Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.4 in order to clarify language regarding Signing Service and signing requests. The main goals of this ballot are to:
1. Clarify the Signing Service definition and the expected deployment
model.
2. Remove requirements for signing request.
3. Change text so Signing Service is not categorized as a Delegated
Third Party.
4. Not allow Signing Service to transport Private Key to Subscriber.
5. Ensure Network Security Requirements are applicable to Signing
Service.
6. State audit requirements for Signing Service.
The following motion has been proposed by Bruce Morton of Entrust and
endorsed by Tim Hollebeek of DigiCert and Ian McMillan.
MOTION BEGINS
This ballot updates the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates” ("Code Signing
Baseline Requirements") based on version 3.4. MODIFY the Code Signing
Baseline Requirements as specified in the following redline: https://github.
com/cabforum/code-signing/compare/93ee9976cdc4e1104952146e3556800459694874..
701d195fa95fe49e8a02435fc40fb0a018686866 <https://urldefense.com/v3/__https:
/github.com/cabforum/code-signing/compare/93ee9976cdc4e1104952146e3556800459
694874..701d195fa95fe49e8a02435fc40fb0a018686866__;!!FJ-Y8qCqXTj2!ai_SiHTiSo
dTE_VWwZi8Z8QT_M2lCkP6nJYlFupqIB2vMo07Rcbx2E0bKw4GyZ1-pOj0h-PvD9Z5okpQ_IY$>
MOTION ENDS
The procedure for this ballot is as follows: Discussion (7 days)
* Start Time: 2023-10-12 20:00 UTC
* End Time: Not before 2023-10-19 20:00 UTC
Vote for approval (7 days)
* Start Time: TBD
* End Time: TBD
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cscwg-public mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/cscwg-public
