[Cscwg-public] [EXTERNAL] Update to the working draft

Bruce Morton Bruce.Morton at entrustdatacard.com
Wed Apr 8 13:21:53 MST 2020

Hi Dimitris,

Regarding definitions, I have only been adding those that are not defined in the BRs.

For 6.1.7, I updated based on your input.

For 17.1, we discussed in the half-day meeting to drop the audit requirements for government CAs. This was not captured in the minutes. This change can be open for review, but I don’t think that we have any government CAs currently meeting these requirements.

Thanks, Bruce.

From: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
Sent: Wednesday, April 8, 2020 3:11 PM
To: Bruce Morton <Bruce.Morton at entrustdatacard.com>; cscwg-public at cabforum.org
Subject: Re: [EXTERNAL][Cscwg-public] Update to the working draft

On 2020-04-08 9:03 μ.μ., Bruce Morton wrote:
Hi Dimitris,

I don’t think that we need to add the definitions of "Root CA" and "Root Certificate" as they are already defined in the Baseline Requirements.

Hi Bruce,

At the last meeting we agreed to try having the Code Signing documents as "independent" as possible, but I guess this needs to happen for other definitions as well. If this is a process for a later time, we can remove these definitions for now.

Regarding section 12, where did the “sign” text come from. I don’t see this in BR version 1.6.9?

Section 6.1.7 of the BRs.

Regarding section 17.1, I updated the WebTrust and the ETSI audit criteria, but did not include the government criteria as we agreed to drop this option.

I can't recall this but I could be wrong. Is it captured in any previous meeting minutes? This is also in the CSCWG charter as an eligible scheme for participation (https://cabforum.org/2019/03/26/code-signing-certificate-wg-charter/).

I don't have a strong opinion but I'd like to know the rationale for such a decision. If it's part of previous minutes or discussion on the mailing list, it would help.

Best regards,

Thanks, Bruce.

From: Cscwg-public <cscwg-public-bounces at cabforum.org><mailto:cscwg-public-bounces at cabforum.org> On Behalf Of Dimitris Zacharopoulos (HARICA) via Cscwg-public
Sent: Saturday, March 28, 2020 2:23 PM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [EXTERNAL][Cscwg-public] Update to the working draft

WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
As agreed, I have done the following updates to the latest draft circulated by Bruce:

  1.  Added the definitions of "Root CA" and "Root Certificate"
  2.  Updated section 12 for what a Root Key is allowed to sign
  3.  Updated section 17.1 with the currently available audit schemes.

Let me know if you have any questions or comments related to those changes.

Thank you,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20200408/6c95dfbc/attachment-0001.html>

More information about the Cscwg-public mailing list