2025-04-17 Minutes of the Code Signing Certificate Working Group
Minutes of CSCWG
April 17, 2025
These are the approved minutes of the CSCWG meeting of April 17th, 2025 as prepared by Martijn Katerbarg
Attendees
Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Inaba Atsushi (GlobalSign), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Luis Cervantes (SSL.com), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nate Santiago (Microsoft), Nome Huang (TrustAsia), Rebecca Kelly (SSL.com), Thomas Zermeno (SSL.com), Tim Crawford (CPA Canada/WebTrust)
Note Well
Martijn Katerbarg read the Note Well.
Approval of prior meeting minutes
Minutes of the March 6th meeting have been approved
Membership applications
• Antony Vennard (Interested Party) - Approved
CSC-29: Aligning CSCWG BRs with recent SCWG ballots
CSC-29 failed due to missing a Certificate Consumer vote. Nate mentioned working together with Karina to make sure he’s registered as a voting member. Corey mentions that once that registration is in place. He can restart CSC-29 as CSC-30 with no changed except a later effective date.
Maximum validity of CS certificates
Microsoft wants to move forward on this ballot. Nate has discussed internally and is proposing an effective date 12 month in the future from when the ballot will be started. Nate will start off the ballot, the working group has offered assistance where needed.
PQC ballot
During the F2F it was agreed to support all there parameter sets for ML-DSA. The ballot is pending one additional endorser. Nate mentions wanting to review the ballot text and having that on his todo list prior to the next call.
Moving towards a single profile
No updates yet from Microsoft on this topic.
Any Other Business
Marco raises is the CSCWG needs to consider MPIC. It’s brought forward that there is no direct DCV or CAA requirements for code signing certificates, thus there not being a use for MPIC.