Ballot CSC-18: Update Revocation Requirements
Results of Review Period
(Mailing list post is available here.)
The IPR review period ended on June 29, 2023 and no exclusion notices were filed.
The final documents, with the effective date being 2023-06-29, are available here.
This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.
Ballot for Review: Ballot CSCWG 18 (v2)
Start of Review Period: May 24, 2023 at 11:00am Eastern Time
End of Review Period: June 23, 2023 at 11:00am Eastern Time
Please forward a written notice to exclude Essential Claims to the Forum and Working Group Chair by email to dean.coclin@digicert.com and a copy to the CA/B Forum CSCWG public mailing list cscwg-public@cabforum.org before the end of the Review Period. See current version of CA/Browser Forum Intellectual Property Rights Policy for details.
Results of Voting
| Yes | No | Abstain | |
|---|---|---|---|
| Certificate Issuers | DigiCert, Entrust, GlobalSign, HARICA, Sectigo | ||
| Certificate Consumers | Microsoft |
This ballot has PASSED.
Purpose of the Ballot
This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.2, Section 4.9.1 – “Circumstances for revocation” in order to align it with the TLS and S/MIME BRs and set stricter requirements for revocation due to Private Key Compromise and use in Suspect Code. The following motion has been proposed by Martijn Katerbarg of Sectigo and endorsed by Ian McMillan of Microsoft and Bruce Morton of Entrust.
Motion
This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” (“Code Signing Baseline Requirements”) based on version 3.2. MODIFY the Code Signing Baseline Requirements as specified in the following redline: here