CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-02-09 Minutes of the Code Signing Certificate Working Group

2023-02-09 Minutes of the Code Signing Certificate Working Group

Attendees

Andrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quinones (Intel), Rollin Yu (TrustAsia), Tim Crawford (WebTrust), Tim Hollebeek (DigiCert)

Minutes

  1. Antitrust statement read
  2. Approval of minutes: Jan 26th minutes have not been sent out
  3. Ballot: Malware base revocation (Martijn)
  • Received some pushback on the mailing list.
  • Discussion from Martijn K., Bruce M., Ian M., and Tim H. around revamping the entire revocation section.
  • Agreed to pull revocation sections from the TLS and SMIME BRs and removing unnecessary items and added necessary sections like backdating and revocation investigations.
  1. Ballot: Signing Service Update (Bruce)
  • Previous action item was to change the definition of Signing Service to align what a signing service does and its models.
  • Proposed definition- **Subscriber Key Protection Service**: An organization that generates the Key Pair and securely generates and manages the Private Key associated with a Subscriber’s Code Signing Certificate.
  • Discussion from Bruce M., Tim H., Ian M., Inigo B., and Martijn K. on the requirements for signing service: who generates, who activates, who stores, how it is stored and how is it managed. Discussion around adjusting the name from Signing Service to Subscriber Key Protection Service as the focus of the Signing Service is on protection not the artifact being signed.
  • Next step is to close out the comments, push through the new definition, get a second proposal, and effective date.
  1. Ballot: Remove SSL BR References – tabled discussion
  2. Other business – F2F prep
  • Top 3 Goals are being worked on

      1. Revocation ballot
  1. Subscriber Key Protection Service ballot
  2. SSL BR reference ballot
    • Additional goals:
      1. timestamp updates
  1. high risk applicants

  2. validity period

  3. shorter lived certificates

  4. certificate transparency

  5. Next Meeting – Potentially cancel the meeting on 23 February

  6. Adjourn

Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.10 - Ballot SMC012 - Jul 2, 2025

Introduces a new method for validation of mailbox control, using ACME for S/MIME as defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).