SSL.com is declaring its intent to participate in the Code Signing Working Group. The initial participants will be: - Fotis Loukos - Nick Naziridis - Chris Kemmerer - Tom Zermeno
Regards, Fotis On 03/12/2019 09:46 AM, Dean Coclin via Public wrote: > In accordance with the CA/B Forum Bylaws and the Charter of said working > group, the Interim Chair announces a call for Participants interested in > joining the Code Signing Working Group. > > > > Current CA/B Forum members should submit their names and company > affiliations, as a formal declaration of their intent (or provide them > at the face to face meeting). > > > > Interested Parties are eligible to participate once they provide the > signed IPR agreement to the Chair. > > > > Here is the text from the ballot relevant to membership: > > > > The CSCWG SHALL consist of two classes of voting members, Certificate > Issuers and Certificate Consumers meeting the eligibility criteria below: > > > > (1) A Certificate Issuer eligible for voting membership in the > CSCWG MUST have a publicly-available audit report or attestation > statement in accordance with one of the following schemes: > > > > * WebTrust for CAs v.2.0 or newer; or > > * ETSI EN 319 411-1, which includes normative references to > ETSI EN 319 401 (the latest version of the referenced ETSI documents > should be applied); or > > * If a Government Certificate Issuer is required by its > Certificate Policy to use a different internal audit scheme, it MAY use > such scheme provided that the audit either (a) encompasses all > requirements of one of the above schemes or (b) consists of comparable > criteria that are available for public review. > > > > These audit reports must also meet the following requirements: > > > > * They must report on the operational effectiveness of > controls for a historic period of at least 60 days; > > * No more than 27 months have elapsed since the beginning of > the reported-on period and no more than 15 months since the end of the > reported-on period; and > > * The audit report was prepared by a Qualified Auditor. > > > > In addition, the Certificate Issuer MUST actively issue code signing > certificates that are accepted for use in computing platforms in which > the platform supplier accepts code signing certificates issued by such > Certificate Issuer. > > > > > > (2) A Certificate Consumer (i.e. a platform supplier) eligible for > voting membership in the CSCWG must produce a computing platform that > accepts code signing certificates issued by third-party Certificate > Issuers who meet criteria set by such Certificate Consumer. > > > > > > 4.2.2 Membership Application/Declaration process > > > > A. An Applicant not already a member of the Forum SHALL > provide the following information: > > > > * Confirmation that the applicant satisfies at least one (1) > of the membership eligibility criteria (and if it satisfies more than > one (1), indication of the single category under which the applicant > wishes to apply). > > * The organization name, as they wish it to appear on the > Forum Web site and in official Forum documents. > > * URL of the applicant's main Web site. > > * Names and email addresses of employees who will participate > in the Working Group and Forum as Member representatives. > > * Emergency contact information for security issues related > to certificate trust. > > > > Applicants that qualify as Certificate Issuers or Root Certificate > Issuers must supply the following additional information: > > > > * URL of the current qualifying audit report. > > * The URL of at least one third party website that includes a > certificate issued by the Applicant in the certificate chain. > > * Links or references to issued end-entity certificates that > demonstrate them being treated as valid by a Certificate Consumer Member. > > > > Such Applicant SHALL become a Member once the CSCWG has determined by > consensus among the Members during a CSCWG Meeting or Teleconference > that the Applicant meets all of the requirements above or, upon the > request of any Member of the CSCWG, by a Ballot among Members of the > CSCWG. Acceptance by consensus shall be determined or a Ballot of the > Members shall be held as soon as the Applicant indicates that it has > presented all information required above and has responded to all > follow-up questions from the CSCWG and the Member has complied with the > requirements of Bylaw 5.5. > > > > Certificate Issuer applicants that are not actively issuing code signing > certificates but otherwise meet these membership criteria MAY request to > the CSCWG that they be granted an invitation for Associate Member status > in accordance with Bylaw 3.1, subject to conditions designated by the CSCWG. > > > > The CSCWG SHALL allow participation by Interested Parties, as set forth > in the Bylaws. > > > > > > An initial organizational meeting will take place during this week’s > face to face meeting followed by the formal kickoff later in the week > (see agenda for details). > > > > Dean Coclin > > CA/B Forum Vice Chair > > > > > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > -- Fotis Loukos, PhD Director of Security Architecture SSL Corp e: [email protected] w: https://www.ssl.com _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
