[cabfpub] Ballot 117 - EV Code Signing Guidelines Corrections

Jennifer Standiford JStandiford at web.com
Sun Mar 23 07:53:58 UTC 2014


Network Solutions supports Comodo's position and also votes "no". 

> On Mar 21, 2014, at 10:40 PM, "Rob Stradling" <rob.stradling at comodo.com> wrote:
> 
> Comodo votes "no".
> 
> Comodo strongly supports the concept of EV Code Signing, and would very 
> much like to see wider implementation and participation.  However, as 
> far as we are aware, EV Code Signing has been implemented by only a 
> single vendor with only two CA participants in that vendor's program. 
> Therefore, as Section 1.2 of the Bylaws of the CA/B Forum states that 
> the purpose of the Forum is to meet and discuss matters of common 
> interest, we do not believe the EV Code Signing Guidelines to be a 
> matter of common interest for the Forum at this time.  Specifically, 
> absent wider implementation and participation in the use of this 
> standard, additional work now by the CA/B Forum on this topic will be in 
> contravention of Section 1.2 of the Bylaws.
> 
> Moreover, Section 1.3 of the Bylaws of the CA/B Forum states that Forum 
> Members shall not use their participation in the Forum either to promote 
> their own products and offerings or to restrict or impede the products 
> and offerings of other Members.  Given the current level of 
> implementation and participation in EV Code Signing, Comodo currently 
> cannot vote in favour of Ballot 117, because agreements, understandings, 
> or protocols reached in the context of standard setting efforts may 
> violate antitrust laws if the effective result of such efforts is to 
> restrain competition.
> 
>> On 10/03/14 16:24, Ben Wilson wrote:
>> Ballot 117 - EV Code Signing Guidelines Corrections
>> 
>> Jeremy Rowley of DigiCert made the following motion, and Iñigo Barreira
>> of Izenpe and Rick Andrews of Symantec endorsed it.
>> 
>> There are two issues with the EV code signing guidelines that need
>> correction:
>> 
>> 1.  Section 9.2.2 of the EV code signing guidelines recommends that CAs
>> not include the SAN extension in an EV certificate.  However, section
>> 9.7 requires that an EV certificate include
>> subjectAltName:permanentIdentifier. Because the main concern is that a
>> CA might include a domain name in the SAN extension, we should specify
>> that this practice is not allowed and recognize that other information
>> may be present.
>> 
>> 2.  Because the EV Code Signing Guidelines were originally based on the
>> EV Guidelines for SSL, Section 9.2.3 of the EV code signing guidelines
>> deprecates the CN field.  However, the CABF Code Signing Working Group
>> received a report that this field is still required by code signing
>> applications. We should still include the CN in code signing
>> certificates for the Subscriber’s legal name, even though the field is
>> deprecated for use in SSL/TLS certificates.
>> 
>> ---Motion Begins---
>> 
>> Effective immediately:
>> 
>> a.            Replace section 9.2.2 with the following:
>> 
>> “9.2.2    Subject Alternative Name Extension
>> 
>> This field MUST be present and MUST contain the permanentIdentifier
>> specified in Section 9.7. This field MUST NOT contain a Domain Name or
>> IP Address.”
>> 
>> b.            Amend section 9.2.3 as follows:
>> 
>> “9.2.2    Subject Common Name Field
>> 
>> Certificate field: subject:commonName (OID 2.5.4.3)
>> 
>> Required/Optional: Required
>> 
>> Contents: This field MUST contain the Subject’s legal name as verified
>> under Section 11.2.“
>> 
>> ---Motion ends---
>> 
>> Motion Ends
>> 
>> The review period for this ballot shall commence at 2200 UTC on Monday,
>> 10 March 2014, and will close at 2200 UTC on Monday, 17 March 2014.
>> 
>> Unless the motion is withdrawn during the review period, the voting
>> period will start immediately thereafter and will close at 2200 UTC on
>> Monday, 24 March 2014.
>> 
>> Votes must be cast by posting an on-list reply to this thread.
>> 
>> A vote in favor of the motion must indicate a clear 'yes' in the response.
>> 
>> A vote against must indicate a clear 'no' in the response.
>> 
>> A vote to abstain must indicate a clear 'abstain' in the response.
>> Unclear responses will not be counted.
>> 
>> The latest vote received from any representative of a voting member
>> before the close of the voting period will be counted.
>> 
>> Voting members are listed here: https://cabforum.org/members/
>> 
>> In order for the motion to be adopted, two thirds or more of the votes
>> cast by members in the CA category and more than one half of the votes
>> cast by members in the browser category must be in favor.
>> 
>> Quorum is currently six (6) members– at least six members must
>> participate in the ballot, either by voting in favor, voting against, or
>> by abstaining for the vote to be valid.
> 
> -- 
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public



More information about the Public mailing list