CAB Forum Certificate Issuers, Certificate Consumers, and Interested Parties Working to Secure the Web
Notice of Review Period
(Mailing list post is available here.)
This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.
Ballot for Review: Ballot CSCWG 18 (v2)
Start of Review Period: May 24, 2023 at 11:00am Eastern Time
End of Review Period: June 23, 2023 at 11:00am Eastern Time
Please forward a written notice to exclude Essential Claims to the Forum and Working Group Chair by email to dean.coclin@digicert.com and a copy to the CA/B Forum CSCWG public mailing list cscwg-public@cabforum.org before the end of the Review Period. See current version of CA/Browser Forum Intellectual Property Rights Policy for details.
Results of Voting
| Yes | No | Abstain | |
| Certificate Issuers | DigiCert Entrust GlobalSign HARICA Sectigo | ||
| Certificate Consumers | Microsoft |
Purpose of the Ballot
This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.2, Section 4.9.1 – “Circumstances for revocation” in order to align it with the TLS and S/MIME BRs and set stricter requirements for revocation due to Private Key Compromise and use in Suspect Code. The following motion has been proposed by Martijn Katerbarg of Sectigo and endorsed by Ian McMillan of Microsoft and Bruce Morton of Entrust.
Motion
This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” (“Code Signing Baseline Requirements”) based on version 3.2. MODIFY the Code Signing Baseline Requirements as specified in the following redline: https://github.com/cabforum/code-signing/pull/17/files#diff-904962f0e52198f4a232d6ef6732d57ccb47433d4bba47b3472d681405360e31