CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-09-22 Minutes of the Code Signing Certificate Working Group

2024-09-22 Minutes of the Code Signing Certificate Working Group

Attendees

Bruce Morton (Entrust), Corey Bonnell (DigiCert), Andrea Holland (VikingCloud), AtsushiI Inaba (GlobalSign, Brian Winters (IdenTrust), Ian Macmillan (Microsoft), Marco Schambach (IdenTrust), Scott Rea (eMudra), Tim Crawford ( BDO ), Tim Hollebeek (DigiCert), Nate Santiago ( Microsoft ), Martijn Karterbarg (Sectigo), Mohit Kumar (GlobalSign), Brianca Martin (Amazon)

Minutes

Antitrust reminder – Read

Approve prior meeting minutes – Sept 5th (Brianca) – Approved

Max validity of CS certs (Ian) – proposal

  • Ian McMillan to send out within 2-3 weeks the proposed language change and justification for maximum validity of code signing certificates
  • Need at least two endorsers
  • Nate Santiago to start participating in discussions and potentially replace Ian McMillan in future conversations

Fall elections: Vice Chair nomination

  • Have new Chair (Martijn)
  • Nominations for a vice chair in the code signing working group will be discussed in the forum
  • Tim: If no one responds within the CS WG, we go to the Forum to get nominations
  • Martijn and Bruce are disqualified and so it is Tim Crawford
  • Dean could be nominated but he is already appointed as the new Forum Chair

Preparing for F2F

Proposed topics:

  1. Focus on consolidating the differences between non-EV CS and EV CS certificates.
  2. Ian : Have discussion on post-quantum algorithms and certificate types.
    1. Algorithms
    2. Cert types
    3. Tim and Nate volunteer to lead this discussion for 30-45 minutes
    4. Need level setting and then review the available options
    5. Identify use cases

Tim H: ICA and Root creation Post Quantum (PQ) will require a lot of transition/migration

Ian: Need to clear the requirements for applying PQ

  1. Ballot review
    1. None pending

Other business

  • Bruce: Email thread about the redlined document of the CS BR v 3.7

  • Corey:

    • There were 2 published versions, but the approved version was an old version.
    • Should the approved version be corrected, although it passed IPR?
    • Should a new ballot be created acknowledging the error and confirming that the final clean version is correct?
    • Any objections to keep documents as they are now?
    • No Objection raised but agreed to add an agenda item in the F2F in Seattle to includes a review of the code signing BR version 3.7 red line and potential cleanup items.
    • Consider a cleanup ballot to remove unnecessary text prior to effective dates
  • Andrea Holland: Viking Cloud is stepping away from the CS WG

Next meeting – Oct 3rd, should we cancel? F2F following week No objections to cancel and conduct the following meeting during the F2F meeting in Seattle

Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.9 - Ballot SMC011 - May 14, 2025

This ballot allows the option to use a European Unique Identifier (EUID) as a Registration Reference in the NTR Registration Scheme. The EUID uniquely identifies officially-registered organizations, Legal Entities, and branch offices within the European Union or the European Economic Area. The EUID is specified in chapter 9 of the Annex contained in the Implementing Regulation (EU) 2021/1042 which describes rules for the application of Directive (EU) 2017/1132 “relating to certain aspects of company law (codification)”. The ballot also includes several editorial corrections, (e.g., reordering of References and regrouping of information from Appendix A to Section 7.1.4.2.2 (d)). This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Adrian Mueller (SwissSign) and Adriano Santoni (Actalis).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).