Home » Code Signing » 2022-08-11 Minutes of the Code Signing Certificate Working Group

2022-08-11 Minutes of the Code Signing Certificate Working Group

Attendees

Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Lynn Jeun, Martijn Katerbarg, Michael Sykes, Tomas Gustavsson

Minutes

  • Anti-Trust Statement read by Dean
  • Prior meeting minutes fron July 28, 2022 are approved without objection or comment.

CSC-15 Ballot Status

  • Voting period closed and Dean will be announcing the results.
  • Next steps to send out for IPR.

Signing Service Proposed Ballot Update

  • Bruce is waiting for the CSC-15 ballot to clear before proceeding.
  • Suggested changes need to be merged using Bruce’s Word markup to a GitHub PR.

Timestamping Updates

  • Ian waiting on talking with Tim Hollebeek to incorporate his feedback on changes (Tim back next week).
  • Looking at setting clear expectations on TSA CA protection requirements being offline and shortening the TSA entity certificate max validity period.

Malware Proposal from Martijn

  • Further discussion with Bruce lead to changes in the removal of exceptions for not having to notify the subscriber when the Certificate Beneficiary reaches out on a key compromise scenario. This is invoked in both 4.9.1.1 and 4.9.1.3.
  • Martijn is waiting on feedback from Ian on the new updates before proceeding with the ballot proposal. In general Ian is feeling this is on the right track, but will follow up with detailed feedback.
  • Martijn will be posting the proposal to both the mailing list and on the GitHub

Handling changes in the future (GitHub vs Mailing List + marked-up Word)

  • Do we hold the conversation on the PRs in GitHub or on the Mailing List?
    • There is no convention right now.
    • SCWG has a mix but no true stated norm.
  • Smaller or targeted comments and changes on specific lines is great in GitHub.
    • Handling on the list with multiple copies of the Word doc can be difficult to track/follow.
  • Larger or broader changes can be harder to view in its totality on GitHub.
  • No conclusion, discussion will continue.

Chair/Vice-Chair Elections Coming Up

  • Dean to put out an announcement in the next week or 2 weeks (must be before August 30, 2022).
  • Vice-Chair election will be first, followed by the Chair.
  • Chairs and Vice-Chairs have the option to re-run for another term.
  • Any Vice-Chair candidates need to get a nomination from a WG member in to the Chair.
  • Bruce is willing to continue as Vice-Chair (nomination for Bruce).
  • Elections ballots are submitted to either the WebTrust (Don S or Jeff W) or ETSI (Arnaud) representative members.
    • ETSI and WebTrust members compiled the votes and provide only the results without sharing a detailed breakdown of who voted for who.
    • Only one vote per organization (not per individual participant).

Next meeting on August 25, 2022