CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-11-14 Minutes of the Code Signing Certificate Working Group

2024-11-14 Minutes of the Code Signing Certificate Working Group

Attendees

Atsushi Inaba (GlobalSign); Brian Winters (IdenTrust); Corey Bonnell (DigiCert); Dean Coclin (DigiCert); Inigo Barreira (Sectigo); Luis Cervantes (SSL.com); Marco Schambach (IdenTrust); Martijn Katerbarg (Sectigo); Nome-Huang (TrustAsia); Rebecca Kelley (SSL.com); Roberto Quiñones (Intel); Thomas Zermeno (SSL.com); Yateesh Bhardwaj (Globalsign)

Prior meeting minutes

  • 10/10/24 by Kateryna Alexsieieva (Asseco)- posted 11/03/24 - approved
  • Minutes from 10/31/24 by Martijn - posted 11/11/24 - approved

Maximum validity of code signing certs

  • worked on by Ian; he’s a bit behind on that, hopes to get it into GitHub before Thanksgiving holiday
  • no comments on the ballot

Email from Bruce Morton (Entrust) 10/31/24

  • aligning the code signing BRs with SCWG BRs
  • Cory evaluated the ballot concerns
  • Ballot SC-73 - has some value with CSCWG
  • Ballot SC-75 - Pre-Sign linting - there is no linting created for CS at this time.
  • Ballot SC-76v2 -OCSP requirements - Microsoft removed their requirements. Martijn feels like we could follow the ballot; Corey agrees that the 15-minute rule has some value to Code Signing. There’s lots of pre-cert language in the ballot that does not relate to Code Signing.
  • Ballot SC-77 - Update Web Trust Audit name in Section 8.4 and references - already addressed
  • Ballot SC-78 - Subject organizationName - Martijn is checking to see if there are CS issues
  • Ballot SC 79v2 - allow more than one certificate policy - not relevant in CS environment.
  • Martijn mentioned a desired logging ballot; and will update the list with it, later.

Other business

  • New Chair starting 12/1/24 - Martijn and new Vice Chair Thomas
  • No meeting on 11/28 for Thanksgiving – Martijn will lead the meeting on 12/12; need to set new hosts for the WebEx meeting.
  • Dean gave a great farewell speech, and we all thanked him for his great service to the CSCWG
Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.10 - Ballot SMC012 - Jul 2, 2025

Introduces a new method for validation of mailbox control, using ACME for S/MIME as defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates.

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).