DarkMatter would like to participate in the Code-Signing WG with Scott Rea and
Mats Rosberg as representatives
However DM does not issue code-signing certs so we ask to be granted an
invitation for Associate Member status in this WG
Regards,
--
Scott Rea
Scott Rea
Senior Vice President - Trust Services
[cid:[email protected]]<http://www.darkmatter.ae>
Level 15, Aldar HQ
Abu Dhabi, United Arab Emirates
T +971 2 417 1417<tel:+971%202%20417%201417>
M +971 52 847 5093<tel:+971%2052%20847%205093>
E [email protected]<mailto:[email protected]>
darkmatter.ae<http://darkmatter.ae>
[Linkedin]<https://www.linkedin.com/company/dark-matter-llc> [Twitter]
<https://twitter.com/GuardedbyGenius>
[Year of Zayed] [expo]
The information in this email is intended only for the person(s) or entity to
whom it is addressed and may contain confidential or privileged information. If
you receive this email by error, please notify us immediately, delete the
original message and do not disclose the contents to any other person, use or
store or copy the information in any medium and for whatever purpose. Any
unauthorized use is strictly prohibited.
From: Public <[email protected]> on behalf of Dean Coclin via Public
<[email protected]>
Reply-To: Dean Coclin <[email protected]>, CA/Browser Forum Public
Discussion List <[email protected]>
Date: Tuesday, March 12, 2019 at 8:46 PM
To: CA/Browser Forum Public Discussion List <[email protected]>
Subject: [cabfpub] Code Signing Working Group - Call for Participants
In accordance with the CA/B Forum Bylaws and the Charter of said working group,
the Interim Chair announces a call for Participants interested in joining the
Code Signing Working Group.
Current CA/B Forum members should submit their names and company affiliations,
as a formal declaration of their intent (or provide them at the face to face
meeting).
Interested Parties are eligible to participate once they provide the signed IPR
agreement to the Chair.
Here is the text from the ballot relevant to membership:
The CSCWG SHALL consist of two classes of voting members, Certificate Issuers
and Certificate Consumers meeting the eligibility criteria below:
(1) A Certificate Issuer eligible for voting membership in the CSCWG MUST
have a publicly-available audit report or attestation statement in accordance
with one of the following schemes:
* WebTrust for CAs v.2.0 or newer; or
* ETSI EN 319 411-1, which includes normative references to ETSI EN
319 401 (the latest version of the referenced ETSI documents should be
applied); or
* If a Government Certificate Issuer is required by its Certificate
Policy to use a different internal audit scheme, it MAY use such scheme
provided that the audit either (a) encompasses all requirements of one of the
above schemes or (b) consists of comparable criteria that are available for
public review.
These audit reports must also meet the following requirements:
* They must report on the operational effectiveness of controls for
a historic period of at least 60 days;
* No more than 27 months have elapsed since the beginning of the
reported-on period and no more than 15 months since the end of the reported-on
period; and
* The audit report was prepared by a Qualified Auditor.
In addition, the Certificate Issuer MUST actively issue code signing
certificates that are accepted for use in computing platforms in which the
platform supplier accepts code signing certificates issued by such Certificate
Issuer.
(2) A Certificate Consumer (i.e. a platform supplier) eligible for voting
membership in the CSCWG must produce a computing platform that accepts code
signing certificates issued by third-party Certificate Issuers who meet
criteria set by such Certificate Consumer.
4.2.2 Membership Application/Declaration process
A. An Applicant not already a member of the Forum SHALL provide the
following information:
* Confirmation that the applicant satisfies at least one (1) of the
membership eligibility criteria (and if it satisfies more than one (1),
indication of the single category under which the applicant wishes to apply).
* The organization name, as they wish it to appear on the Forum Web
site and in official Forum documents.
* URL of the applicant's main Web site.
* Names and email addresses of employees who will participate in the
Working Group and Forum as Member representatives.
* Emergency contact information for security issues related to
certificate trust.
Applicants that qualify as Certificate Issuers or Root Certificate Issuers must
supply the following additional information:
* URL of the current qualifying audit report.
* The URL of at least one third party website that includes a
certificate issued by the Applicant in the certificate chain.
* Links or references to issued end-entity certificates that
demonstrate them being treated as valid by a Certificate Consumer Member.
Such Applicant SHALL become a Member once the CSCWG has determined by consensus
among the Members during a CSCWG Meeting or Teleconference that the Applicant
meets all of the requirements above or, upon the request of any Member of the
CSCWG, by a Ballot among Members of the CSCWG. Acceptance by consensus shall be
determined or a Ballot of the Members shall be held as soon as the Applicant
indicates that it has presented all information required above and has
responded to all follow-up questions from the CSCWG and the Member has complied
with the requirements of Bylaw 5.5.
Certificate Issuer applicants that are not actively issuing code signing
certificates but otherwise meet these membership criteria MAY request to the
CSCWG that they be granted an invitation for Associate Member status in
accordance with Bylaw 3.1, subject to conditions designated by the CSCWG.
The CSCWG SHALL allow participation by Interested Parties, as set forth in the
Bylaws.
An initial organizational meeting will take place during this week’s face to
face meeting followed by the formal kickoff later in the week (see agenda for
details).
Dean Coclin
CA/B Forum Vice Chair
_______________________________________________ Public mailing list
[email protected] https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
