CA/Browser Forum posts
Posts by tag Code Signing
2025-07-10 Minutes of the Code Signing Certificate Working Group
July 10, 2025 by Code Signing Certificate Working Group Meeting Minutes – July 10th, 2025Note Well The Note Well was read.
July 10, 2025 by Code Signing Certificate Working Group Meeting Minutes – July 10th, 2025Note Well The Note Well was read.
2025-06-26 Minutes of the Code Signing Certificate Working Group
June 26, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: June 26, 2025 Note Well The Note Well was read.
June 26, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: June 26, 2025 Note Well The Note Well was read.
2025-06-12 Minutes of the Code Signing Certificate Working Group
June 12, 2025 by These are the Final Minutes of the CSCWG F2F Meeting as prepared by Brianca Martin. Martijn read the Antitrust statement. Adopted agenda as presented. Discussion topics Discussion Topic: Migration to a single profile Microsoft introduced this topic 1 year ago. Are there specific items that we want to bring to a single profile? Karina from Microsoft: Need to understand where the line is we want to draw. Goal is to keep them closer to EV, uplevel all code signing certificates to keep as much identify/information as we can. Suggestion from Martijn to go through section to indentify each section that needs to be removed. Karina suggested we have an offline discussion to review the fields. Martijn suggested to use GitHub. Send Karina an email if you want to participate in this discussion. Brianca asked what the end goal is or if there is a timeline driving this requirement. Karina - Goal is that every certificate is EV. Bruce from Entrust expressed that EV may not support all subscribers. May have to change the EV rules. Rather than having all EV characteristics they have the Org ID which provides third party information about the subscriber. Consider using another number in the Org ID Karina would like data to understand how many subscribers OV doesn’t work for and why. The average consumer should be able to see who signed the code. Bruce stated that the Non-EV side allows “”, EV does not. Consider eliminating OV for individuals. Document signing required face to face verification, code signing does not. Code signing certificates most to sign malware. Martijn shared a recent example about a reason to include face to face verification. Karina emphasized that she is open to carve outs. Corey shared a DV-style for code signing that may be useful for certificates without an organization. Martijn Corey shared that publicly trusted certificates use “”, we may be able to use that for code signing. Martijn will start a branch on GitHub to start the process. Discussion Topic: Reduction of maximum certificate validity *No updates from Microsoft
June 12, 2025 by These are the Final Minutes of the CSCWG F2F Meeting as prepared by Brianca Martin. Martijn read the Antitrust statement. Adopted agenda as presented. Discussion topics Discussion Topic: Migration to a single profile Microsoft introduced this topic 1 year ago. Are there specific items that we want to bring to a single profile? Karina from Microsoft: Need to understand where the line is we want to draw. Goal is to keep them closer to EV, uplevel all code signing certificates to keep as much identify/information as we can. Suggestion from Martijn to go through section to indentify each section that needs to be removed. Karina suggested we have an offline discussion to review the fields. Martijn suggested to use GitHub. Send Karina an email if you want to participate in this discussion. Brianca asked what the end goal is or if there is a timeline driving this requirement. Karina - Goal is that every certificate is EV. Bruce from Entrust expressed that EV may not support all subscribers. May have to change the EV rules. Rather than having all EV characteristics they have the Org ID which provides third party information about the subscriber. Consider using another number in the Org ID Karina would like data to understand how many subscribers OV doesn’t work for and why. The average consumer should be able to see who signed the code. Bruce stated that the Non-EV side allows “”, EV does not. Consider eliminating OV for individuals. Document signing required face to face verification, code signing does not. Code signing certificates most to sign malware. Martijn shared a recent example about a reason to include face to face verification. Karina emphasized that she is open to carve outs. Corey shared a DV-style for code signing that may be useful for certificates without an organization. Martijn Corey shared that publicly trusted certificates use “”, we may be able to use that for code signing. Martijn will start a branch on GitHub to start the process. Discussion Topic: Reduction of maximum certificate validity *No updates from Microsoft
2025-05-29 Minutes of the Code Signing Certificate Working Group
May 29, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: May 29, 2025 1. Antitrust Reminder Martijn read the Note Well
May 29, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: May 29, 2025 1. Antitrust Reminder Martijn read the Note Well
2025-05-15 Minutes of the Code Signing Certificate Working Group
May 15, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: May 15, 2025 1. Antitrust Reminder Martijn Katerbarg read the Note Well
May 15, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: May 15, 2025 1. Antitrust Reminder Martijn Katerbarg read the Note Well
2025-04-17 Minutes of the Code Signing Certificate Working Group
April 17, 2025 by Minutes of CSCWG April 17, 2025 These are the approved minutes of the CSCWG meeting of April 17th, 2025 as prepared by Martijn Katerbarg
April 17, 2025 by Minutes of CSCWG April 17, 2025 These are the approved minutes of the CSCWG meeting of April 17th, 2025 as prepared by Martijn Katerbarg
2025-03-27 Minutes of the Code Signing Certificate Working Group F2F
March 27, 2025 by Minutes of CSCWG F2F March 27, 2025
March 27, 2025 by Minutes of CSCWG F2F March 27, 2025
2025-03-20 Minutes of the Code Signing Certificate Working Group
March 20, 2025 by Minutes of CSCWG March 20, 2025 Attendees Brianca Martin (Amazon), Brian Winters (IdenTrust), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nate Santiago (Microsoft), Nome Huang (TrustAsia), Rebecca Kelly (SSL.com), Thomas Zermeno (SSL.com)
March 20, 2025 by Minutes of CSCWG March 20, 2025 Attendees Brianca Martin (Amazon), Brian Winters (IdenTrust), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nate Santiago (Microsoft), Nome Huang (TrustAsia), Rebecca Kelly (SSL.com), Thomas Zermeno (SSL.com)
2025-02-06 Minutes of the Code Signing Certificate Working Group
February 6, 2025 by Martijn KaterbargAttendees Brian Winters (IdenTrust), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Inaba Atsushi (GlobalSign), Josselin Allemandou (Certigna (DHIMYOTIS)), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nome Huang (TrustAsia), Scott Rea (eMudhra), Thomas Zermeno (SSL.com), Tim Crawford (CPA Canada/WebTrust), Yateesh Bhardwaj (GlobalSign)
February 6, 2025 by Martijn KaterbargAttendees Brian Winters (IdenTrust), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Inaba Atsushi (GlobalSign), Josselin Allemandou (Certigna (DHIMYOTIS)), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nome Huang (TrustAsia), Scott Rea (eMudhra), Thomas Zermeno (SSL.com), Tim Crawford (CPA Canada/WebTrust), Yateesh Bhardwaj (GlobalSign)
2025-01-23 Minutes of the Code Signing Certificate Working Group
January 23, 2025 by Martijn KaterbargAttendees Kateryna Aleksieieva (Certum by Asseco); Inigo Barreira (Sectigo); Yateesh Bhardwaj (Globalsign); Corey Bonnell (DigiCert); Luis Cervantes (SSL.com); Dean Coclin (DigiCert); Tim Crawford (BDO); Atsushi INABA (GlobalSign); Martijn Katerbarg (Sectigo); Rebecca Kelley (SSL.com); Brianca Martin (Amazon); Bruce Morton (Entrust); Nome-Huang (TrustAsia); Marco Schambach (IdenTrust); Alexander Truskovsky (AWS); Thomas Zermeno (SSL.com).
January 23, 2025 by Martijn KaterbargAttendees Kateryna Aleksieieva (Certum by Asseco); Inigo Barreira (Sectigo); Yateesh Bhardwaj (Globalsign); Corey Bonnell (DigiCert); Luis Cervantes (SSL.com); Dean Coclin (DigiCert); Tim Crawford (BDO); Atsushi INABA (GlobalSign); Martijn Katerbarg (Sectigo); Rebecca Kelley (SSL.com); Brianca Martin (Amazon); Bruce Morton (Entrust); Nome-Huang (TrustAsia); Marco Schambach (IdenTrust); Alexander Truskovsky (AWS); Thomas Zermeno (SSL.com).