Re: [cabfpub] Code Signing Working Group - Call for Participants

2019-03-13 Thread realsky(CHT) via Public 
Dear Dean,

   Please add Chia-Hsien Lin and Tsung-Han Yang as the initial participants of 
Chunghwa Telecom in the Code Signing WG.
   
   I will e-mail you the e-mail addresses of the initlal particpants of 
Chunghwa Telecom. So later we can join the discussion list.

   Thank you.

Li-Chun 


-Original message-
From:realsky(CHT) 
To:CA/Browser Forum Public Discussion List 
Cc:Dean Coclin 
Date:Wed, 13 Mar 2019 05:42:49
Subject:Re: [cabfpub] Code Signing Working Group - Call for Participants

Chunghwa Telecom Co., Ltd. would like to to participate in the Code Signing WG.

The initial participants will be: Li-Chun Chen and Tsung-Min Kuo. 

However Chunghwa Telecom Co., Ltd. does not issue code-signing certs so we ask 
to be granted an invitation for Associate Member status first in this WG.

  Li-Chun Chen
  Chunghwa Telecom



-Original message-

On 03/12/2019 09:46 AM, Dean Coclin via Public wrote:
> In accordance with the CA/B Forum Bylaws and the Charter of said working
> group, the Interim Chair announces a call for Participants interested in
> joining the Code Signing Working Group.
> 
>  
> 
> Current CA/B Forum members should submit their names and company
> affiliations, as a formal declaration of their intent (or provide them
> at the face to face meeting).
> 
>  
> 
> Interested Parties are eligible to participate once they provide the
> signed IPR agreement to the Chair.
> 
>  
> 
> Here is the text from the ballot relevant to membership:
> 
>  
> 
> The CSCWG SHALL consist of two classes of voting members, Certificate
> Issuers and Certificate Consumers meeting the eligibility criteria below:
> 
>  
> 
> (1)  A Certificate Issuer eligible for voting membership in the
> CSCWG MUST have a publicly-available audit report or attestation
> statement in accordance with one of the following schemes:
> 
>  
> 
> *WebTrust for CAs v.2.0 or newer; or
> 
> *ETSI EN 319 411-1, which includes normative references to
> ETSI EN 319 401 (the latest version of the referenced ETSI documents
> should be applied); or
> 
> *If a Government Certificate Issuer is required by its
> Certificate Policy to use a different internal audit scheme, it MAY use
> such scheme provided that the audit either (a) encompasses all
> requirements of one of the above schemes or (b) consists of comparable
> criteria that are available for public review.
> 
>  
> 
> These audit reports must also meet the following requirements:
> 
>  
> 
> *They must report on the operational effectiveness of
> controls for a historic period of at least 60 days;
> 
> *No more than 27 months have elapsed since the beginning of
> the reported-on period and no more than 15 months since the end of the
> reported-on period; and
> 
> *The audit report was prepared by a Qualified Auditor.
> 
>  
> 
> In addition, the Certificate Issuer MUST actively issue code signing
> certificates that are accepted for use in computing platforms in which
> the platform supplier accepts code signing certificates issued by such
> Certificate Issuer.
> 
>  
> 
>  
> 
> (2)A Certificate Consumer (i.e. a platform supplier) eligible for
> voting membership in the CSCWG must produce a computing platform that
> accepts code signing certificates issued by third-party Certificate
> Issuers who meet criteria set by such Certificate Consumer.
> 
>  
> 
>  
> 
> 4.2.2 Membership Application/Declaration process
> 
>  
> 
> A.   An Applicant not already a member of the Forum SHALL
> provide the following information:
> 
>  
> 
> *Confirmation that the applicant satisfies at least one (1)
> of the membership eligibility criteria (and if it satisfies more than
> one (1), indication of the single category under which the applicant
> wishes to apply).
> 
> *The organization name, as they wish it to appear on the
> Forum Web site and in official Forum documents.
> 
> *URL of the applicant's main Web site.
> 
> *Names and email addresses of employees who will participate
> in the Working Group and Forum as Member representatives.
> 
> *Emergency contact information for security issues related
> to certificate trust.
> 
>  
> 
> Applicants that qualify as Certificate Issuers or Root Certificate
> Issuers must supply the following additional information:
> 
>  
> 
> *URL of the current qualifying audit report.
> 
> *The URL of at least one third party website that includes a
> certificate issued by the Applicant in the certificate chain.
> 
> *Links or references to issued end-entity certificates that
> demonstrate them being treated as valid by a Certificate Consumer Member.
> 
>  
> 
> Such Applicant SHALL become a Member once the CSCWG has determined by
> consensus among the Members during a CSCWG Meeting or Teleconference
> that the Applicant meets all of the requirements above

Re: [cabfpub] Code Signing Working Group - Call for Participants

2019-03-13 Thread Christian Heutger via Public 
PSW GROUP (Christian Heutger, Patrycja Tulinska) would like to join as 
interested party

Mit freundlichen Grüßen,
Christian Heutger
Chief Technology Officer (CTO)

CISSP, CISA, CISM, CIPP/E, CIPM
ITIL-Expert, PRINCE2-/COBIT-Practitioner
DS-/ISO 9001-/ISO 2-1-/ISO 27001-Auditor
Zusätzliche Prüfverfahrens-Kompetenz für § 8a (3) BSIG sowie gemäß 
IT-Sicherheitskatalog nach § 11 (1a) EnWG

[signature_667973861]

--
PSW GROUP GmbH & Co. KG, Flemingstraße 20-22, 36041 Fulda, Hessen, Deutschland

Telefon 0661/480276-10, Telefax 0661/480276-19
Hotline 0800/503750-1, Faxline 0800/503750-9
supp...@psw.net, www.psw.net, kb.psw.net

Geschäftsführerin Patrycja Tulinska, Amtsgericht Fulda, HRA 5007
Steuernr. 018 357 60369, USt-IdNr. DE243718955, DUNS-Nr. 53-747-3485

Komplementär J.C. Beteiligungsges. mbH, Anschrift w.o., Amtsgericht Fulda, HRB 
5474


Diese Information ist vertraulich und ausschließlich für die adressierte Person 
bestimmt. Personen, für die diese Information nicht bestimmt ist, ist es nicht 
gestattet, diese zu lesen, erneut zu übertragen, zu verbreiten oder anderweitig 
zu verwenden. Personen, für die diese Information nicht bestimmt ist, dürfen 
sich durch diese Mail nicht veranlasst sehen, Maßnahmen irgendeiner Art zu 
ergreifen. Sollten Sie diese Nachricht irrtümlich erhalten haben, bitten wir 
Sie, sich mit dem Absender in Verbindung zu setzen und das Material (die Mail 
nebst etwaigen Anhängen) von Ihrem Computer zu löschen, ohne eine Kopie davon 
zurückzubehalten. Der Adressat dieser Nachricht hat uns gebeten, mit ihm über 
das Internet zu korrespondieren.

Wir weisen darauf hin, dass mittels E-Mail übermittelte Nachrichten mit und 
ohne Zutun von Dritten verloren, verändert oder verfälscht werden können. 
Herkömmliche E-Mails sind nicht gegen den Zugriff von Dritten geschützt und 
deshalb ist auch die Vertraulichkeit unter Umständen nicht gewahrt. Wir haften 
deshalb nicht für die Unversehrtheit von E-Mails, nachdem sie unseren 
Herrschaftsbereich verlassen haben und können Ihnen hieraus entstehende Schäden 
nicht ersetzen. Sollte trotz der von uns verwendeten Virus-Schutz-Programme 
durch die Zusendung von E-Mails ein Virus in Ihre Systeme gelangen, haften wir 
nicht für eventuell hieraus entstehende Schäden.

This message is confidential and only intended for the recipient. Should you 
not be the intended recipient you are kindly asked to advise the sender 
immediately by reply e-mail and delete this message and all attachments without 
keeping a copy.

Von: Public  im Auftrag von Dean Coclin via Public 

Antworten an: Dean Coclin , CA/Browser Forum Public 
Discussion List 
Datum: Dienstag, 12. März 2019 um 17:46
An: CA/Browser Forum Public Discussion List 
Betreff: [cabfpub] Code Signing Working Group - Call for Participants

In accordance with the CA/B Forum Bylaws and the Charter of said working group, 
the Interim Chair announces a call for Participants interested in joining the 
Code Signing Working Group.

Current CA/B Forum members should submit their names and company affiliations, 
as a formal declaration of their intent (or provide them at the face to face 
meeting).

Interested Parties are eligible to participate once they provide the signed IPR 
agreement to the Chair.

Here is the text from the ballot relevant to membership:


The CSCWG SHALL consist of two classes of voting members, Certificate Issuers 
and Certificate Consumers meeting the eligibility criteria below:



(1)  A Certificate Issuer eligible for voting membership in the CSCWG MUST 
have a publicly-available audit report or attestation statement in accordance 
with one of the following schemes:



*WebTrust for CAs v.2.0 or newer; or

*ETSI EN 319 411-1, which includes normative references to ETSI EN 
319 401 (the latest version of the referenced ETSI documents should be 
applied); or

*If a Government Certificate Issuer is required by its Certificate 
Policy to use a different internal audit scheme, it MAY use such scheme 
provided that the audit either (a) encompasses all requirements of one of the 
above schemes or (b) consists of comparable criteria that are available for 
public review.



These audit reports must also meet the following requirements:



*They must report on the operational effectiveness of controls for 
a historic period of at least 60 days;

*No more than 27 months have elapsed since the beginning of the 
reported-on period and no more than 15 months since the end of the reported-on 
period; and

*The audit report was prepared by a Qualified Auditor.



In addition, the Certificate Issuer MUST actively issue code signing 
certificates that are accepted for use in computing platforms in which the 
platform supplier accepts code signing certificates issued by such Certificate 
Issuer.





(2)A Certificate Consumer (i.e. a platform supplier) eligible for voting 
membership in the