Certum votes YES on Ballot CSC-26
Kind regards, Kateryna Aleksieieva De: Cscwg-public <cscwg-public-boun...@cabforum.org> En nombre de Martijn Katerbarg via Cscwg-public Enviado el: jueves, 20 de junio de 2024 18:31 Para: cscwg-public@cabforum.org Asunto: [Cscwg-public] [Voting Period Begins] CSC-26 Timestamping Private Key Protection CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to: 1. Require Timestamp Authority Subordinate CA Private Keys to be stored in offline HSMs 2. Add a requirement to remove Private Keys associated with Timestamp Certificates after a 18 months 3. Add a requirement to reject SHA-1 timestamp requests The following motion has been proposed by Martijn Katerbarg of Sectigo and endorsed by Bruce Morton of Entrust and Ian McMillan of Microsoft. MOTION BEGINS This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” ("Code Signing Baseline Requirements") based on version 3.7. MODIFY the Code Signing Baseline Requirements as specified in the following redline: https://github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...12130ff7c2b41d795d47925c084780ea0f7328cd MOTION ENDS The procedure for this ballot is as follows: Discussion (7 days) * Start Time: 2024-06-13 16:30 UTC * End Time: 2024-06-20 16:30 UTC Vote for approval (7 days) * Start Time: 2024-06-20 16:30 UTC * End Time: 2024-06-27 16:30 UTC
_______________________________________________ Cscwg-public mailing list Cscwg-public@cabforum.org https://lists.cabforum.org/mailman/listinfo/cscwg-public