Re: [Cscwg-public] [Voting Period Begins] CSC-24 (v3): Timestamping Private Key Protection

Friendly reminder that the voting period will end Monday morning. From: Cscwg-public on behalf of Martijn Katerbarg via Cscwg-public Date: Monday, 20 May 2024 at 11:05 To: cscwg-public@cabforum.org Subject: [Cscwg-public] [Voting Period Begins] CSC-24 (v3): Timestamping Private Key

[Cscwg-public] [Voting Period Begins] CSC-24 (v3): Timestamping Private Key Protection

Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to: 1. Require

[Cscwg-public] [Discussion Period Begins] CSC-24 (v3): Timestamping Private Key Protection

Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to: 1. Require

Re: [Cscwg-public] [External Sender] Re: [Discussion Period Begins] CSC-24 (v2): Timestamping Private Key Protection

its/61d9426e9025d448a13eb56fa75b9651b2136548> and let me know if there are any further concerns blocking this ballot from moving forward. From: Cscwg-public on behalf of Martijn Katerbarg via Cscwg-public Date: Tuesday, 16 April 2024 at 12:06 To: Adriano Santoni , cscwg-public@cabforum.org , Chri

Re: [Cscwg-public] [External Sender] Re: [Discussion Period Begins] CSC-24 (v2): Timestamping Private Key Protection

Christophe From: Cscwg-public <mailto:cscwg-public-boun...@cabforum.org> On Behalf Of Martijn Katerbarg via Cscwg-public Sent: Monday, April 8, 2024 9:32 AM To: cscwg-public@cabforum.org <mailto:cscwg-public@cabforum.org> Subject: [Cscwg-public] [Discussion Period Begins] CSC-2

Re: [Cscwg-public] [External Sender] [Discussion Period Begins] CSC-24 (v2): Timestamping Private Key Protection

, Martijn Katerbarg via Cscwg-public ha scritto: Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main

[Cscwg-public] [Discussion Period Begins] CSC-24 (v2): Timestamping Private Key Protection

Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to: 1. Require

Re: [Cscwg-public] Timestamp Certificate and SubCA updates

for certificate issuance/fulfillment have higher volumes and latency requirements that offline CAs just cannot effectively meet. Thanks, Ian From: Cscwg-public On Behalf Of Martijn Katerbarg via Cscwg-public Sent: Thursday, April 4, 2024 6:07 AM To: Mohit Kumar ; cscwg-public@cabforum.org Subject

Re: [Cscwg-public] Timestamp Certificate and SubCA updates

maintained in a High Security Zone and in an offline state or air-gapped from all other networks.’ Thanks Mohit From: Cscwg-public On Behalf Of Martijn Katerbarg via Cscwg-public Sent: Tuesday, March 19, 2024 5:04 AM To: cscwg-public@cabforum.org; Dimitris Zacharopoulos (HARICA) Subje

[Cscwg-public] [Discussion Period Begins] CSC-24: Timestamping Private Key Protection

Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to: 1. Require

Re: [Cscwg-public] Timestamp Certificate and SubCA updates

f not I will start the official discussion period in the next few days. Regards, Martijn From: Cscwg-public on behalf of Martijn Katerbarg via Cscwg-public Date: Monday, 11 March 2024 at 09:51 To: Dimitris Zacharopoulos (HARICA) , cscwg-public@cabforum.org Subject: Re: [Cscwg-public] Timestamp Cer

Re: [Cscwg-public] Timestamp Certificate and SubCA updates

hem in an HSM, you must not use them to sign anything. If a CA/TSA can also "destroy" the key, meaning that all copies of that private key can be unequivocally/securely deleted (i.e. without a way to recover the key), including any instance of the key as part of a backup, the better!

Re: [Cscwg-public] Timestamp Certificate and SubCA updates

p the keys in backups but if you happen to restore them in an HSM, you must not use them to sign anything. If a CA/TSA can also "destroy" the key, meaning that all copies of that private key can be unequivocally/securely deleted (i.e. without a way to recover the key), including any instan

[Cscwg-public] Timestamp Certificate and SubCA updates

All, As discussed last week, I’d send out the draft language for this ballot once more before starting the discussion period. The latest version can be found in https://github.com/cabforum/code-signing/pull/34 I’ve made changes this

Re: [Cscwg-public] Marking the EV Code Signing Guidelines OBSOLETE

So will I. > Other ideas are welcome. How about September 2, 2020, which marks the release of CSBR v2.0, and incorporated EV Code Signing into the document. While we’re at it, could this ballot also get rid of this (https://github.com/cabforum/code-signing/blob/main/docs/br-csc-v1-2.md

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

oving the clause entirely. However, if the group agrees that it should be retained, then I think at the very least the language needs to be modified to no longer imply that there are (non-existent) requirements in the current section. Thanks, Corey

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

f the group agrees that it should be retained, then I think at the very least the language needs to be modified to no longer imply that there are (non-existent) requirements in the current section. Thanks, Corey ____________ From: Cscwg-public mailto:cscwg-public-boun...@cabfor

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

e (non-existent) requirements in the current section. Thanks, Corey From: Cscwg-public on behalf of Martijn Katerbarg via Cscwg-public Sent: Wednesday, November 22, 2023 9:22 AM To: Bruce Morton ; cscwg-public@cabforum.org ; Tim Hollebeek Subje

Re: [Cscwg-public] MUST overridden by a MAY - Subordinate CA policies

the whole section. Also, we might also consider deleting “to indicate the Subordinate CA’s compliance with these Requirements”. Thanks, Bruce. From: Cscwg-public On Behalf Of Martijn Katerbarg via Cscwg-public Sent: Wednesday, November 22, 2023 11:07 AM To: cscwg-public@cabforum.org Subject

[Cscwg-public] MUST overridden by a MAY - Subordinate CA policies

All, CSBR section 7.1.6.3 states: ”A Certificate issued to a Subordinate CA that issues Code Signing Certificates and is an Affiliate of the Issuing CA: 1. MUST include the CA/Browser Forum reserved identifier specified in Section 7.1.6.1

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

Hi Bruce, Going for the full clarification: The PR show that: ”Prior to issuing a Code Signing Certificate, each CA SHOULD check at least one database containing information about known or suspected producers, publishers, or distributors of Suspect Code, as identified or indicated by an

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

Bruce, I’ve added a single comment on the PR, as I think we’ve removed one paragraph too much. Other than that, I’m also happy to endorse. Regards, Martijn From: Cscwg-public on behalf of Bruce Morton via Cscwg-public Date: Tuesday, 21 November 2023 at 20:25 To: cscwg-public@cabforum.org

Re: [Cscwg-public] Code Signing WG Charter update

N: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Martijn, On 20/9/2023 11:45 π.μ., Martijn Katerbarg via Cscwg-public wrote: I’m starting a new thread for this as was previously disc

Re: [Cscwg-public] Ballot CSC-21: Signing Service Update

e Private Key so happens to reside in a Signing Service that they run. I think this is fine but want to ensure there’s agreement on this interpretation. Thoughts? Thanks, Corey From: Cscwg-public mailto:cscwg-public-boun...@cabforum.org>> On Behalf Of Martijn Katerbarg via Cscwg-pub

Re: [Cscwg-public] Code Signing WG Charter update

of Martijn Katerbarg via Cscwg-public Date: Wednesday, 20 September 2023 at 10:45 To: cscwg-public@cabforum.org Subject: [Cscwg-public] Code Signing WG Charter update CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize

Re: [Cscwg-public] Ballot CSC-21: Signing Service Update

Hi Bruce, I have a concern with the “Signing Service” definition: “**Signing Service**: An organization that generates the Key Pair and securely manages the Private Key associated with a Subscriber's Code Signing Certificate.” For subscribers that generate their own private keys and use

[Cscwg-public] Code Signing WG Charter update

I’m starting a new thread for this as was previously discussed. Prior to starting discussions at the Forum level, please review my suggested updates to the CSCWG charter in https://github.com/cabforum/forum/pull/40 This aims to: * Bump the

Re: [Cscwg-public] Proposed Signing Service, High Risk and Timestamp Changes

ond Code Signing would require a change to the charter. Thanks for the point Martijn. Dean Dean Coclin Sr. Director Business Development M 1.781.789.8686 From: Cscwg-public mailto:cscwg-public-boun...@cabforum.org>> On Behalf Of Martijn Katerbarg via Cscwg-public Sent:

Re: [Cscwg-public] Proposed Signing Service, High Risk and Timestamp Changes

Hey Bruce, I’m inclined to say that even the removal of TSC Private Keys, is a new requirement. If we’re not explicitly saying that existing keys up until this point are excluded, then CA’s may need to remove a fair number of keys. If so, we may need to allow for a bit more time. That also

Re: [Cscwg-public] Proposed Signing Service, High Risk and Timestamp Changes

As discussed on the last call, I’ve moved the language into GitHub, which can be reviewed at https://github.com/cabforum/code-signing/compare/main...XolphinMartijn:code-signing:TSA_Changes?expand=1 In this, I’ve also added text on logging key removal and how to handle key recovery scenarios

Re: [Cscwg-public] Proposed Signing Service, High Risk and Timestamp Changes

Thanks Bruce, I’m going through the TSA changes, and one thing caught my eye: Section 6.2.7.2 now reads: A Timestamp Authority MUST protect its Private Key in offline Hardware Crypto Module conforming to FIPS 140-2 level 3, Common Criteria EAL 4+ (ALC_FLR.2), or higher. The Timestamp