CA/Browser Forum
Home » Posts » 2024-03-21 Minutes of the Code Signing Certificate Working Group

2024-03-21 Minutes of the Code Signing Certificate Working Group

Agenda

  1. Roll Call
  2. Antitrust reminder
  3. Minutes
  4. Ballots
  5. Membership
  6. Other business
  7. Next meeting – April 4th
  8. Adjourn

Attendees

Dean Coclin (DigiCert), Martijn Katerbarg (Sectigo), Brianca Martin (Amazon), Tim Crawford (CPA Canada/WebTrust), Thomas Zermeno (SSL.com), Mohit Kumar (GlobalSign), Scott Rea (eMudhra, Mohit Kumar (GlobalSign), Dimitris Zacharopoulos (HARICA), Atsushi INABA (GlobalSign), Inigo Barreira (Sectigo)

Minutes

Dean Coclin read the Antitrust policy.

Meeting minutes – No minutes to approve. Andrea Holland working on minutes from F2F-New Delhi.

Ballots

  • CSC-23, Marking the EV Code Signing Guidelines Obsolete, in the voting period, ends next week. Needs vote from Microsoft (only CA in the group).
  • Removing EV guidelines references (in discussion) – imported the latest changes from the CS BR’s, ballot is ready, looking for 2 endorsers. EV will not be removed, will likely enhance the validation methods of the existing OV level.
  • Noted that a file on the wiki hasn’t been changed in years. Not included in the guidelines, needs chair approval to remove it.
  • Timestamping Private Key Protection – Incorporated feedback, ready to start discussion period.

Membership

  • Identrust – Current associate member, requesting transition to full membership in the CSWG. Server Cert Working Group (SCWG) approved them to be a full member. Each working group needs to approve their status, membership level can be different across groups. Ian (Microsoft) confirmed they have the appropriate root in Windows and the appropriate audit (link provided in the application). Request approved without objection. Dean to send confirmation to Marco.
  • Keyfactor – Request to upgrade to become an associate member in the CSWG. Noted for information that the request was approved by the SCWG. Status has traditionally been used for groups like FederalPKI, Webtrust, Etsy and companies that are in the process of applying for a root certificate in a browser. This would be the 1st time for the CSWG that a particular company would be given associate member status. It was noted that they run a CA platform that several CA/B forum members use, may not specifically be related to code signing. Discussion on Keyfactor was held at the forum level during the F2F meeting. Concern was raised about setting a bad precedent. Dean to discuss with Tim. Approval postponed to the next meeting.

Other Business: None

Meeting adjourned. Next meeting April 4th.

Latest releases
Code Signing Requirements
v3.7 - Mar 4, 2024

S/MIME Requirements
v1.0.4 - Ballot SMC06 - May 11, 2024

Ballot SMC06: Post implementation clarification and corrections

Related posts
Tags
Code Signing Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).