Just a few thoughts to move this conversation forward, and speaking as a CSCWG interested party and not to advocate any position of Mozilla, I think the answer depends on how strict or flexible the CABF wants to be as an organization when it comes to interpreting the scope of a working group charter.
It seems that the mention of time stamping in a code signing work product would be allowed even under a strict interpretation. While creating standards for issuing and managing time stamping certificates would certainly be out of scope with a flexible interpretation. The Scope in the Charter does not expressly include or exclude the assignment of a time stamping OID for time stamping certificates. https://cabforum.org/2019/03/26/code-signing-certificate-wg-charter/#1-Scope Included in the scope is "Version 1.0 Draft of November 19, 2015, Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates (subject to the CSCWG making a written finding that the provenance of such document is sufficiently covered by the Forum’s IPR Policy)." Time stamping was discussed in that draft, and I recall that the CSCWG did make the required written finding of provenance. Is the assignment of a timestamping OID a logical outcome of the continued work on that earlier document? Ben On Mon, Apr 19, 2021 at 2:31 PM Dean Coclin via Public <public@cabforum.org> wrote: > A discussion on last week’s CA/B call about code signing and time stamping > brought up a question as to whether the latter was in scope of the CSCWG > charter ( > https://cabforum.org/2019/03/26/code-signing-certificate-wg-charter/). > > > > Bruce said there was no CP OID for time stamping and that the group wanted > to create one IAW with the CA/B Forum registry. Ryan was concerned that > this was outside the CSCWG charter as it was not specifically mentioned > therein. Dimitris commented that it was included in charter scope 1a which > pulls in the EV CS guidelines where time stamping is specified. Ryan did > not seem convinced and asked that the discussion continue on the list. > > > > The working group has not had a chance to discuss this since the Forum > meeting but plans to do so on the next call. > > > > I’ve included the CS Public list on this thread since the topic is of > interest to members/observers there. If a respondent does not have posting > rights, I can re-post for them. > > > > Dean > > > > > _______________________________________________ > Public mailing list > Public@cabforum.org > https://lists.cabforum.org/mailman/listinfo/public >
_______________________________________________ Public mailing list Public@cabforum.org https://lists.cabforum.org/mailman/listinfo/public