Attendees

Andrea Holland (VikingCloud), Atsushi INABA (GlobalSign), Ben Dewberry (Keyfactor), Bhat Abhishek (eMudhra), Brianca Martin (Amazon), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Janet Hines (VikingCloud), Keshava N (eMudhra), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Roberto Quiñones (Intel), Scott Rea (eMudhra), Tim Crawford (BDO/WebTrust), Tim Hollebeek (DigiCert)

Minutes

Antitrust statement: The Antitrust statement was read.

Approval of minutes: Previous F2F meeting’s minutes still being compiled

• Ballot: CSC 18 has passed and IPR review period is over

• • No claims received

• Look into rebasing the last two Ballots into Dimitri’s branch

• • Now that the IPR period is over that can be done

• Signing service Ballot

• • Most of the text is written but could now be out of Sync with updates coming in from Dimitri’s ballot
  • Need to recut the ballot after going through the previous ballot

• High risk language change proposal (Bruce, Tim, and Ian)

• • Work on getting (High risk language, time stamping change, EB certificates, certificate transparency) discussion in a prioritized order
  • All items that have been talked about but nobody is working on a specific one
  • High risk can be done now, other two waiting on more fleshed out text
  • Certificate Transparency

• • • Presentation on Certificate Transparency Coming up at an upcoming code signing meeting

• • Time Stamping change

• • • Setting a requirement for time stamping, also impacts non code signing items
    • Time stamping authorities for code signing intermixed with time stamping authorities for other things and causes a number of problems but no need for it to necessarily continue
    • Potential next steps

• • • • Designate which timestamp servers are meant to be a codesigning according to the CAB forum code signing requirements

• • Prioritization discussions to come when Ian joins next

• Next Call: July 13^th
• Adjourn