CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-04-07 Minutes of the Code Signing Certificate Working Group

2022-04-07 Minutes of the Code Signing Certificate Working Group

Attendees

Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust)

Minute-taker: Tim Crawford

Minutes

Antitrust Statement: Read by Dean

Minutes for the March 24th meetings were approved

Interested party application from Insta Oy

No comment was offered, and the application was accepted.

Updates on Ballot CSC-13 – Private Key Protection

Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed. A question was raised on the need for 15 votes to have quorum. The chair will respond to that question and the group does not believe there is an issue with the number of votes. The ballot is ready for IPR review and set to be effective November 15th. The second question was on the need to circulate a Word version of the ballot. Bruce will send that. Bruce will also check the bylaws on the requirement to circulate particular formats of the ballot.

RFC3647 Ballot

The question was raised to determine if ballot CSC-13 can be incorporated into the version of the requirements in RFC 3647 format. There was discussion of an extended discussion period for the re-formatting the ballot to include CSC-13, post IPR. This ballot is not intended to make any changes to the requirements, only reformat the document. There have been a number of reviewers thus far and good feedback has been provided. Reviewers include Dimitris Zacharopoulos and Joanna Fox.

Other Business

The question was raised on areas future ballots will look at address. The three areas for future consideration mentioned by Bruce Morton and Ian McMillan were signing services, time stamping, and high risk application processing. Ian was asked how he would prioritize these topics and he indicated:

  1. Timestamping
  2. Signing services
  3. High risk applicants (would like to update by November 15th deadline for ballot CSC-13)

Bruce indicated the best way to get future issued to a ballot would be to put forth a proposal.

The face to face in Warsaw is still scheduled to be in person. Other events are going on in this area without issue.

Adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).