CA/Browser Forum
Home » Posts » 2022-04-07 Minutes of the Code Signing Certificate Working Group

2022-04-07 Minutes of the Code Signing Certificate Working Group

Attendees

Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust)

Minute-taker: Tim Crawford

Minutes

Antitrust Statement: Read by Dean

Minutes for the March 24th meetings were approved

Interested party application from Insta Oy

No comment was offered, and the application was accepted.

Updates on Ballot CSC-13 – Private Key Protection

Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed. A question was raised on the need for 15 votes to have quorum. The chair will respond to that question and the group does not believe there is an issue with the number of votes. The ballot is ready for IPR review and set to be effective November 15th. The second question was on the need to circulate a Word version of the ballot. Bruce will send that. Bruce will also check the bylaws on the requirement to circulate particular formats of the ballot.

RFC3647 Ballot

The question was raised to determine if ballot CSC-13 can be incorporated into the version of the requirements in RFC 3647 format. There was discussion of an extended discussion period for the re-formatting the ballot to include CSC-13, post IPR. This ballot is not intended to make any changes to the requirements, only reformat the document. There have been a number of reviewers thus far and good feedback has been provided. Reviewers include Dimitris Zacharopoulos and Joanna Fox.

Other Business

The question was raised on areas future ballots will look at address. The three areas for future consideration mentioned by Bruce Morton and Ian McMillan were signing services, time stamping, and high risk application processing. Ian was asked how he would prioritize these topics and he indicated:

  1. Timestamping
  2. Signing services
  3. High risk applicants (would like to update by November 15th deadline for ballot CSC-13)

Bruce indicated the best way to get future issued to a ballot would be to put forth a proposal.

The face to face in Warsaw is still scheduled to be in person. Other events are going on in this area without issue.

Adjourned.

Latest releases
Code Signing Requirements
v3.7 - Mar 4, 2024

S/MIME Requirements
v1.0.3 - Ballot SMC05 - Feb 20, 2024

Adding CAA.

Related posts
Tags
Code Signing Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).