CA/Browser Forum posts
Posts by author Corey Bonnell
2022-04-21 Minutes of the Code Signing Certificate Working Group
April 21, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Roberto Quinones (Intel), Tim Crawford (CPA Canada/WebTrust) Minutes Antitrust Statement: Read by Bruce Morton Minute Taker: Martijn Katerbarg Minutes of the April 7th meeting were approved. Ballot for CSBR Format Change There was a discussion on when the discussion period for the format change should start and whether we should wait until the IPR review period of ballot CSC-13 has completed or not.
April 21, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Roberto Quinones (Intel), Tim Crawford (CPA Canada/WebTrust) Minutes Antitrust Statement: Read by Bruce Morton Minute Taker: Martijn Katerbarg Minutes of the April 7th meeting were approved. Ballot for CSBR Format Change There was a discussion on when the discussion period for the format change should start and whether we should wait until the IPR review period of ballot CSC-13 has completed or not.
2022-04-07 Minutes of the Code Signing Certificate Working Group
April 7, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust) Minute-taker: Tim Crawford Minutes Antitrust Statement: Read by Dean Minutes for the March 24th meetings were approved Interested party application from Insta Oy No comment was offered, and the application was accepted. Updates on Ballot CSC-13 – Private Key Protection Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed.
April 7, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust) Minute-taker: Tim Crawford Minutes Antitrust Statement: Read by Dean Minutes for the March 24th meetings were approved Interested party application from Insta Oy No comment was offered, and the application was accepted. Updates on Ballot CSC-13 – Private Key Protection Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed.
Ballot CSC-13 – Update to Subscriber Key Protection Requirements
April 6, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2022-05-09, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, HARICA, Sectigo, SSL.com Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
April 6, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2022-05-09, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, HARICA, Sectigo, SSL.com Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
2022-03-24 Minutes of the Code Signing Certificate Working Group
March 24, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (Harica), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign), Thomas Gustavsson (PrimeKey), Tim Crawford (CPA Canada/WebTrust), Tim Hollebeek (DigiCert) Minutes Antitrust Statement: Read by Dean Minute Taker: Martijn Katerbarg Minutes of the February 24th (F2F) and March 10th meetings were approved Updates on ballot CSC-13 Bruce mentioned that the ballot is currently out for discussion.
March 24, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (Harica), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign), Thomas Gustavsson (PrimeKey), Tim Crawford (CPA Canada/WebTrust), Tim Hollebeek (DigiCert) Minutes Antitrust Statement: Read by Dean Minute Taker: Martijn Katerbarg Minutes of the February 24th (F2F) and March 10th meetings were approved Updates on ballot CSC-13 Bruce mentioned that the ballot is currently out for discussion.
2022-03-10 Minutes of the Code Signing Certificate Working Group
March 10, 2022 by Corey BonnellAttendees Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Joanna Fox – TrustCor, Martin Katerberg – Sectigo, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Roberto Quinones – Intel, Tim Hollebeek – DigiCert, Tomas Gustavsson Minutes Antitrust statement: read by Dean. Minutes: Approval of minutes from F2F on hold until people can review.
March 10, 2022 by Corey BonnellAttendees Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Joanna Fox – TrustCor, Martin Katerberg – Sectigo, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Roberto Quinones – Intel, Tim Hollebeek – DigiCert, Tomas Gustavsson Minutes Antitrust statement: read by Dean. Minutes: Approval of minutes from F2F on hold until people can review.
Ballot CSC-6 – Update to Subscriber Private Key Protection Requirements
March 2, 2022 by Corey BonnellResults of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers DigiCert, Entrust, GlobalSign, HARICA, SecureTrust Certificate Consumers Microsoft The ballot has FAILED. Purpose of the ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.7. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Tim Hollebeek of DigiCert and Bruce Morton of Entrust.
March 2, 2022 by Corey BonnellResults of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers DigiCert, Entrust, GlobalSign, HARICA, SecureTrust Certificate Consumers Microsoft The ballot has FAILED. Purpose of the ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.7. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Tim Hollebeek of DigiCert and Bruce Morton of Entrust.
2022-02-10 Minutes of the Code Signing Certificate Working Group
February 10, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Roberto Quinones – Intel, Tim Crawford – WebTrust Minutes Chris Kemmerer “volunteered” by Dean Coclin as minute taker. Antitrust statement: read by Corey. Minutes: discussion regarding minutes from Jan 27 2022 call: Dimitris observed that the minutes submitted are perhaps too detailed, easier to digest if summarized.
February 10, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Roberto Quinones – Intel, Tim Crawford – WebTrust Minutes Chris Kemmerer “volunteered” by Dean Coclin as minute taker. Antitrust statement: read by Corey. Minutes: discussion regarding minutes from Jan 27 2022 call: Dimitris observed that the minutes submitted are perhaps too detailed, easier to digest if summarized.
2022-01-27 Minutes of the Code Signing Certificate Working Group
January 27, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust , Ashish Dhiman – GlobalSign, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Jeff Ward – WebTrust, Karina Sirota – Microsoft, Kiran Tummala – Microsoft, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Tim Crawford – WebTrust, Tim Hollebeek – DigiCert Minutes Minutes of January 13th 2022 approved.
January 27, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust , Ashish Dhiman – GlobalSign, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Jeff Ward – WebTrust, Karina Sirota – Microsoft, Kiran Tummala – Microsoft, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Tim Crawford – WebTrust, Tim Hollebeek – DigiCert Minutes Minutes of January 13th 2022 approved.
2022-01-13 Minutes of the Code Signing Certificate Working Group
January 13, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Hollebeek, Tomas Gustavsson Minutes The Antitrust statement was read. Minutes from the prior meeting on December 16, 2021 were approved CSC-6 Subscriber Private Key Protection Ian thought he had sent the draft to the list before the holidays but it was determined that was not the case.
January 13, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Hollebeek, Tomas Gustavsson Minutes The Antitrust statement was read. Minutes from the prior meeting on December 16, 2021 were approved CSC-6 Subscriber Private Key Protection Ian thought he had sent the draft to the list before the holidays but it was determined that was not the case.
2022-01-06 Minutes of the CA/Browser Forum Teleconference
January 6, 2022 by Corey BonnellAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Israr Ahmed (E-tugra), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
January 6, 2022 by Corey BonnellAttendees Adam Jones (Microsoft), Adrian Mueller (SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Dean Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumihiko Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Israr Ahmed (E-tugra), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kati Davids (GoDaddy), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Niko Carpenter (SecureTrust), Peter Miskovic (Disig), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Ryan Dickson (Google), Stephen Davidson (Digicert), Tadahiko Ito (SECOM Trust Systems), Tim Hollebeek (Digicert), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijayakumar (Vijay) Manjunatha (eMudhra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)