[cabfpub] Voting Period begins: Ballot FORUM-020 v2 - Amend Code Signing Certificate Working Group Charter

Tim Hollebeek tim.hollebeek at digicert.com
Mon Jan 8 21:29:40 UTC 2024 

DigiCert votes NO on FORUM-020 v2.

 

This is purely based on a minor problem which I wish I had spotted during the discussion period, but didn’t.

 

The problem is that the requirement to put the CABF policy OID in timestamping certs or ICAs is pretty recent, and there are extant certificates out there that don’t have it, but are still trusted by Microsoft.

 

I think it is a mistake to have those certificates be outside the scope of the charter.  I think the correct scope is timestamp certificates that chain to public roots trusted by one or more certificate consumers.

 

Again, this is definitely just a nit, and DigiCert would be happy to support an amended charter that fixes this very minor flaw.

 

-Tim

 

From: Public <public-bounces at cabforum.org> On Behalf Of Martijn Katerbarg via Public
Sent: Thursday, January 4, 2024 3:02 PM
To: CABforum1 <public at cabforum.org>
Subject: [cabfpub] Voting Period begins: Ballot FORUM-020 v2 - Amend Code Signing Certificate Working Group Charter

 

Ballot FORUM-020 v2 - Amend Code Signing Certificate Working Group Charter

 

Purpose of Ballot

This ballot proposes to amend the Code Signing Certificate Working Group (CSCWG) Charter with the following changes:

*	Bump the Charter version.
*	Add a limited scope for timestamp certificates.
*	Remove the version reference of the bylaws that we follow.
*	During a ballot, count only members that are in a voting class, disregarding associate members and interested parties.
*	Align Quorum definition as half the average, as the Bylaws have it set.

 

The following motion has been proposed by Martijn Katerbarg of Sectigo and endorsed by Bruce Morton of Entrust and Dimitris Zacharopoulos of HARICA.

 

----- Motion Begins -----

 

MODIFY the Charter of the Code Signing Certificate Working Group as specified in the following redline: 
 <https://github.com/cabforum/forum/compare/59185f16917cc7f5b83564fe5fddff32cf84c8ce...b80c98b80ee132e2a3adf09bfa8ba7448084d11d> https://github.com/cabforum/forum/compare/59185f16917cc7f5b83564fe5fddff32cf84c8ce...b80c98b80ee132e2a3adf09bfa8ba7448084d11d

 

----- Motion Ends -----

 

This ballot does not propose a Final Guideline or Final Maintenance Guideline. 

 

The procedure for approval of this ballot is as follows:

 

Discussion Period (7+ days)

    Start Time: 2023-12-14 – 16:00 UTC

    End Time: 2024-01-04 – 20:00 UTC

 

Vote for approval (7 days)

    Start Time: 2024-01-04 – 20:00 UTC

    End Time:  2024-01-11 – 20:00 UTC

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20240108/17248eea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5231 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20240108/17248eea/attachment-0001.p7s>

More information about the Public mailing list