Guidelines Version 1.1 Errata
1. QGIS for place of business address
Replace Section 16a with the following text.
(a) Address of Applicant's Place of Business
(1) Verification Requirements To verify Applicant's physical existence and business presence, the CA MUST verify that the physical address provided by Applicant is an address where Applicant or a Parent/Subsidiary Company conducts business operations (e.g., not a mail drop or P.O. box, or 'care of' (C/O) address, such as an address for an agent of the Organization), and is the address of Applicant's Place of Business.
(2) Acceptable Methods of Verification To verify the address of Applicant's Place of Business:
(A) For Applicants whose Place of Business is in the same country as Applicant's Jurisdiction of Incorporation or Registration:
(1) For Applicants whose Place of Business is in the same country as Applicant's Jurisdiction of Incorporation or Registration and whose Place of Business is NOT the same as that indicated in the relevant Qualified Government Information Source used in Section (14) to verify legal existence:
(1) For Applicants listed at the same Place of Business address in the current version of either at least one Qualified Independent Information Source or a Qualified Governmental Tax Information Source, the CA MUST confirm that Applicant's address as listed in the EV Certificate Request is a valid business address for Applicant or a Parent/Subsidiary Company by reference to such Qualified Independent Information Sources or a Qualified Governmental Tax Information Source, and MAY rely on Applicant's representation that such address is its Place of Business;
(2) For Applicants who are not listed at the same Place of Business address in the current version of either at least one Qualified Independent Information Source or a Qualified Governmental Tax Information Source, the CA MUST confirm that the address provided by Applicant in the EV Certificate Request is in fact Applicant's or a Parent/Subsidiary Company's business address, by obtaining documentation of a site visit to the business address, which MUST be performed by a reliable individual or firm. The documentation of the site visit MUST:
(a) Verify that Applicant's business is located at the exact address stated in the EV Certificate Request (e.g., via permanent signage, employee confirmation, etc.);
(b) Identify the type of facility (e.g., office in a commercial building, private residence, storefront, etc.) and whether it appears to be a permanent business location;
(c) Indicate whether there is a permanent sign (that cannot be moved) that identifies Applicant;
(d) Indicate whether there is evidence that Applicant is conducting ongoing business activities at the site (e.g., that it is not just a mail drop, P.O. box, etc.); and
(e) Include one or more photos of (i) the exterior of the site (showing signage indicating Applicant's name, if present, and showing the street address if possible), and (ii) the interior reception area or workspace
(3) For all Applicants, the CA MAY alternatively rely on a Verified Legal Opinion or a Verified Accountant Letter that indicates the address of Applicant's or a Parent/Subsidiary Company's Place of Business and that business operations are conducted there.
(4) For Government Entity Applicants, the CA MAY rely on the address contained in the records of the QGIS in Applicant's Jurisdiction.
(2) For Applicants whose Place of Business is in the same country as Applicant's Jurisdiction of Incorporation or Registration and where the Qualified Government Information Source used in Section (14) to verify legal existence contains a business address for the Applicant, the CA MAY rely on the Address in the QGIS to confirm the Applicant's or a Parent/Subsidiary Company address as listed in the EV Certificate Request, and MAY rely on Applicant's representation that such address is its Place of Business.
(B) For Applicants whose Place of Business is not in the same country as Applicant's Jurisdiction of Incorporation or Registration, the CA MUST rely on a Verified Legal Opinion that indicates the address of Applicant's Place of Business and that business operations are conducted there.
2. Scope
Replace the following paragraph from Section 1.(b), effective 18 June 2008.
"This version of the Guidelines addresses only requirements for EV Certificates intended to be used for server-authentication SSL/TLS on the Internet. Similar requirements for client-authentication SSL/TLS, S/MIME, code-signing, time-stamping, VoIP, IM, Web services, etc. may be covered in future versions."
With:
"This version of the Guidelines addresses only requirements for EV Certificates intended to be used for SSL/TLS authentication on the Internet and code-signing. Similar requirements for S/MIME, time-stamping, VoIP, IM, Web services, etc. may be covered in future versions."
3. Allowed EKU values
Add the following clause to Appendix B, section 3, effective 18 June 2008.
"(e) extKeyUsage
Either the value id-kp-serverAuth [RFC3280] or id-kp-clientAuth [RFC3280] or both values MUST be present. Other values SHOULD NOT be present."
4. RFC5280
Effective 11 July 2008, replace 'RFC3280' with 'RFC5280' throughout the document.
5. Certificate renewal (same CA)
Effective 25 July 2008.
5.1 Replace this paragraph from Section 8.
8. Maximum Validity Period
(b) For Validated Data the age of validated data used to support issuance of an EV Certificate (before revalidation is required) SHALL NOT exceed the following limits:
(1) Legal existence and identity - one year;
(2) Assumed name - one year;
(3) Address of Place of Business - one year, but thereafter data MAY be refreshed by checking a Qualified Independent Information Source, even where a site visit was originally required;
(4) Telephone number for Place of Business - one year;
(5) Bank account verification - one year;
(6) Domain name - one year;
(7) Identity and authority of Certificate Approver - one year, unless a contract is in place between the CA and Applicant that specifies a different term, in which case, the term specified in such contract will control. For example, the contract MAY use terms that allow the assignment of roles that are perpetual until revoked, or until the contract expires or is terminated.
With
8. Maximum Validity Period
(b) For Validated Data the age of validated data used to support issuance of an EV Certificate (before revalidation is required) SHALL NOT exceed the following limits:
(1) Legal existence and identity - thirteen months;
(2) Assumed name - thirteen months;
(3) Address of Place of Business - thirteen months, but thereafter data MAY be refreshed by checking a Qualified Independent Information Source, even where a site visit was originally required;
(4) Telephone number for Place of Business - thirteen months;
(5) Bank account verification - thirteen months;
(6) Domain name - thirteen months;
(7) Identity and authority of Certificate Approver - thirteen months, unless a contract is in place between the CA and Applicant that specifies a different term, in which case, the term specified in such contract will control. For example, the contract MAY use terms that allow the assignment of roles that are perpetual until revoked, or until the contract expires or is terminated.
5.2 Add the following paragraph as Section 22(d)(3)
22(d)(3) - The CA MAY rely on a verified Confirming Person to confirm their own contact information: email address, telephone number, and facsimile number. The CA MAY rely on this verified contact information for future correspondence with the Confirming Person if:
1. The domain of the e-mail address is owned by the Applicant and is the Confirming Person's own e-mail address and not a group e-mail alias,
2. The Confirming Person's telephone/fax number is verified by the CA to be a telephone number that is part of the organization's telephone system, and is not the personal phone number for the person.
5.3 Replace this paragraph from Section 25
25. Certificate Renewal Verification Requirements
Before renewing an EV Certificate, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.
With
25. EV Certificate Renewal Verification Requirements
(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.
(b) Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY:
(1) EV Certificate previously issued by the CA:
(i) Rely on its prior authentication and verification of:
(a) A Principal Individual of a Business Entity under Section 14(b)(4) if the Principal Individual is the same as the Principal Individual verified by the CA in connection with the previously issued EV Certificate,
(b) Applicant's Place of Business under Section 16(a),
(c) The verification of telephone number of Applicant's Place of Business required by Section 16(b), but still MUST perform the verification required by Section 16(b)(2)(a),
(d) Applicant's Operational Existence under Section 17,
(e) The name, title, and authority of the Contract Signer, Certificate Approver, and Certificate Requester under Section 19, except where a contract is in place between the CA and Applicant that specifies a specific term for the authority of the Contract Signer, and/or the Certificate Approver, and/or Certificate Requester in which case, the term specified in such contract will control,
(f) The prior verification of the email address used by the CA for independent confirmation from applicant under Section 22(d)(1)(B)(ii).
(ii) Rely on prior Verified Legal/Accountant Opinion that established:
(a) Applicant's exclusive right to use the specified domain name under Section 18 (b)(2)(A)(1) & Section 18 (b)(2)(B)(1), provided that the CA verifies that either:
a. The WHOIS record still shows the same registrant as indicated when the CA received the prior Verified Legal Opinion, or
b. The Applicant establishes domain control via a practical demonstration as detailed in Section 18(b)(2)(B)(2).
(b) Verification that Applicant is aware that it has exclusive control of the domain name, under Section 18 (a)(b)(3).
5.4 Add the following Definition to the Definition section:
EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant's existing EV Certificate.
6. Pre-approved requests
6.1 Replace Sections 11a and 11b with the following
11. EV Certificate Request Requirements
(a) General Prior to the issuance of an EV Certificate, the CA MUST obtain from Applicant (via a Certificate Requester authorized to act on Applicants behalf) a properly completed and signed EV Certificate Request in a form prescribed by the CA and that complies with these Guidelines. One EV Certificate Request MAY suffice for multiple EV Certificates to be issued to the same Applicant when the requests have been pre-authorized in line with section 19(d) of these Guidelines
(b) Request and Certification EV Certificate Requests which are not pre-authorized in line with section 19(d) of these Guidelines MUST contain a request from, or on behalf of, Applicant for the issuance of an EV certificate, or certificates, and a certification by, or on behalf of, Applicant that all of the information contained therein is true and correct.
6.2 Replace the introductory paragraph of Section 20 with the following
20. Verification of Signature on Subscriber Agreement and EV Certificate Requests
Both the Subscriber Agreement and each non pre-approved EV Certificate Request MUST be signed. The Subscriber Agreement MUST be signed by an authorized Contract Signer. The EV Certificate Request MUST be signed by the Certificate Requester submitting the document unless the Certificate Request has been pre-authorized in line with section 19(d) of these Guidelines. If the Certificate requester is not also an authorized Certificate Approver, then an authorized Certificate Approver MUST independently approve the EV Certificate Request. In all cases applicable signatures MUST be a legally valid and enforceable seal or handwritten signature (for a paper Subscriber Agreement and/or EV Certificate Request), or a legally valid and enforceable electronic signature (for an electronic Subscriber Agreement and/or EV Certificate Request), that binds Applicant to the terms of each respective document.
7. Authoritative time-source
In Appendix I, replace the paragraph that reads
"An EV Timestamp Authority MUST be synchronized with a publicly accepted time source in the jurisdiction of its operation, (e.g. NIST or Naval Laboratory in the United States)."
with
"An EV Timestamp Authority MUST be synchronized with a UTC(k) time source recognized by the International Bureau of Weights and Measures (BIPM)."
8. Phone number at place of business
Effective 4 Dec 2008, delete Section 16b and replace it with the following.
(b) Telephone Number for Applicant's Place of Business
(1) Verification Requirements To further verify Applicant's physical existence and business presence, as well as to assist in confirming other verification requirements, the CA MUST verify that the telephone number provided by Applicant is a main phone number for Applicant's Place of Business.
(2) Acceptable Methods of Verification To verify Applicant's telephone number, the CA MUST perform A and either B or C as listed below:
(A) Confirm Applicant's telephone number by calling it and obtaining an affirmative response sufficient to enable a reasonable person to conclude that Applicant is reachable by telephone at the number dialed;
(B) Confirm that the telephone number provided by Applicant is listed as Applicant's or Parent/Subsidiary Company's telephone number for the verified address of its Place of Business in records provided by the applicable phone company, or, alternatively, in either at least one Qualified Independent Information Source or Qualified Governmental Information Source, or in a Qualified Governmental Tax Information Source;
(C) Rely on a Verified Legal Opinion or a Verified Accountant Letter to the effect that Applicant's telephone number, as provided, is a main phone number for Applicant's Place of Business.
9. Minimum Cryptographic Algorithm and Key Sizes
Effective 30 Dec 2008, delete Appendix A and replace it with the following.
Appendix A
Minimum Cryptographic Algorithm and Key Sizes
1. Root CA Certificates
|
|
Root Certificates whose validity period begins on or before 31 Dec 2010 |
Root Certificates whose validity period begins after 31 Dec 2010 |
|
Digest algorithm |
MD5 (NOT RECOMMENDED), SHA-1 |
SHA-1*, SHA-256, SHA-384 or SHA-512 |
|
RSA |
2048** |
2048 |
|
ECC |
NIST P-256 |
NIST P-256 |
2. Subordinate CA Certificates
|
|
Subordinate CA Certificates whose validity period begins
on or before |
Subordinate CA Certificates whose validity period begins after 31 Dec 2010 |
|
Digest algorithm |
SHA-1 |
SHA-1*, SHA-256, SHA-384 or SHA-512 |
|
RSA |
1024 |
2048 |
|
ECC |
NIST P-256 |
NIST P-256 |
3. Subscriber Certificates
|
|
Subscriber Certificates whose validity period ends on or before 31 Dec 2010 |
Subscriber Certificates whose validity period ends after 31 Dec 2010 |
|
Digest algorithm |
SHA-1 |
SHA1*, SHA-256, SHA-384 or SHA-512 |
|
RSA |
1024 |
2048 |
|
ECC |
NIST P-256 |
NIST P-256 |
** A Subscriber Certificate may, in addition, chain to an EV-enabled <2048-bit key RSA root CA certificate.
* SHA-1 SHOULD be used only until SHA-256 is supported widely by browsers used by a substantial portion of relying parties worldwide.
10. Certificate reissuance
Effective 18 March 2009,10.1. Replace the following section (which was itself previously amended):-
"25. EV Certificate Renewal Verification Requirements
(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.
(b) Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY:
(1) EV Certificate previously issued by the CA:"
With:-
"25. EV Certificate Renewal Verification Requirements
(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.
(b) Validation of Re-issuance requests. A CA may rely on previously verified information to issue a replacement certificate where:
1. The expiration date of the replacement certificate is the same as the expiration date of the currently valid EV certificate being replaced, and
2. The certificate subject of the Replacement Certificate is the same as the certificate subject contained in the currently valid EV certificate.
(c) Renewal Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY:
(1) EV Certificate previously issued by the CA:"
10.2. Replace this entry from the Definition Section (which was itself previously amended):-
"EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant's existing EV Certificate."
With:-
"EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant's existing EV Certificate but with a new 'valid to' date beyond the expiry of the current EV certificate.
EV Certificate Re-issuance. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant's existing EV Certificate but with a matching 'valid to' date of the current EV certificate."
11. PolicyQualifierId
Effective 8 April 2009,
1. Replace the following text from Appendix B, Sections 2a and 3a:
"certificatePolicies:policyQualifiers:policyQualifierId o id-qt 2"
with:-
"certificatePolicies:policyQualifiers:policyQualifierId o id-qt 1"
12. Renumbering
|
Proposed section number |
Current section label |
|
Front matter |
Front matter, A.1.(c)
Guidelines Issuing Authority, A.1.(d)
Revisions to Guidelines paras 1 and 2 |
|
ToC |
ToC |
|
1. Scope |
A.1.(b)
Scope |
|
Requires new
material |
|
|
DEFINITIONS |
|
|
Requires new
material |
|
|
A.1.(a) para 2
General, A.1.(d) Revisions to
Guidelines para 3 |
|
|
6. Basic concept of the EV certificate |
A.1.(a) para 1 General, B. Basic concept of the EV certificate |
|
2.
Purpose of EV Certificates |
|
|
(a)
Primary Purposes |
|
|
(b)
Secondary Purposes |
|
|
(c)
Excluded Purposes |
|
|
3.
EV Certificate Warranties and Representations |
|
|
(a)
By the CA and |
|
|
(b) By the Subscriber |
|
|
C.
COMMUNITY |
|
|
4.
Issuance of EV Certificates |
|
|
(a)
Compliance |
|
|
(b)
EV Policies |
|
|
(c)
Insurance |
|
|
(d)
Audit Requirements |
|
|
5.
Obtaining EV Certificates |
|
|
(a)
General |
|
|
(b)
Private Organization Subjects |
|
|
(c)
Government Entity Subjects |
|
|
(d)
Business Entities |
|
|
(d) Non-Commercial Entity Subjects |
|
|
D.
EV CERTIFICATE CONTENT |
|
|
6.
EV Certificate Content Requirements |
|
|
(a)
Subject Organization Information |
|
|
7.
EV Certificate Policy Identification Requirements |
|
|
(a)
EV Subscriber Certificates |
|
|
(b) EV Subordinate CA Certificates |
|
|
(c) |
|
|
8.
Maximum Validity Period |
|
|
(a)
For EV Certificate |
|
|
(b)
For Validated Data |
|
|
9.
Other Technical Requirements for EV Certificates |
|
|
E.
EV CERTIFICATE REQUEST REQUIREMENTS |
|
|
10.
General Requirements |
|
|
(a) Documentation
Requirements |
|
|
(b)
Role Requirements |
|
|
11.
EV Certificate Request Requirements |
|
|
(a)
General |
|
|
(b)
Request and Certification |
|
|
(c)
Information Requirements |
|
|
12.
Subscriber Agreement Requirements |
|
|
(a)
General |
|
|
(b) Agreement Requirements |
|
|
F.
INFORMATION VERIFICATION REQUIREMENTS |
|
|
13.
General Overview |
|
|
(a)
Verification Requirements
Overview |
|
|
(b)
Acceptable Methods of Verification
Overview |
|
|
10.2 Verification of Applicants Legal Existence and Identity |
14.
Verification of Applicants Legal Existence and Identity |
|
(a)
Verification Requirements |
|
|
(b)
Acceptable Method of Verification |
|
|
10.3 Verification of Applicants Legal Existence and Identity Assumed
Name |
15.
Verification of Applicants Legal Existence and Identity Assumed Name |
|
(a)
Verification Requirements |
|
|
(b)
Acceptable Method of Verification |
|
|
16.
Verification of Applicants Physical Existence |
|
|
(a)
Address of Applicants Place of Business |
|
|
(b)
Telephone Number for Applicants Place of Business |
|
|
17.
Verification of Applicants Operational Existence |
|
|
(a)
Verification Requirements |
|
|
(b)
Acceptable Methods of Verification |
|
|
18.
Verification of Applicants Domain Name |
|
|
(a)
Verification Requirements |
|
|
(b)
Acceptable Methods of Verification |
|
|
10.7 Verification of Name, Title, and Authority of Contract Signer and
Certificate Approver |
19.
Verification of Name, Title and Authority of Contract Signer &
Certificate Approver |
|
(a)
Verification Requirements |
|
|
10.7.2 Acceptable Methods of Verification Name, Title and Agency |
(b)
Acceptable Methods of Verification Name, Title, and Agency |
|
(c)
Acceptable Methods of Verification - Authorization |
|
|
(d)
Pre-Authorized Certificate Approver |
|
|
10.8 Verification of Signature on
Subscriber Agreement and EV Certificate Requests |
20.
Verification of Signature on Subscriber Agreement and EV Certificate Requests |
|
(a)
Verification Requirements |
|
|
(b)
Acceptable Methods of Signature Verification |
|
|
21.
Verification of Approval of EV Certificate Request |
|
|
(a)
Verification Requirements |
|
|
(b)
Acceptable Methods of Verification |
|
|
22.
Verification of Certain Information Sources |
|
|
(a)
Verified Legal Opinion |
|
|
(b)
Verified Accountant Letter |
|
|
(c)
Face-to-face validation |
|
|
(d)
Independent Confirmation From Applicant |
|
|
(e)
Qualified Independent Information Sources (QIIS) |
|
|
(f)
Qualified Government Information Sources (QGIS) |
|
|
(g)
Qualified Government Tax Information Sources (QGTIS) |
|
|
23.
Other Verification Requirements |
|
|
(a)
High Risk Status |
|
|
(b)
Denied Lists and Other Legal Black Lists |
|
|
24.
Final Cross-Correlation and Due Diligence |
|
|
25.
EV Certificate Renewal Verification Requirements |
|
|
G. CERTIFICATE STATUS CHECKING |
|
|
26.
EV Certificate Status Checking |
|
|
(a)
Repository |
|
|
(b)
Reasonable User Experience |
|
|
(c) Response Time |
|
|
(d) Deletion of Entries |
|
|
27.
EV Certificate Revocation |
|
|
(a) Revocation Guidelines and Capability |
|
|
(b)
Revocation Events |
|
|
11.3 EV Certificate Problem Reporting and Response Capability |
28. EV Certificate Problem Reporting and Response
Capability |
|
(a)
Reporting |
|
|
(b)
Investigation |
|
|
(c) Response |
|
|
H.
EMPLOYEE |
|
|
29. Trustworthiness and Competence |
|
|
(a) Identity and Background Verification |
|
|
(b) Training and Skills Level |
|
|
(c) Separation of Duties |
|
|
12.2 Delegation of Functions to Registration Authorities and
Subcontractors |
30. Delegation of Functions to Registration
Authorities and Subcontractors |
|
(a)
General |
|
|
(b) |
|
|
(c)
Guidelines Compliance Obligation |
|
|
(d) Responsibility |
|
|
I. |
|
|
31. Documentation and Audit Trail Requirements |
|
|
32. Document Retention |
|
|
(a) Audit Log Retention |
|
|
(b) Retention of Documentation |
|
|
33. Reuse and Updating Information and Documentation |
|
|
13.3.1 Use of Documentation to Support Multiple EV Certificates |
(a) Use of Documentation to Support Multiple EV
Certificates |
|
(b) Use of Pre-Existing Information or Documentation |
|
|
34. Data Security |
|
|
(a) Objectives |
|
|
(b) Risk Assessment |
|
|
(c) Security Plan |
|
|
(d) Dual Access Control |
|
|
J.
COMPLIANCE |
|
|
35. Audit Requirements |
|
|
(a)
Pre-Issuance Readiness Audit |
|
|
(b) Regular Self Audits |
|
|
(c) Annual Independent Audit |
|
|
(d)
Auditor Qualifications |
|
|
(e) Root Key Generation |
|
|
K.
OTHER CONTRACTUAL COMPLIANCE |
|
|
36.
Privacy/Confidentiality Issues |
|
|
37.
Limitations on EV Certificate Liability |
|
|
(a)
CA Liability |
|
|
(b) |
|
|
Appendix
A Minimum Cryptographic Algorithm and Key Sizes |
|
|
Appendix B - EV Certificates Required Certificate Extensions |
Appendix
B EV Certificates Required Certificate Extensions |
|
Appendix
C User Agent Verification |
|
|
Appendix
D Sample Form Legal Opinion Letter |
|
|
Appendix E - Sample Accountant Letters Confirming Specified Information |
Appendix
E Sample Accountant Letters Confirming Specified Information |
|
Appendix
F Foreign organization name guidelines |
|
|
Appendix
G Code-Signing: Introduction |
|
|
Appendix H - Code-signing: Requirements for Certification Authorities
(Normative) |
Appendix
H Code-Signing: Requirements for Certification Authorities |
|
Appendix I - Code-signing: Requirements for Timestamp Authorities (Normative) |
Appendix
I Code-Signing: Requirements for Timestamp Authorities |
|
Appendix J - Code-signing: Requirements for Signing Authorities
(Normative) |
Appendix
J Code-Signing: Requirements for Signing Authorities |