CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-03-21 Minutes of the Code Signing Certificate Working Group

2024-03-21 Minutes of the Code Signing Certificate Working Group

Agenda

  1. Roll Call
  2. Antitrust reminder
  3. Minutes
  4. Ballots
  5. Membership
  6. Other business
  7. Next meeting – April 4th
  8. Adjourn

Attendees

Dean Coclin (DigiCert), Martijn Katerbarg (Sectigo), Brianca Martin (Amazon), Tim Crawford (CPA Canada/WebTrust), Thomas Zermeno (SSL.com), Mohit Kumar (GlobalSign), Scott Rea (eMudhra, Mohit Kumar (GlobalSign), Dimitris Zacharopoulos (HARICA), Atsushi INABA (GlobalSign), Inigo Barreira (Sectigo)

Minutes

Dean Coclin read the Antitrust policy.

Meeting minutes – No minutes to approve. Andrea Holland working on minutes from F2F-New Delhi.

Ballots

  • CSC-23, Marking the EV Code Signing Guidelines Obsolete, in the voting period, ends next week. Needs vote from Microsoft (only CA in the group).
  • Removing EV guidelines references (in discussion) – imported the latest changes from the CS BR’s, ballot is ready, looking for 2 endorsers. EV will not be removed, will likely enhance the validation methods of the existing OV level.
  • Noted that a file on the wiki hasn’t been changed in years. Not included in the guidelines, needs chair approval to remove it.
  • Timestamping Private Key Protection – Incorporated feedback, ready to start discussion period.

Membership

  • Identrust – Current associate member, requesting transition to full membership in the CSWG. Server Cert Working Group (SCWG) approved them to be a full member. Each working group needs to approve their status, membership level can be different across groups. Ian (Microsoft) confirmed they have the appropriate root in Windows and the appropriate audit (link provided in the application). Request approved without objection. Dean to send confirmation to Marco.
  • Keyfactor – Request to upgrade to become an associate member in the CSWG. Noted for information that the request was approved by the SCWG. Status has traditionally been used for groups like FederalPKI, Webtrust, Etsy and companies that are in the process of applying for a root certificate in a browser. This would be the 1st time for the CSWG that a particular company would be given associate member status. It was noted that they run a CA platform that several CA/B forum members use, may not specifically be related to code signing. Discussion on Keyfactor was held at the forum level during the F2F meeting. Concern was raised about setting a bad precedent. Dean to discuss with Tim. Approval postponed to the next meeting.

Other Business: None

Meeting adjourned. Next meeting April 4th.

Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.9 - Ballot SMC011 - May 14, 2025

This ballot allows the option to use a European Unique Identifier (EUID) as a Registration Reference in the NTR Registration Scheme. The EUID uniquely identifies officially-registered organizations, Legal Entities, and branch offices within the European Union or the European Economic Area. The EUID is specified in chapter 9 of the Annex contained in the Implementing Regulation (EU) 2021/1042 which describes rules for the application of Directive (EU) 2017/1132 “relating to certain aspects of company law (codification)”. The ballot also includes several editorial corrections, (e.g., reordering of References and regrouping of information from Appendix A to Section 7.1.4.2.2 (d)). This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Adrian Mueller (SwissSign) and Adriano Santoni (Actalis).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).