CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-01-26 Minutes of the Code Signing Certificate Working Group

2023-01-26 Minutes of the Code Signing Certificate Working Group

Attendees

Andrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Martijn Katerbarg (Sectigo), Roberto Quinones (Intel), Tim Hollebeek (DigiCert), Trevoli (Amazon Trust Services)

Minutes

  1. Antitrust statement read
  2. Approval of minutes: Minutes for 12 January 2023 approved
  3. Ballot: Malware base revocation (Martijn)
  • Some discussion and need to get feedback into Github before the end of the week.
  • Bruce stated he would endorse after review. Ian is the other endorser.
  1. Ballot: Signing Service Update (Bruce)
  • Bruce is having difficulty with Github to move the ballot forward. Martijn volunteered to help out.
  • Ben asked for the procedure to give feedback, which can be done in Github or the mailing list
  • Tim H would like to see the mailing list used more often
  • Dean will check status of Ben in the mailing list
  • Ben started a discussion about multi-factor for Signing Service. We need to come up with a way to discuss how this can be done.
  • Ian indicated that the proposed change allows for secure server-to-server communication, but does not provide details
  1. Ballot: Remove SSL BR References (Dimitris)
  • Dimitris stated work has been done and has been reviewed with Martijn, now need to review with the group
  • Dean suggested we add to the F2F meeting, but we decided to review in the meeting
  • Dimitris added “Editor” notes for review
  • Dimitris has imported text from SSL BRs where no text is in the CSBRs
  • Inigo is concerned about conflicts between BRs, but Tim H advised that concerned CAs work in multiple working groups
  • Bruce suggested that it would be good if we had the “BR of BRs” to cover common items
  • There was discussion about updates to definitions and references
  • Decided not to import 4.2.1 from SSL BRs
  • There was a discussion about importing SubCA revocation and misalignment of paragraphs. It was suggested this could be fixed with the revocation ballot or another future ballot.
  • Decided to add in OCSP “3600 seconds” change with an effective date
  • For Suspension, decided to add “No stipulation” and address in a future ballot.
  1. Other business
  • F2F we have 1.5 hours scheduled
  • Try to make a plan for the year at F2F
  1. Next Meeting – 9 February 2023
  2. Adjourn
Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.9 - Ballot SMC011 - May 14, 2025

This ballot allows the option to use a European Unique Identifier (EUID) as a Registration Reference in the NTR Registration Scheme. The EUID uniquely identifies officially-registered organizations, Legal Entities, and branch offices within the European Union or the European Economic Area. The EUID is specified in chapter 9 of the Annex contained in the Implementing Regulation (EU) 2021/1042 which describes rules for the application of Directive (EU) 2017/1132 “relating to certain aspects of company law (codification)”. The ballot also includes several editorial corrections, (e.g., reordering of References and regrouping of information from Appendix A to Section 7.1.4.2.2 (d)). This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Adrian Mueller (SwissSign) and Adriano Santoni (Actalis).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).