CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-09-22 Minutes of the Code Signing Certificate Working Group

2024-09-22 Minutes of the Code Signing Certificate Working Group

Attendees

Bruce Morton (Entrust), Corey Bonnell (DigiCert), Andrea Holland (VikingCloud), AtsushiI Inaba (GlobalSign, Brian Winters (IdenTrust), Ian Macmillan (Microsoft), Marco Schambach (IdenTrust), Scott Rea (eMudra), Tim Crawford ( BDO ), Tim Hollebeek (DigiCert), Nate Santiago ( Microsoft ), Martijn Karterbarg (Sectigo), Mohit Kumar (GlobalSign), Brianca Martin (Amazon)

Minutes

Antitrust reminder – Read

Approve prior meeting minutes – Sept 5th (Brianca) – Approved

Max validity of CS certs (Ian) – proposal

  • Ian McMillan to send out within 2-3 weeks the proposed language change and justification for maximum validity of code signing certificates
  • Need at least two endorsers
  • Nate Santiago to start participating in discussions and potentially replace Ian McMillan in future conversations

Fall elections: Vice Chair nomination

  • Have new Chair (Martijn)
  • Nominations for a vice chair in the code signing working group will be discussed in the forum
  • Tim: If no one responds within the CS WG, we go to the Forum to get nominations
  • Martijn and Bruce are disqualified and so it is Tim Crawford
  • Dean could be nominated but he is already appointed as the new Forum Chair

Preparing for F2F

Proposed topics:

  1. Focus on consolidating the differences between non-EV CS and EV CS certificates.
  2. Ian : Have discussion on post-quantum algorithms and certificate types.
    1. Algorithms
    2. Cert types
    3. Tim and Nate volunteer to lead this discussion for 30-45 minutes
    4. Need level setting and then review the available options
    5. Identify use cases

Tim H: ICA and Root creation Post Quantum (PQ) will require a lot of transition/migration

Ian: Need to clear the requirements for applying PQ

  1. Ballot review
    1. None pending

Other business

  • Bruce: Email thread about the redlined document of the CS BR v 3.7

  • Corey:

    • There were 2 published versions, but the approved version was an old version.
    • Should the approved version be corrected, although it passed IPR?
    • Should a new ballot be created acknowledging the error and confirming that the final clean version is correct?
    • Any objections to keep documents as they are now?
    • No Objection raised but agreed to add an agenda item in the F2F in Seattle to includes a review of the code signing BR version 3.7 red line and potential cleanup items.
    • Consider a cleanup ballot to remove unnecessary text prior to effective dates
  • Andrea Holland: Viking Cloud is stepping away from the CS WG

Next meeting – Oct 3rd, should we cancel? F2F following week No objections to cancel and conduct the following meeting during the F2F meeting in Seattle

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).