CA/Browser Forum
Home » Posts » 2023-02-09 Minutes of the Code Signing Certificate Working Group

2023-02-09 Minutes of the Code Signing Certificate Working Group


Andrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quinones (Intel), Rollin Yu (TrustAsia), Tim Crawford (WebTrust), Tim Hollebeek (DigiCert)


  1. Antitrust statement read
  2. Approval of minutes: Jan 26th minutes have not been sent out
  3. Ballot: Malware base revocation (Martijn)
  • Received some pushback on the mailing list.
  • Discussion from Martijn K., Bruce M., Ian M., and Tim H. around revamping the entire revocation section.
  • Agreed to pull revocation sections from the TLS and SMIME BRs and removing unnecessary items and added necessary sections like backdating and revocation investigations.
  1. Ballot: Signing Service Update (Bruce)
  • Previous action item was to change the definition of Signing Service to align what a signing service does and its models.
  • Proposed definition- **Subscriber Key Protection Service**: An organization that generates the Key Pair and securely generates and manages the Private Key associated with a Subscriber’s Code Signing Certificate.
  • Discussion from Bruce M., Tim H., Ian M., Inigo B., and Martijn K. on the requirements for signing service: who generates, who activates, who stores, how it is stored and how is it managed. Discussion around adjusting the name from Signing Service to Subscriber Key Protection Service as the focus of the Signing Service is on protection not the artifact being signed.
  • Next step is to close out the comments, push through the new definition, get a second proposal, and effective date.
  1. Ballot: Remove SSL BR References – tabled discussion
  2. Other business – F2F prep
  • Top 3 Goals are being worked on

      1. Revocation ballot
  1. Subscriber Key Protection Service ballot
  2. SSL BR reference ballot
    • Additional goals:
      1. timestamp updates
  1. high risk applicants

  2. validity period

  3. shorter lived certificates

  4. certificate transparency

  5. Next Meeting – Potentially cancel the meeting on 23 February

  6. Adjourn

Latest releases
Code Signing Requirements
v3.7 - Mar 4, 2024

S/MIME Requirements
v1.0.5 - Ballot SMC07 - Jul 15, 2024

Ballot SMC07: Align Logging Requirement and Key Escrow clarification

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).