[cabfpub] Ballot 158: Adopt Code Signing Baseline Requirements

Enric Castillo enric.castillo at anf.es
Mon Dec 14 08:13:18 MST 2015


ANF AC votes yes.

ANF AC - Autoridad de certificación 	*Enric Castillo *
/Director Técnico /
ANF Autoridad de Certificación
[Teléfono] +34 626818285
[Dirección] Gran Via de Les Corts Catalanes 996, Barcelona
[Teléfono] +593 0 996483798 /(Celular)/
[Teléfono] +593 2 2550002
[Dirección] Av. 12 de Octubre N24-562 y Luis Cordero, Ed. World Trade 
Center, Torre A, Piso 11, Of. 1102, Quito
[Dirección de Skype] castillo.enric
[Dirección de correo electrónico] enric.castillo at anf.es
[Dirección Web] www.anf.es

	

*AVISO*
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial y/o datos de carácter personal, 
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y 
la Ley de Servicios de la Sociedad de la Información. Si usted no es el 
destinatario indicado (o el responsable de la entrega al mismo), no debe 
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha 
recibido este mensaje por error o lo ha conseguido por otros medios, le 
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda 
a su eliminación irreversible. Las opiniones, conclusiones y demás 
informaciones incluidas en este mensaje que no estén relacionadas con 
asuntos profesionales de ANF Autoridad de Certificación no están 
respaldadas por la empresa.
El 03/12/2015 a las 16:04, Dean Coclin escribió:
>
> After a 2 week pre-ballot, the Code Signing Working Group has now 
> prepared the formal ballot below:
>
> __
>
> _Ballot 158: Adopt Code Signing Baseline Requirements_
>
> The following motion is proposed by the Code Signing Working Group and 
> is endorsed by Microsoft, Trend Micro and OATI. Further information on 
> the ballot is in the email message below.
>
> *- - - - Motion for Ballot 158 - - - -*
>
> Be it resolved that the CA / Browser Forum adopts the recommendation 
> of the Code Signing Working Group for Version 1.0 of the Baseline 
> Requirements for Code Signing. Once adopted, the effective date will 
> be October 1, 2016.
>
> *- - - - Motion Ends - - - -*
>
> The review period for this ballot shall commence at 2200 UTC on 3 Dec 
> 2015, and will close at 2200 UTC on 10 Dec 2015. Unless the motion is 
> withdrawn during the review period, the voting period will start 
> immediately thereafter and will close at 2200 UTC on 17 Dec 2015. 
> Votes must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here:
>
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
> Dean Coclin and Jeremy Rowley
>
> Code Signing Working Group co-chairs
>
> *From:*public-bounces at cabforum.org 
> <mailto:public-bounces at cabforum.org>[mailto:public-bounces at cabforum.org] 
> *On Behalf Of *Dean Coclin
> *Sent:* Thursday, November 19, 2015 2:01 PM
> *To:* CABFPub
> *Subject:* [cabfpub] Pre-Ballot: Code Signing Baseline Requirements
>
> The Code Signing Working Group of the CA/Browser Forum has completed 
> its work on Version 1 of the Code Signing Baseline Requirements.  The 
> Working Group has been meeting over the last 2+ years to develop and 
> bring this topic to the Forum for approval.
>
> This Working Group was chartered by the Forum at the Mozilla face to 
> face meeting in February 2013 and has brought together forum members 
> and outside participants to craft a document which we believe will 
> help improve the security of the ecosystem. Forum members in the 
> working group include: Comodo, Digicert, Entrust, ETSI, Federal PKI, 
> Firmaprofessional,  Globalsign, Izenpe, Microsoft, Startcom, 
> SwissSign, Symantec, Trend Micro, WoSign as well as non-members: 
> Cacert, Intarsys, OTA, Richter, and Travelport. Also, there have been 
> several public commenting periods which resulted in changes and 
> revisions to the document.
>
> The stated goal of the group was to: “Create a set of baseline 
> requirements for code signing that will reduce the incidence of signed 
> malware”. We strived to work on 3 sub goals, which are by no means 
> 100% solved. However we feel that the document reflects progress 
> towards these goals which were:
>
> 1.Minimize private key theft by moving toward more secure key storage 
> (protection of private keys)
>
> 2.Baseline authentication and vetting procedures for all parties
>
> 3.Information sharing (notification/revocation) for fraud detection. 
> This piece was moved to the Information Sharing Working Group
>
> _The document is now final and no further changes are being accepted_. 
> Comments and suggestions will be accumulated for a future version of 
> the document.
>
> The group is seeking 2 endorsers for the ballot below:
>
> *- - - - Motion for Ballot XXX - - - -*
>
> Be it resolved that the CA / Browser Forum adopts the recommendation 
> of the Code Signing Working Group for Version 1.0 of the Baseline 
> Requirements for Code Signing. Once adopted the effective date will be 
> October 1, 2016.
>
> *- - - - Motion Ends - - - -*
>
> The review period for this ballot shall commence at 2200 UTC on 3 Dec 
> 2015, and will close at 2200 UTC on 10 Dec 2015. Unless the motion is 
> withdrawn during the review period, the voting period will start 
> immediately thereafter and will close at 2200 UTC on 17 Dec 2015. 
> Votes must be cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here:
>
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hdgiahhc.png
Type: image/png
Size: 4746 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0007.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdbeibbd.png
Type: image/png
Size: 3311 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0008.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iddcgfig.png
Type: image/png
Size: 1822 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0009.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhiedbej.png
Type: image/png
Size: 3873 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0010.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gffefbhe.png
Type: image/png
Size: 3246 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0011.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbbdjcca.png
Type: image/png
Size: 3712 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0012.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cdgcdcji.png
Type: image/png
Size: 21794 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151214/d7c525b5/attachment-0013.png 


More information about the Public mailing list