2024-11-14 Minutes of the Code Signing Certificate Working Group

Attendees

Atsushi Inaba (GlobalSign); Brian Winters (IdenTrust); Corey Bonnell (DigiCert); Dean Coclin (DigiCert); Inigo Barreira (Sectigo); Luis Cervantes (SSL.com); Marco Schambach (IdenTrust); Martijn Katerbarg (Sectigo); Nome-Huang (TrustAsia); Rebecca Kelley (SSL.com); Roberto Quiñones (Intel); Thomas Zermeno (SSL.com); Yateesh Bhardwaj (Globalsign)

Prior meeting minutes

• 10/10/24 by Kateryna Alexsieieva (Asseco)- posted 11/03/24 - approved
• Minutes from 10/31/24 by Martijn - posted 11/11/24 - approved

Maximum validity of code signing certs

• worked on by Ian; he’s a bit behind on that, hopes to get it into GitHub before Thanksgiving holiday
• no comments on the ballot

Email from Bruce Morton (Entrust) 10/31/24

• aligning the code signing BRs with SCWG BRs
• Cory evaluated the ballot concerns
• Ballot SC-73 - has some value with CSCWG
• Ballot SC-75 - Pre-Sign linting - there is no linting created for CS at this time.
• Ballot SC-76v2 -OCSP requirements - Microsoft removed their requirements. Martijn feels like we could follow the ballot; Corey agrees that the 15-minute rule has some value to Code Signing. There’s lots of pre-cert language in the ballot that does not relate to Code Signing.
• Ballot SC-77 - Update Web Trust Audit name in Section 8.4 and references - already addressed
• Ballot SC-78 - Subject organizationName - Martijn is checking to see if there are CS issues
• Ballot SC 79v2 - allow more than one certificate policy - not relevant in CS environment.
• Martijn mentioned a desired logging ballot; and will update the list with it, later.

Other business

• New Chair starting 12/1/24 - Martijn and new Vice Chair Thomas
• No meeting on 11/28 for Thanksgiving – Martijn will lead the meeting on 12/12; need to set new hosts for the WebEx meeting.
• Dean gave a great farewell speech, and we all thanked him for his great service to the CSCWG