[cabfpub] Code Signing Working Group - Call for Participants

Fotis Loukos fotisl at ssl.com
Tue Mar 12 19:01:33 UTC 2019


SSL.com is declaring its intent to participate in the Code Signing
Working Group. The initial participants will be:
- Fotis Loukos
- Nick Naziridis
- Chris Kemmerer
- Tom Zermeno

Regards,
Fotis

On 03/12/2019 09:46 AM, Dean Coclin via Public wrote:
> In accordance with the CA/B Forum Bylaws and the Charter of said working
> group, the Interim Chair announces a call for Participants interested in
> joining the Code Signing Working Group.
> 
>  
> 
> Current CA/B Forum members should submit their names and company
> affiliations, as a formal declaration of their intent (or provide them
> at the face to face meeting).
> 
>  
> 
> Interested Parties are eligible to participate once they provide the
> signed IPR agreement to the Chair.
> 
>  
> 
> Here is the text from the ballot relevant to membership:
> 
>  
> 
> The CSCWG SHALL consist of two classes of voting members, Certificate
> Issuers and Certificate Consumers meeting the eligibility criteria below:
> 
>  
> 
> (1)      A Certificate Issuer eligible for voting membership in the
> CSCWG MUST have a publicly-available audit report or attestation
> statement in accordance with one of the following schemes:
> 
>  
> 
> *            WebTrust for CAs v.2.0 or newer; or
> 
> *            ETSI EN 319 411-1, which includes normative references to
> ETSI EN 319 401 (the latest version of the referenced ETSI documents
> should be applied); or
> 
> *            If a Government Certificate Issuer is required by its
> Certificate Policy to use a different internal audit scheme, it MAY use
> such scheme provided that the audit either (a) encompasses all
> requirements of one of the above schemes or (b) consists of comparable
> criteria that are available for public review.
> 
>  
> 
> These audit reports must also meet the following requirements:
> 
>  
> 
> *            They must report on the operational effectiveness of
> controls for a historic period of at least 60 days;
> 
> *            No more than 27 months have elapsed since the beginning of
> the reported-on period and no more than 15 months since the end of the
> reported-on period; and
> 
> *            The audit report was prepared by a Qualified Auditor.
> 
>  
> 
> In addition, the Certificate Issuer MUST actively issue code signing
> certificates that are accepted for use in computing platforms in which
> the platform supplier accepts code signing certificates issued by such
> Certificate Issuer.
> 
>  
> 
>  
> 
> (2)    A Certificate Consumer (i.e. a platform supplier) eligible for
> voting membership in the CSCWG must produce a computing platform that
> accepts code signing certificates issued by third-party Certificate
> Issuers who meet criteria set by such Certificate Consumer.
> 
>  
> 
>  
> 
> 4.2.2         Membership Application/Declaration process
> 
>  
> 
> A.           An Applicant not already a member of the Forum SHALL
> provide the following information:
> 
>  
> 
> *            Confirmation that the applicant satisfies at least one (1)
> of the membership eligibility criteria (and if it satisfies more than
> one (1), indication of the single category under which the applicant
> wishes to apply).
> 
> *            The organization name, as they wish it to appear on the
> Forum Web site and in official Forum documents.
> 
> *            URL of the applicant's main Web site.
> 
> *            Names and email addresses of employees who will participate
> in the Working Group and Forum as Member representatives.
> 
> *            Emergency contact information for security issues related
> to certificate trust.
> 
>  
> 
> Applicants that qualify as Certificate Issuers or Root Certificate
> Issuers must supply the following additional information:
> 
>  
> 
> *            URL of the current qualifying audit report.
> 
> *            The URL of at least one third party website that includes a
> certificate issued by the Applicant in the certificate chain.
> 
> *            Links or references to issued end-entity certificates that
> demonstrate them being treated as valid by a Certificate Consumer Member.
> 
>  
> 
> Such Applicant SHALL become a Member once the CSCWG has determined by
> consensus among the Members during a CSCWG Meeting or Teleconference
> that the Applicant meets all of the requirements above or, upon the
> request of any Member of the CSCWG, by a Ballot among Members of the
> CSCWG. Acceptance by consensus shall be determined or a Ballot of the
> Members shall be held as soon as the Applicant indicates that it has
> presented all information required above and has responded to all
> follow-up questions from the CSCWG and the Member has complied with the
> requirements of Bylaw 5.5.
> 
>  
> 
> Certificate Issuer applicants that are not actively issuing code signing
> certificates but otherwise meet these membership criteria MAY request to
> the CSCWG that they be granted an invitation for Associate Member status
> in accordance with Bylaw 3.1, subject to conditions designated by the CSCWG.
> 
>  
> 
> The CSCWG SHALL allow participation by Interested Parties, as set forth
> in the Bylaws.
> 
>  
> 
>  
> 
> An initial organizational meeting will take place during this week’s
> face to face meeting followed by the formal kickoff later in the week
> (see agenda for details).
> 
>  
> 
> Dean Coclin
> 
> CA/B Forum Vice Chair
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 

-- 
Fotis Loukos, PhD
Director of Security Architecture
SSL Corp
e: fotisl at ssl.com
w: https://www.ssl.com



More information about the Public mailing list