[cabfpub] Code Signing Working Group - Call for Participants
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Tue Mar 12 18:09:11 UTC 2019
On 12/3/2019 6:46 μ.μ., Dean Coclin via Public wrote:
> In accordance with the CA/B Forum Bylaws and the Charter of said
> working group, the Interim Chair announces a call for Participants
> interested in joining the Code Signing Working Group.
> Current CA/B Forum members should submit their names and company
> affiliations, as a formal declaration of their intent (or provide them
> at the face to face meeting).
HARICA officially declares its intent to participate in the Code Signing
Certificate Working Group.
> Interested Parties are eligible to participate once they provide the
> signed IPR agreement to the Chair.
> Here is the text from the ballot relevant to membership:
> The CSCWG SHALL consist of two classes of voting members, Certificate
> Issuers and Certificate Consumers meeting the eligibility criteria below:
> (1) A Certificate Issuer eligible for voting membership in the
> CSCWG MUST have a publicly-available audit report or attestation
> statement in accordance with one of the following schemes:
> * WebTrust for CAs v.2.0 or newer; or
> * ETSI EN 319 411-1, which includes normative references to
> ETSI EN 319 401 (the latest version of the referenced ETSI documents
> should be applied); or
> * If a Government Certificate Issuer is required by its
> Certificate Policy to use a different internal audit scheme, it MAY
> use such scheme provided that the audit either (a) encompasses all
> requirements of one of the above schemes or (b) consists of comparable
> criteria that are available for public review.
> These audit reports must also meet the following requirements:
> * They must report on the operational effectiveness of
> controls for a historic period of at least 60 days;
> * No more than 27 months have elapsed since the beginning
> of the reported-on period and no more than 15 months since the end of
> the reported-on period; and
> * The audit report was prepared by a Qualified Auditor.
> In addition, the Certificate Issuer MUST actively issue code signing
> certificates that are accepted for use in computing platforms in which
> the platform supplier accepts code signing certificates issued by such
> Certificate Issuer.
> (2) A Certificate Consumer (i.e. a platform supplier) eligible for
> voting membership in the CSCWG must produce a computing platform that
> accepts code signing certificates issued by third-party Certificate
> Issuers who meet criteria set by such Certificate Consumer.
> 4.2.2 Membership Application/Declaration process
> A. An Applicant not already a member of the Forum SHALL
> provide the following information:
> * Confirmation that the applicant satisfies at least one
> (1) of the membership eligibility criteria (and if it satisfies more
> than one (1), indication of the single category under which the
> applicant wishes to apply).
> * The organization name, as they wish it to appear on the
> Forum Web site and in official Forum documents.
> * URL of the applicant's main Web site.
> * Names and email addresses of employees who will
> participate in the Working Group and Forum as Member representatives.
> * Emergency contact information for security issues related
> to certificate trust.
> Applicants that qualify as Certificate Issuers or Root Certificate
> Issuers must supply the following additional information:
> * URL of the current qualifying audit report.
> * The URL of at least one third party website that includes
> a certificate issued by the Applicant in the certificate chain.
> * Links or references to issued end-entity certificates
> that demonstrate them being treated as valid by a Certificate Consumer
> Such Applicant SHALL become a Member once the CSCWG has determined by
> consensus among the Members during a CSCWG Meeting or Teleconference
> that the Applicant meets all of the requirements above or, upon the
> request of any Member of the CSCWG, by a Ballot among Members of the
> CSCWG. Acceptance by consensus shall be determined or a Ballot of the
> Members shall be held as soon as the Applicant indicates that it has
> presented all information required above and has responded to all
> follow-up questions from the CSCWG and the Member has complied with
> the requirements of Bylaw 5.5.
> Certificate Issuer applicants that are not actively issuing code
> signing certificates but otherwise meet these membership criteria MAY
> request to the CSCWG that they be granted an invitation for Associate
> Member status in accordance with Bylaw 3.1, subject to conditions
> designated by the CSCWG.
> The CSCWG SHALL allow participation by Interested Parties, as set
> forth in the Bylaws.
> An initial organizational meeting will take place during this week’s
> face to face meeting followed by the formal kickoff later in the week
> (see agenda for details).
> Dean Coclin
> CA/B Forum Vice Chair
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public