Re: [cabfpub] [EXTERNAL] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Bruce Morton via Public]

Entrust would like to participate in the Definitions working group.


Thanks, Bruce.

From: Public  On Behalf Of Dimitris Zacharopoulos 
(HARICA) via Public
Sent: Monday, April 22, 2024 12:28 PM
To: CA/Browser Forum Public Discussion List 
Subject: [EXTERNAL] [cabfpub] CABG: Follow-up actions to the creation of the 
new Definitions and Glossary Working Group

Dear Members, I have added the approved Charter of the Definitions and Glossary 
Working Group (DGWG) to the main GitHub Forum repository https: //urldefense. 
com/v3/__https: //github. com/cabforum/forum/blob/main/DGWG-Charter. 
md__;!!FJ-Y8qCqXTj2!eq02ZSHUQVN-q2lQMXOOz24aRuktcyB11VY_uEioFUN3IqXPe_9A8ESRAZCSDC90ReE5iUdWCFL-nmFYQZ5g$.
 




Dear Members,



I have added the approved Charter of the Definitions and Glossary

Working Group (DGWG) to the main GitHub Forum repository

https://urldefense.com/v3/__https://github.com/cabforum/forum/blob/main/DGWG-Charter.md__;!!FJ-Y8qCqXTj2!eq02ZSHUQVN-q2lQMXOOz24aRuktcyB11VY_uEioFUN3IqXPe_9A8ESRAZCSDC90ReE5iUdWCFL-nmFYQZ5g$.



I welcome Tim Hollebeek (Chair) and Tim Callan (Vice-Chair) to

coordinate with the Infrastructure Subcommittee to create the necessary

mailing lists, area in the cabforum.org Public Website and possibly a

separate area in the Member's Website (wiki.cabforum.org).



According to the Bylaws and IPR Policy, each Member must declare its

participation to the DGWG, preferably by replying to this email so the

declaration can be registered on the Public Mailing List.





Best regards,



Dimitris Zacharopoulos

CA/B Forum Chair

___

Public mailing list

Public@cabforum.org

https://urldefense.com/v3/__https://lists.cabforum.org/mailman/listinfo/public__;!!FJ-Y8qCqXTj2!eq02ZSHUQVN-q2lQMXOOz24aRuktcyB11VY_uEioFUN3IqXPe_9A8ESRAZCSDC90ReE5iUdWCFL-ngZvzJ37$

Any email and files/attachments transmitted with it are intended solely for the 
use of the individual or entity to whom they are addressed. If this message has 
been sent to you in error, you must not copy, distribute or disclose of the 
information it contains. Please notify Entrust immediately and delete the 
message from your system.
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Tom Zermeno via Public]

SSL.com will participate in the Definitions and Glossary Working Group.



-Original Message-
From: Public  On Behalf Of Dimitris
Zacharopoulos (HARICA) via Public
Sent: Monday, April 22, 2024 11:28 AM
To: CA/Browser Forum Public Discussion List 
Subject: [cabfpub] CABG: Follow-up actions to the creation of the new
Definitions and Glossary Working Group


Dear Members,

I have added the approved Charter of the Definitions and Glossary Working
Group (DGWG) to the main GitHub Forum repository
https://github.com/cabforum/forum/blob/main/DGWG-Charter.md.

I welcome Tim Hollebeek (Chair) and Tim Callan (Vice-Chair) to coordinate
with the Infrastructure Subcommittee to create the necessary mailing lists,
area in the cabforum.org Public Website and possibly a separate area in the
Member's Website (wiki.cabforum.org).

According to the Bylaws and IPR Policy, each Member must declare its
participation to the DGWG, preferably by replying to this email so the
declaration can be registered on the Public Mailing List.


Best regards,

Dimitris Zacharopoulos
CA/B Forum Chair
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public


smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Scott Rea via Public]

eMudhra would like to express our interest to participate on this DG Working 
Group

(Sorry, sending from the right email account this time - the challenge of 
configuring multiple accounts on a mobile device 臘‍♂️)



Regards,
-Scott

From: Public  on behalf of Dimitris Zacharopoulos 
(HARICA) via Public 
Sent: Monday, April 22, 2024 10:27:32 AM
To: CA/Browser Forum Public Discussion List 
Subject: [cabfpub] CABG: Follow-up actions to the creation of the new 
Definitions and Glossary Working Group

CAUTION: This email is originated from outside of the organization. Do not open 
the links or the attachments unless you recognize the sender and know the 
content is safe.


Dear Members,

I have added the approved Charter of the Definitions and Glossary
Working Group (DGWG) to the main GitHub Forum repository
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fforum%2Fblob%2Fmain%2FDGWG-Charter.md=05%7C02%7Cscott.rea%40emudhra.com%7C22b88799aab14eb99fef08dc62e91f66%7C11219a1f9e6240568ee2d013be03405f%7C0%7C0%7C638494000617541225%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=Rrx5kn9SAOtZNTWPBTd2Ik21fcDzfxtOOzxXDAOpJGY%3D=0.

I welcome Tim Hollebeek (Chair) and Tim Callan (Vice-Chair) to
coordinate with the Infrastructure Subcommittee to create the necessary
mailing lists, area in the cabforum.org Public Website and possibly a
separate area in the Member's Website (wiki.cabforum.org).

According to the Bylaws and IPR Policy, each Member must declare its
participation to the DGWG, preferably by replying to this email so the
declaration can be registered on the Public Mailing List.


Best regards,

Dimitris Zacharopoulos
CA/B Forum Chair
___
Public mailing list
Public@cabforum.org
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fpublic=05%7C02%7Cscott.rea%40emudhra.com%7C22b88799aab14eb99fef08dc62e91f66%7C11219a1f9e6240568ee2d013be03405f%7C0%7C0%7C638494000617550137%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=b98p3V4Ewmgb79DXnuP7Pa4HcYSE7dhSJNnvREFNaKM%3D=0
Disclaimer: The email and its contents hold confidential information and are 
intended for the person or entity to which it is addressed. If you are not the 
intended recipient, please note that any distribution or copying of this email 
is strictly prohibited as per Company Policy, you are requested to notify the 
sender and delete the email and associated attachments with it from your system.
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Scott Rea via Public]

 eMudhra would like to express our interest to participate on this DG
Working Group

Regards,
-Scott
--
*From:* Public  on behalf of Dimitris
Zacharopoulos (HARICA) via Public 
*Sent:* Monday, April 22, 2024 10:27:35 AM
*To:* CA/Browser Forum Public Discussion List 
*Subject:* [cabfpub] CABG: Follow-up actions to the creation of the new
Definitions and Glossary Working Group


Dear Members,

I have added the approved Charter of the Definitions and Glossary
Working Group (DGWG) to the main GitHub Forum repository
https://github.com/cabforum/forum/blob/main/DGWG-Charter.md.

I welcome Tim Hollebeek (Chair) and Tim Callan (Vice-Chair) to
coordinate with the Infrastructure Subcommittee to create the necessary
mailing lists, area in the cabforum.org Public Website and possibly a
separate area in the Member's Website (wiki.cabforum.org).

According to the Bylaws and IPR Policy, each Member must declare its
participation to the DGWG, preferably by replying to this email so the
declaration can be registered on the Public Mailing List.


Best regards,

Dimitris Zacharopoulos
CA/B Forum Chair
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Ben Wilson via Public]

Mozilla wants to participate in the new Definitions and Glossary Working
Group.

On Mon, Apr 22, 2024 at 10:27 AM Dimitris Zacharopoulos (HARICA) via Public
 wrote:

>
> Dear Members,
>
> I have added the approved Charter of the Definitions and Glossary
> Working Group (DGWG) to the main GitHub Forum repository
> https://github.com/cabforum/forum/blob/main/DGWG-Charter.md.
>
> I welcome Tim Hollebeek (Chair) and Tim Callan (Vice-Chair) to
> coordinate with the Infrastructure Subcommittee to create the necessary
> mailing lists, area in the cabforum.org Public Website and possibly a
> separate area in the Member's Website (wiki.cabforum.org).
>
> According to the Bylaws and IPR Policy, each Member must declare its
> participation to the DGWG, preferably by replying to this email so the
> declaration can be registered on the Public Mailing List.
>
>
> Best regards,
>
> Dimitris Zacharopoulos
> CA/B Forum Chair
> ___
> Public mailing list
> Public@cabforum.org
> https://lists.cabforum.org/mailman/listinfo/public
>
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Tim Callan via Public]

smime.p7m
Description: S/MIME encrypted message
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Tim Hollebeek via Public]

Thanks Dimitris,

I'd like to thank the Forum for approving this important work.  DigiCert is of
course excited to have the opportunity to participate in the Definitions and
Glossary Working Group, and is declaring its intent to participate.

I'd like to encourage all members who are interested to also declare their
participation in what I hope is an efficient and productive working group,
and I'll start working with the other Tim to get all the infrastructure so we
can start getting to work.

-Tim

> -Original Message-
> From: Dimitris Zacharopoulos (HARICA) 
> Sent: Monday, April 22, 2024 12:27 PM
> To: CABforum1 
> Cc: Tim Hollebeek ; Tim Callan
> 
> Subject: CABG: Follow-up actions to the creation of the new Definitions and
> Glossary Working Group
>
>
> Dear Members,
>
> I have added the approved Charter of the Definitions and Glossary Working
> Group (DGWG) to the main GitHub Forum repository
> https://github.com/cabforum/forum/blob/main/DGWG-Charter.md.
>
> I welcome Tim Hollebeek (Chair) and Tim Callan (Vice-Chair) to coordinate 
> with
> the Infrastructure Subcommittee to create the necessary mailing lists, area 
> in
> the cabforum.org Public Website and possibly a separate area in the Member's
> Website (wiki.cabforum.org).
>
> According to the Bylaws and IPR Policy, each Member must declare its
> participation to the DGWG, preferably by replying to this email so the
> declaration can be registered on the Public Mailing List.
>
>
> Best regards,
>
> Dimitris Zacharopoulos
> CA/B Forum Chair


smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

[Smcwg-public] Draft SMCWG agenda - Wednesday, April 24 2024

[Stephen Davidson via Smcwg-public]

S/MIME Certificate Working Group


Draft SMCWG agenda - Wednesday, April 24 2024 at 11:00 am Eastern Time



Here is a draft agenda for the teleconference described in the subject of this 
message. Please review and propose changes if necessary.



1.Roll Call

2.Note well:  Antitrust / Compliance Statement

3.Review Agenda

4.Approval of past minutes

*   April 10



5.Discussion as time permits:

*   Ballot SMC06 passed and is in IPR until May 11 
https://lists.cabforum.org/pipermail/smcwg-public/2024-April/000957.html
*   Clarify scope for S/MIME ICAs (Issue 243) 
https://github.com/cabforum/smime/issues/243
*   Relying on a certificate/digital signature applied by the Applicant 
(Issue 244) https://github.com/cabforum/smime/issues/244
*   Deprecation date for Legacy Generation profiles (Issue 193) 
https://github.com/cabforum/smime/issues/193



6.Any other business



7.Next meeting: Wednesday, May 8 2024 at 11:00 am Eastern Time.
The meeting for May 22 has been cancelled due to the F2F the following week.



Adjourn



___
Smcwg-public mailing list
Smcwg-public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/smcwg-public

[cabfpub] CABG: Follow-up actions to the creation of the new Definitions and Glossary Working Group

[Dimitris Zacharopoulos (HARICA) via Public]

Dear Members,

I have added the approved Charter of the Definitions and Glossary 
Working Group (DGWG) to the main GitHub Forum repository 
https://github.com/cabforum/forum/blob/main/DGWG-Charter.md.


I welcome Tim Hollebeek (Chair) and Tim Callan (Vice-Chair) to 
coordinate with the Infrastructure Subcommittee to create the necessary 
mailing lists, area in the cabforum.org Public Website and possibly a 
separate area in the Member's Website (wiki.cabforum.org).


According to the Bylaws and IPR Policy, each Member must declare its 
participation to the DGWG, preferably by replying to this email so the 
declaration can be registered on the Public Mailing List.



Best regards,

Dimitris Zacharopoulos
CA/B Forum Chair
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [Cscwg-public] [External Sender] Re: [Discussion Period Begins] CSC-24 (v2): Timestamping Private Key Protection

[Martijn Katerbarg via Cscwg-public]

All, 

Based on our discussion from last week, I’ve updated the proposed language. 

Please review the new commit, located at 
https://github.com/cabforum/code-signing/pull/34/commits/61d9426e9025d448a13eb56fa75b9651b2136548
 

 and let me know if there are any further concerns blocking this ballot from 
moving forward. 

From: Cscwg-public  on behalf of Martijn 
Katerbarg via Cscwg-public 
Date: Tuesday, 16 April 2024 at 12:06
To: Adriano Santoni , cscwg-public@cabforum.org 
, Christophe Bonjean 

Subject: Re: [Cscwg-public] [External Sender] Re: [Discussion Period Begins] 
CSC-24 (v2): Timestamping Private Key Protection 

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe. 


Hi Christophe, Adriano,

Thank you for the comments. 

I kind of think this may be a slight mismatch between what’s listed as the 
purpose of the ballot, vs the language included in the redline. However, I’m 
not sure I agree with your solution:

> I would recommend to scope this change to Private Keys generated after the 
> effective date, instead of linking it to the issuing date of the Subordinate 
> CA Certificate for those keys. 

> For example if a CA issues a new Subordinate CA Certificate after this date, 
> with an existing Private Key, then the related Private Key would need to be 
> moved to an offline state. I think the intention is only for new keys to 
> follow this requirement. 

Am I understanding correctly that you’re proposing that if CAs issue a new 
SubCA after the effective date using a key already in existance, you want them 
to keep using that CA in an online state? 

If so, that kindof defeats the purpose of this ballot. CA’s may have loads of 
parked private keys in their online HSMs, meaning if we scope it to when a key 
was generated, they could keep issuing new SubCAs for timestamping for many 
years to come in an online state. 

Instead, I think we could restate the purpose of the ballot to make it a bit 
more clear if we feel that may help, as:
1. Require Private Keys associated with newly issued Timestamp Authority 
Subordinate CA to be stored in offline HSMs 
2. Add a requirement to remove Private Keys associated with Timestamp 
Certificates after a 18 months 
3. Add a requirement to reject SHA-1 timestamp requests 


Thoughts?

(If so, I wonder, since the redline doesn’t change, only the ballot 
description, does it need a new ballot version?)

Regards,

Martijn 

From: Cscwg-public  on behalf of Adriano 
Santoni via Cscwg-public 
Date: Tuesday, 16 April 2024 at 08:35
To: cscwg-public@cabforum.org 
Subject: Re: [Cscwg-public] [External Sender] Re: [Discussion Period Begins] 
CSC-24 (v2): Timestamping Private Key Protection 

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe. 


I concur with Christophe. 
Adriano 

Il 12/04/2024 16:30, Christophe Bonjean via Cscwg-public ha scritto: 

Hi Martijn, 

Looking at the purpose of the ballot, the goal is to require newly issued [..] 
Private Keys to be stored in offline HSMs. 

The proposed change scopes this change to [keys related to] Root CA 
certificates and new Subordinate CA certificates 

I would recommend to scope this change to Private Keys generated after the 
effective date, instead of linking it to the issuing date of the Subordinate CA 
Certificate for those keys. 

For example if a CA issues a new Subordinate CA Certificate after this date, 
with an existing Private Key, then the related Private Key would need to be 
moved to an offline state. I think the intention is only for new keys to follow 
this requirement. 

Christophe 


From: Cscwg-public  
 On Behalf Of Martijn Katerbarg via 
Cscwg-public
Sent: Monday, April 8, 2024 9:32 AM
To: cscwg-public@cabforum.org 
Subject: [Cscwg-public] [Discussion Period Begins] CSC-24 (v2): Timestamping 
Private Key Protection 



Purpose of the Ballot 
This ballot updates the “Baseline Requirements for the Issuance and Management 
of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify 
language regarding Timestamp Authority Private Key Protection. The main goals 
of this ballot are to: 

1. Require newly issued Timestamp Authority Subordinate CA Private Keys to be 
stored in offline HSMs 
2. Add a requirement to remove Private Keys associated with Timestamp 
Certificates after a 18 months 
3. Add a requirement to reject SHA-1 timestamp requests 
The following motion has been proposed by Martijn Katerbarg of Sectigo and 
endorsed by Bruce Morton of Entrust and Ian McMillan of Microsoft. 
MOTION BEGINS 
This ballot updates the “Baseline Requirements for the Issuance and Management