EVGs: Remove references to code signing and focus language on TLS

[castillar]

With the CSCWG's work on the EV code-signing guidelines, we should remove the references to code signing from the EVGs, allowing them to focus solely on TLS usage to match the Baseline Requirements.

[sleevi]

@castillar For ease of reference, could you provide an example of what prompted this?

[castillar]

Sure! What prompted it was these two lines:

Introduction:

Although initially intended for use in establishing Web-based data communication conduits via TLS/SSL protocols, extensions are envisioned for S/MIME, time-stamping, VoIP, IM, Web services, etc.

§1 Scope:

This version of the Guidelines addresses only requirements for EV Certificates intended to be used for SSL/TLS authentication on the Internet and for code signing. Similar requirements for S/MIME, time-stamping, VoIP, IM, Web services, etc. may be covered in future versions.
(Emphasis added)

We could also consider removing the definition for 'Suspect Code', although that one might be useful at some point if, for instance, the EVGs mandate revocation of certificates for sites found to be distributing Suspect Code.

[castillar]

Great point from outside discussion: the SMCWG charter encourages re-use of the EVGs, so we may want to instead modify this language to remove the code-signing line from the scope and instead promote the EVGs as a basis for others.

[castillar]

For instance, we could leave the Introduction reference and then change the Scope:

This version of the Guidelines addresses only requirements for EV Certificates intended to be used for SSL/TLS authentication on the Internet and for code-signing. However, the Working Group encourages the re-use of these guidelines as a basis for similar requirements for S/MIME, time-stamping, VoIP, IM, Web services, etc. may be covered in future versions.