CAB Forum Certificate Issuers, Certificate Consumers, and Interested Parties Working to Secure the Web
Attendees Andrea Holland, Brianca Martin, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Inigo Barreira, Michael Sykes Mohit Kumar, Rollin Yu, Tim Crawford, Trevoli Ponds-White Minutes Antitrust statement was read. Minutes approved for last meeting 1-Dec-22 and F2F. There was discussion on how we can make minutes more effective – in general with a suggestion on recapping along discussion by …
Read More »Code Signing
Ballot CSC-17: Subscriber Private Key Extension
Notice of Review Period (Mailing list post is available here.) The IPR review period ended on October 28, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-10-28, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for …
Read More »2022-08-25 Minutes of the Code Signing Certificate Working Group
Attendees Andrea Holland, Atsushi Inaba, Bruce Morton, Christophe Bonjean, Corey Bonnell, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Lynn Jeun, Martijn Katerbarg, Mohit Kumar, Tim Crawford, Tim Hollebeek Minutes Bruce read the anti-trust statement. Meeting minutes for 2022-08-11 were approved. Malware revocation ballot Martijn said there were updates in Github (https://github.com/cabforum/code-signing/pull/10). Christophe and Corey have been providing feedback. There …
Read More »Ballot CSC-15 – Summer 2022 Cleanup
Results of Review Period (Mailing list post is available here.) The IPR review period ended on September 19, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-09-19, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for …
Read More »2022-08-11 Minutes of the Code Signing Certificate Working Group
Attendees Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Lynn Jeun, Martijn Katerbarg, Michael Sykes, Tomas Gustavsson Minutes Anti-Trust Statement read by DeanPrior meeting minutes fron July 28, 2022 are approved without objection or comment. CSC-15 Ballot Status Voting period closed and Dean will be announcing the results.Next steps to send out for IPR. Signing Service Proposed Ballot …
Read More »Ballot CSC-14 – Convert Code Signing Baseline Requirements to RFC 3647 Framework
Results of Review Period (Mailing list post is available here.) The IPR review period ended on June 25, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-06-29, are available here. Summary of Review Ballot for ReviewBallot CSC-14 – Convert Code Signing Baseline Requirements to RFC 3647 FrameworkStart of Review Period26 May 2022 at 18:00 UTCEnd of Review Period25 June …
Read More »Ballot CSC-13 – Update to Subscriber Key Protection Requirements
Results of Review Period (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2022-05-09, are available here. Results of Voting (Mailing list post is available here.) YesNoAbstainCertificate IssuersCertum (Asseco)DigiCerteMudhraEntrustHARICASectigoSSL.comCertificate ConsumersMicrosoftThe ballot has PASSED. Purpose of the Ballot Update the subscriber private key protection requirements …
Read More »Ballot CSC-6 – Update to Subscriber Private Key Protection Requirements
Results of Voting (Mailing list post is available here.) YesNoAbstainCertificate IssuersDigiCertEntrustGlobalSignHARICASecureTrustCertificate ConsumersMicrosoftThe ballot has FAILED. Purpose of the ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.7. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Tim Hollebeek of DigiCert and …
Read More »Ballot CSC-12 – CRL Revocation Date Clarification
Results of IPR Review (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2021-12-03, are available here. Results of Voting (Mailing list post is available here.) YesNoAbstainCertificate IssuersCertum (Asseco)DigiCertEntrustE-TUGRAGlobalSignHARICASectigoSSL.comCertificate ConsumersMicrosoftThe ballot has PASSED. Purpose of the Ballot While RFC 5280, section 5.3.2 specifies that …
Read More »Ballot CSC-11 – Update to log data retention requirements
Results of IPR Review (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2021-11-03, are available here. Results of Voting (Mailing list post is available here.) YesNoAbstainCertificate IssuersCertum (Asseco)DigiCerteMudhraEntrustGlobalSignHARICASectigoSecureTrustCertificate ConsumersMicrosoftThe ballot has PASSED. Purpose of the Ballot Update the log data and retention of …
Read More »