public mailing list