Ballot CSC 26: Timestamping Private Key Protection Ballot
The Intellectual Property Review (IPR) period for Ballot CSC26: Timestamping Private Key Protection Ballot has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of Aug 1, 2024. The new Code Signing BRs will be published to the CABF public website in accordance with the Bylaws. Dean Coclin CSCWG Chair From: Cscwg-public <[email protected]> On Behalf Of Dean Coclin via Cscwg-public Sent: Monday, July 1, 2024 9:55 AM To: [email protected] Subject: [Cscwg-public] Notice of IPR Review Period: CSC-26 Timestamping Private Key Protection Ballot NOTICE OF IPR REVIEW PERIOD This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email, both in red-line and changes-accepted draft format, in PDF version. Summary of Review Ballot for Review: See below email Start of Review Period: July 1st, 2024 at 3:00 PM UTC End of Review Period: August 1, 2024 at 3:00 PM UTC Members with any Essential Claim(s) to exclude must forward a written Notice to Exclude Essential Claims to the Working Group Chair (email to Dean Coclin < <mailto:[email protected]> [email protected]>) and also submit a copy to the CA/B Forum CSCWG public mailing list (email to public at cabforum.org <[email protected] <mailto:[email protected]> >) before the end of the Review Period. For details, please see the current version of the <https://url.avanan.click/v2/___https:/cabforum.org/wp-content/uploads/CABF-IPR-Policy-v.1.3_4APR18.pdf___.YXAzOmRpZ2ljZXJ0OmE6bzo4OWUxMTQ0MzAxY2U1NDNiNWVlN2NmYTgxNmYwN2YzMjo2OmM0YTk6OWVlMTdiOWZlYmI3ZWZkZWU0ZDljOWFhZTljYTY5ZGRhN2I1MzhkZmRjYjJiMGY3MDYyMjA1MTVlN2IyNzhjZTpoOkY6Tg> CA/Browser Forum Intellectual Property Rights Policy. (An optional template for submitting an Exclusion Notice is available at <https://url.avanan.click/v2/___https:/cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf___.YXAzOmRpZ2ljZXJ0OmE6bzo4OWUxMTQ0MzAxY2U1NDNiNWVlN2NmYTgxNmYwN2YzMjo2OmY1NmY6MjdiODVlNDQ1MThmNWIwNjE0ZmVmYTA1ZDEyMmE1YzU4OWQxZWE2Yzk1MmMyY2FjZGVmOTZmYjVkMTBjZTliODpoOkY6Tg> https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf) Dean Coclin CSCWG Chair From: Cscwg-public <[email protected] <mailto:[email protected]> > On Behalf Of Dean Coclin via Cscwg-public Sent: Friday, June 28, 2024 4:16 PM To: [email protected] <mailto:[email protected]> Subject: [Cscwg-public] CSC-26 Timestamping Private Key Protection Ballot results Voting on CSC-26 Timestamping Private Key Protection has closed and the ballot has passed. Results are below: Certificate Issuers In Favor: Certum, DigiCert, eMudhra, Entrust, GlobalSign, IdenTrust, Sectigo, SSL.com Opposed: none Abstain: none Certificate Consumers: In Favor: Microsoft Opposed: none Abstain: none Quorum was met at 5, therefore the ballot passes. Dean Coclin CSCWG Chair From: Cscwg-public < <mailto:[email protected]> [email protected]> On Behalf Of Martijn Katerbarg via Cscwg-public Sent: Thursday, June 20, 2024 12:31 PM To: <mailto:[email protected]> [email protected] Subject: [Cscwg-public] [Voting Period Begins] CSC-26 Timestamping Private Key Protection Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to: 1. Require Timestamp Authority Subordinate CA Private Keys to be stored in offline HSMs 2. Add a requirement to remove Private Keys associated with Timestamp Certificates after a 18 months 3. Add a requirement to reject SHA-1 timestamp requests The following motion has been proposed by Martijn Katerbarg of Sectigo and endorsed by Bruce Morton of Entrust and Ian McMillan of Microsoft. MOTION BEGINS This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” ("Code Signing Baseline Requirements") based on version 3.7. MODIFY the Code Signing Baseline Requirements as specified in the following redline: <https://url.avanan.click/v2/___https:/github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...12130ff7c2b41d795d47925c084780ea0f7328cd___.YXAzOmRpZ2ljZXJ0OmE6bzo4NDVjMzVmMjQ0MzI5OGUyZmQ0NzljYjNkZGQ5NmE0Mjo2OmUwMmQ6MDI2ZTdmZmQ4OWQxMDgzZDcxMzA4YjE3NDUyNjk3MzQ0ZDgwM2U1YTdkMWVjZjRkZmFjZTRjNzA1NTUwMTRmOTpoOkY> https://github.com/cabforum/code-signing/compare/d431d9104094f2b89f35ed4bf1d64b9a844e762b...12130ff7c2b41d795d47925c084780ea0f7328cd MOTION ENDS The procedure for this ballot is as follows: Discussion (7 days) * Start Time: 2024-06-13 16:30 UTC * End Time: 2024-06-20 16:30 UTC Vote for approval (7 days) * Start Time: 2024-06-20 16:30 UTC * End Time: 2024-06-27 16:30 UTC
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cscwg-public mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/cscwg-public
