CA/Browser Forum
Home » Posts » 2023-11-16 Minutes of the Code Signing Certificate Working Group

2023-11-16 Minutes of the Code Signing Certificate Working Group


Andrea Holland – (VikingCloud), Ben Dewberry – (Keyfactor), Brianca Martin – (Amazon), Bruce Morton – (Entrust), Corey Bonnell – (DigiCert), Dimitris Zacharopoulos – (HARICA), Eva Vansteenberge – (GlobalSign), Ian McMillan – (Microsoft), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Janet Hines – (VikingCloud), Martijn Katerbarg – (Sectigo), Mohit Kumar – (GlobalSign), Richard Kisley – (IBM), Roberto Quionones – (Intel), Rollin Yu – (TrustAsia Technologies Inc), Scott Rea – (eMudhra), Tim Crawford – (CPA Canada/WebTrust)


Assign Minute taker

  • Martijn Katerbarg

Roll call

  • Read by Bruce

Antitrust Compliance Statement

  • Read by Bruce

Approval of prior meeting minutes

  • Minutes of the November 2nd meeting were approved.

Ballot CSC-21 (Signing Service) Status

  • Ian discussed with Tim that the Cloud Security Alliance (CSA) STAR CCM Certification with the audit requirements (“Level 1” or “Level 2”) could be an alternative to the proposed audit requirements.
  • Bruce suggested that this could be a big change to the ballot, so how do we proceed.
  • Dimitris stated that the discussion period can last for 90-days, so we have time to update and start a new discussion period. Bruce and Ian will work on an update to the ballot.

High Risk Ballot

  • It’s agreed that with CSC-21 being put on hold, the High Risk ballot can proceed and take priority. Bruce with work with Corey to add the proposal to GitHub and start a ballot.

Remove EV Guideline References Ballot

  • Dimitris offered to prepare a non-normative ballot to remove all EV Guideline references from the CSBRs. A follow-up normative ballot will be considered to change/update the EV requirements.

CSCWG Charter Update Ballot

  • Ballot text is final. Dimitris has already endorsed. Bruce offered to endorse during the call.

Other business

  • During the November 30 meeting, a presentation will be given regarding the Key Attestation RFC.

Next meeting

  • 2023-11-30
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).