[cabfpub] Ballot 117 - EV Code Signing Guidelines Corrections
Jennifer Standiford
JStandiford at web.com
Sun Mar 23 07:53:58 UTC 2014
Network Solutions supports Comodo's position and also votes "no".
> On Mar 21, 2014, at 10:40 PM, "Rob Stradling" <rob.stradling at comodo.com> wrote:
>
> Comodo votes "no".
>
> Comodo strongly supports the concept of EV Code Signing, and would very
> much like to see wider implementation and participation. However, as
> far as we are aware, EV Code Signing has been implemented by only a
> single vendor with only two CA participants in that vendor's program.
> Therefore, as Section 1.2 of the Bylaws of the CA/B Forum states that
> the purpose of the Forum is to meet and discuss matters of common
> interest, we do not believe the EV Code Signing Guidelines to be a
> matter of common interest for the Forum at this time. Specifically,
> absent wider implementation and participation in the use of this
> standard, additional work now by the CA/B Forum on this topic will be in
> contravention of Section 1.2 of the Bylaws.
>
> Moreover, Section 1.3 of the Bylaws of the CA/B Forum states that Forum
> Members shall not use their participation in the Forum either to promote
> their own products and offerings or to restrict or impede the products
> and offerings of other Members. Given the current level of
> implementation and participation in EV Code Signing, Comodo currently
> cannot vote in favour of Ballot 117, because agreements, understandings,
> or protocols reached in the context of standard setting efforts may
> violate antitrust laws if the effective result of such efforts is to
> restrain competition.
>
>> On 10/03/14 16:24, Ben Wilson wrote:
>> Ballot 117 - EV Code Signing Guidelines Corrections
>>
>> Jeremy Rowley of DigiCert made the following motion, and Iñigo Barreira
>> of Izenpe and Rick Andrews of Symantec endorsed it.
>>
>> There are two issues with the EV code signing guidelines that need
>> correction:
>>
>> 1. Section 9.2.2 of the EV code signing guidelines recommends that CAs
>> not include the SAN extension in an EV certificate. However, section
>> 9.7 requires that an EV certificate include
>> subjectAltName:permanentIdentifier. Because the main concern is that a
>> CA might include a domain name in the SAN extension, we should specify
>> that this practice is not allowed and recognize that other information
>> may be present.
>>
>> 2. Because the EV Code Signing Guidelines were originally based on the
>> EV Guidelines for SSL, Section 9.2.3 of the EV code signing guidelines
>> deprecates the CN field. However, the CABF Code Signing Working Group
>> received a report that this field is still required by code signing
>> applications. We should still include the CN in code signing
>> certificates for the Subscriber’s legal name, even though the field is
>> deprecated for use in SSL/TLS certificates.
>>
>> ---Motion Begins---
>>
>> Effective immediately:
>>
>> a. Replace section 9.2.2 with the following:
>>
>> “9.2.2 Subject Alternative Name Extension
>>
>> This field MUST be present and MUST contain the permanentIdentifier
>> specified in Section 9.7. This field MUST NOT contain a Domain Name or
>> IP Address.”
>>
>> b. Amend section 9.2.3 as follows:
>>
>> “9.2.2 Subject Common Name Field
>>
>> Certificate field: subject:commonName (OID 2.5.4.3)
>>
>> Required/Optional: Required
>>
>> Contents: This field MUST contain the Subject’s legal name as verified
>> under Section 11.2.“
>>
>> ---Motion ends---
>>
>> Motion Ends
>>
>> The review period for this ballot shall commence at 2200 UTC on Monday,
>> 10 March 2014, and will close at 2200 UTC on Monday, 17 March 2014.
>>
>> Unless the motion is withdrawn during the review period, the voting
>> period will start immediately thereafter and will close at 2200 UTC on
>> Monday, 24 March 2014.
>>
>> Votes must be cast by posting an on-list reply to this thread.
>>
>> A vote in favor of the motion must indicate a clear 'yes' in the response.
>>
>> A vote against must indicate a clear 'no' in the response.
>>
>> A vote to abstain must indicate a clear 'abstain' in the response.
>> Unclear responses will not be counted.
>>
>> The latest vote received from any representative of a voting member
>> before the close of the voting period will be counted.
>>
>> Voting members are listed here: https://cabforum.org/members/
>>
>> In order for the motion to be adopted, two thirds or more of the votes
>> cast by members in the CA category and more than one half of the votes
>> cast by members in the browser category must be in favor.
>>
>> Quorum is currently six (6) members– at least six members must
>> participate in the ballot, either by voting in favor, voting against, or
>> by abstaining for the vote to be valid.
>
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list