Code Signing Certificate Working Group Meeting Minutes – July 10th, 2025

Note Well

The Note Well was read.

Review of Agenda

Agenda reviewed and accepted without changes.

Approval of Minutes

• 29 May minutes: Approved.

Discussion Topics

CSC-XX – Reduction of Validity Period

• Karina (Microsoft) provided a status update confirming collaboration with Nate (Microsoft).
• Ballot proposal expected to be distributed within the next one to two weeks.

CSC-30 – Aligning CSCWG BRs with Recent SCWG Ballot

• Corey summarized the previous ballot’s failure due to concerns from Microsoft regarding:
  • Immediate effective dates for weak key checking.
  • Multiple normative changes bundled into one ballot.
  • OCSP-related concerns.
• Karina clarified Microsoft’s position:
  • Linting requirement acceptable.
  • Immediate effective date for weak keys problematic; future effective date acceptable.
  • OCSP concerns remain.
• Corey proposed retaining the ballot as a single ballot to simplify administration. Karina agreed.
• Microsoft committed to providing detailed feedback on specific concerns before the next meeting.
• Nate (Microsoft) and Karina will prepare updates by end of next week.

Any Other Business

• Nate (Microsoft) requested clarification about GitHub PR procedures for ballot proposals. Guidance provided by Corey and Tim on targeting the CAB Forum repository directly.
• Discussed ballot prioritization; agreed that the validity period ballot is higher priority due to readiness.

Next Meeting

July 24th

Attendees

Adriano Santoni (Actalis S.p.A.), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Inaba Atsushi (GlobalSign), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Luis Cervantes (SSL.com), Marco Schambach (IdenTrust), Nate Santiago (Microsoft), Nome Huang (TrustAsia), Rebecca Kelly (SSL.com), Scott Rea (eMudhra), Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Yateesh Bhardwaj (GlobalSign)