CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-02-09 Minutes of the Code Signing Certificate Working Group

2023-02-09 Minutes of the Code Signing Certificate Working Group

Attendees

Andrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry (Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quinones (Intel), Rollin Yu (TrustAsia), Tim Crawford (WebTrust), Tim Hollebeek (DigiCert)

Minutes

  1. Antitrust statement read
  2. Approval of minutes: Jan 26th minutes have not been sent out
  3. Ballot: Malware base revocation (Martijn)
  • Received some pushback on the mailing list.
  • Discussion from Martijn K., Bruce M., Ian M., and Tim H. around revamping the entire revocation section.
  • Agreed to pull revocation sections from the TLS and SMIME BRs and removing unnecessary items and added necessary sections like backdating and revocation investigations.
  1. Ballot: Signing Service Update (Bruce)
  • Previous action item was to change the definition of Signing Service to align what a signing service does and its models.
  • Proposed definition- **Subscriber Key Protection Service**: An organization that generates the Key Pair and securely generates and manages the Private Key associated with a Subscriber’s Code Signing Certificate.
  • Discussion from Bruce M., Tim H., Ian M., Inigo B., and Martijn K. on the requirements for signing service: who generates, who activates, who stores, how it is stored and how is it managed. Discussion around adjusting the name from Signing Service to Subscriber Key Protection Service as the focus of the Signing Service is on protection not the artifact being signed.
  • Next step is to close out the comments, push through the new definition, get a second proposal, and effective date.
  1. Ballot: Remove SSL BR References – tabled discussion
  2. Other business – F2F prep

  • Top 3 Goals are being worked on

      1. Revocation ballot
  1. Subscriber Key Protection Service ballot
  2. SSL BR reference ballot
    • Additional goals:
      1. timestamp updates

  1. high risk applicants

  2. validity period

  3. shorter lived certificates

  4. certificate transparency

  5. Next Meeting – Potentially cancel the meeting on 23 February

  6. Adjourn

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Code Signing Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).