[Cscwg-public] EV requirements simplification effort

Hello, At the Bergamo F2F code signing discussion, I proposed an effort to go through the EV requirements, and determine which of the requirements are useful for code signing in the modern world. As the next step, it was proposed that a group of CAs would get together, go through the

Re: [Cscwg-public] [Voting Period Begins] CSC-24 (v3): Timestamping Private Key Protection

DigiCert votes YES on CSC-024. -Tim From: Cscwg-public On Behalf Of Martijn Katerbarg via Cscwg-public Sent: Monday, May 20, 2024 5:05 AM To: cscwg-public@cabforum.org Subject: [Cscwg-public] [Voting Period Begins] CSC-24 (v3): Timestamping Private Key Protection Purpose of the

Re: [Cscwg-public] Voting Begins Ballot CSC-23: Marking the EV Code Signing Guidelines SUPERCEDED

DigiCert votes YES on CSC-23. -Tim From: Cscwg-public On Behalf Of Dimitris Zacharopoulos (HARICA) via Cscwg-public Sent: Tuesday, March 19, 2024 3:29 PM To: cscwg-public@cabforum.org Subject: [Cscwg-public] Voting Begins Ballot CSC-23: Marking the EV Code Signing Guidelines SUPERCEDED

Re: [Cscwg-public] [EXTERNAL] Re: FW: Ballot CSC-22: High Risk Requirements Update

I personally could go either way with this, it’s up to the chairs what they want to do. 1. It’s clear that Bruce had endorsers, the email just had an error and failed to disclose them properly. The Bylaws state that a ballot requires two endorsers to proceed, but DOES NOT have a

Re: [Cscwg-public] Voting Period begins - Ballot CSC-22: High Risk Requirements Update

DigiCert votes YES on CSC-22. -Tim From: Cscwg-public On Behalf Of Bruce Morton via Cscwg-public Sent: Friday, January 5, 2024 2:02 PM To: cscwg-public@cabforum.org Subject: [Cscwg-public] Voting Period begins - Ballot CSC-22: High Risk Requirements Update Purpose of the Ballot

Re: [Cscwg-public] Voting Period begins - Ballot CSC-21v2: Signing Service Update

DigiCert votes YES on CSC-021. -Tim From: Cscwg-public On Behalf Of Bruce Morton via Cscwg-public Sent: Friday, January 5, 2024 2:02 PM To: cscwg-public@cabforum.org Subject: [Cscwg-public] Voting Period begins - Ballot CSC-21v2: Signing Service Update Purpose of the Ballot This

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

I like Corey’s solution too. -Tim From: Martijn Katerbarg Sent: Wednesday, November 29, 2023 10:35 AM To: Corey Bonnell ; Bruce Morton ; cscwg-public@cabforum.org; Tim Hollebeek Subject: Re: Ballot CSC-??: High Risk Requirements Update I’m good, thanks Corey. Comment closed

Re: [Cscwg-public] MUST overridden by a MAY - Subordinate CA policies

Yes, I like Bruce’s rewrite better. Using MAY to describe exceptions to MUST is common in some standards (including the BRs in places), but strictly speaking it’s a violation of RFC 2119 and we should (MUST? ) fix them when we find them. “MUST do X and MAY do Y instead” is just wrong.

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

Yes. -Tim From: Bruce Morton Sent: Wednesday, November 22, 2023 8:34 AM To: Martijn Katerbarg ; cscwg-public@cabforum.org; Tim Hollebeek Subject: RE: Ballot CSC-??: High Risk Requirements Update Hi Martijn, For clarification, for the following two paragraphs which have been

Re: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update

+1, will endorse. -Tim From: Cscwg-public On Behalf Of Bruce Morton via Cscwg-public Sent: Tuesday, November 21, 2023 2:25 PM To: cscwg-public@cabforum.org Subject: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update Here is a draft of the High Risk Requirements update ballot.

Re: [Cscwg-public] Ballot CSC-21: Signing Service Update

I think these are good clarifications. I think it’s important to make sure the definition of Signing Service accurately encompasses the cases where a Subscriber is relying on the CA to provide key generation and protection, but doesn’t accidentally pull anything inappropriate else into scope.

Re: [Cscwg-public] Voting period begins: CSC-20: Restore Version Reference to EV Guidelines

DigiCert votes YES on CSC-20. -Tim From: Cscwg-public On Behalf Of Corey Bonnell via Cscwg-public Sent: Thursday, October 12, 2023 10:44 AM To: cscwg-public@cabforum.org Subject: [Cscwg-public] Voting period begins: CSC-20: Restore Version Reference to EV Guidelines Purpose of the

Re: [Cscwg-public] Proposed Signing Service, High Risk and Timestamp Changes

That’s what we’ve been doing with the server cert charter (discuss on the server list, with intent to vote on forum list), so there’s precedent. I think that’s what we’ve always done before, too. -Tim From: Dimitris Zacharopoulos (HARICA) Sent: Wednesday, September 13, 2023 5:38 AM

Re: [Cscwg-public] Proposed Signing Service, High Risk and Timestamp Changes

This is just wrong, and Martijn was trying to say the opposite thing anyway: we should update the charter to explicitly state that timestamping is in scope. And I agree. The reason it can't be true that timestamping is out of scope is because the current timestamping BRs have over 75+

Re: [Cscwg-public] [EXTERNAL] [Servercert-wg] SC-XXX: Modify Subscriber Agreement and Terms of Use

I agree with Bruce, and I think we might also want to synchronize the effective dates. Many customers have a variety of kinds of certificates included in the same contract, and having two different sets of terminology for the same legal document involved in the same contract would be really

Re: [Cscwg-public] Voting Begins for Ballot CSC-19 - Remove TLS BR References

DigiCert votes YES on CSC-19. -Tim From: Cscwg-public On Behalf Of Dimitris Zacharopoulos (HARICA) via Cscwg-public Sent: Monday, July 24, 2023 2:02 AM To: cscwg-public@cabforum.org Subject: [Cscwg-public] Voting Begins for Ballot CSC-19 - Remove TLS BR References This message begins the