Hello,
At the Bergamo F2F code signing discussion, I proposed an effort to go
through the EV requirements, and determine which of the requirements are
useful for code signing in the modern world.
As the next step, it was proposed that a group of CAs would get together, go
through the
DigiCert votes YES on CSC-024.
-Tim
From: Cscwg-public On Behalf Of Martijn
Katerbarg via Cscwg-public
Sent: Monday, May 20, 2024 5:05 AM
To: cscwg-public@cabforum.org
Subject: [Cscwg-public] [Voting Period Begins] CSC-24 (v3): Timestamping
Private Key Protection
Purpose of the
DigiCert votes YES on CSC-23.
-Tim
From: Cscwg-public On Behalf Of Dimitris
Zacharopoulos (HARICA) via Cscwg-public
Sent: Tuesday, March 19, 2024 3:29 PM
To: cscwg-public@cabforum.org
Subject: [Cscwg-public] Voting Begins Ballot CSC-23: Marking the EV Code
Signing Guidelines SUPERCEDED
I personally could go either way with this, it’s up to the chairs what they
want to do.
1. It’s clear that Bruce had endorsers, the email just had an error and
failed to disclose them properly. The Bylaws state that a ballot requires two
endorsers to proceed, but DOES NOT have a
DigiCert votes YES on CSC-22.
-Tim
From: Cscwg-public On Behalf Of Bruce
Morton via Cscwg-public
Sent: Friday, January 5, 2024 2:02 PM
To: cscwg-public@cabforum.org
Subject: [Cscwg-public] Voting Period begins - Ballot CSC-22: High Risk
Requirements Update
Purpose of the Ballot
DigiCert votes YES on CSC-021.
-Tim
From: Cscwg-public On Behalf Of Bruce
Morton via Cscwg-public
Sent: Friday, January 5, 2024 2:02 PM
To: cscwg-public@cabforum.org
Subject: [Cscwg-public] Voting Period begins - Ballot CSC-21v2: Signing Service
Update
Purpose of the Ballot
This
I like Corey’s solution too.
-Tim
From: Martijn Katerbarg
Sent: Wednesday, November 29, 2023 10:35 AM
To: Corey Bonnell ; Bruce Morton
; cscwg-public@cabforum.org; Tim Hollebeek
Subject: Re: Ballot CSC-??: High Risk Requirements Update
I’m good, thanks Corey. Comment closed
Yes, I like Bruce’s rewrite better.
Using MAY to describe exceptions to MUST is common in some standards (including
the BRs in places), but strictly speaking it’s a violation of RFC 2119 and we
should (MUST? ) fix them when we find them. “MUST do X and MAY do Y instead”
is just wrong.
Yes.
-Tim
From: Bruce Morton
Sent: Wednesday, November 22, 2023 8:34 AM
To: Martijn Katerbarg ;
cscwg-public@cabforum.org; Tim Hollebeek
Subject: RE: Ballot CSC-??: High Risk Requirements Update
Hi Martijn,
For clarification, for the following two paragraphs which have been
+1, will endorse.
-Tim
From: Cscwg-public On Behalf Of Bruce
Morton via Cscwg-public
Sent: Tuesday, November 21, 2023 2:25 PM
To: cscwg-public@cabforum.org
Subject: [Cscwg-public] Ballot CSC-??: High Risk Requirements Update
Here is a draft of the High Risk Requirements update ballot.
I think these are good clarifications. I think it’s important to make sure the
definition of Signing Service accurately encompasses the cases where a
Subscriber is relying on the CA to provide key generation and protection, but
doesn’t accidentally pull anything inappropriate else into scope.
DigiCert votes YES on CSC-20.
-Tim
From: Cscwg-public On Behalf Of Corey
Bonnell via Cscwg-public
Sent: Thursday, October 12, 2023 10:44 AM
To: cscwg-public@cabforum.org
Subject: [Cscwg-public] Voting period begins: CSC-20: Restore Version
Reference to EV Guidelines
Purpose of the
That’s what we’ve been doing with the server cert charter (discuss on the
server list, with intent to vote on forum list), so there’s precedent. I think
that’s what we’ve always done before, too.
-Tim
From: Dimitris Zacharopoulos (HARICA)
Sent: Wednesday, September 13, 2023 5:38 AM
This is just wrong, and Martijn was trying to say the opposite thing anyway:
we should update the charter to explicitly state that timestamping is in
scope. And I agree.
The reason it can't be true that timestamping is out of scope is because the
current timestamping BRs have over 75+
I agree with Bruce, and I think we might also want to synchronize the effective
dates. Many customers have a variety of kinds of certificates included in the
same contract, and having two different sets of terminology for the same legal
document involved in the same contract would be really
DigiCert votes YES on CSC-19.
-Tim
From: Cscwg-public On Behalf Of Dimitris
Zacharopoulos (HARICA) via Cscwg-public
Sent: Monday, July 24, 2023 2:02 AM
To: cscwg-public@cabforum.org
Subject: [Cscwg-public] Voting Begins for Ballot CSC-19 - Remove TLS BR
References
This message begins the
16 matches
Mail list logo