CA/Browser Forum posts
Posts by tag Code Signing
2022-12-15 Minutes of the Code Signing Certificate Working Group
December 15, 2022 by Corey BonnellAttendees Andrea Holland, Brianca Martin, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Inigo Barreira, Michael Sykes Mohit Kumar, Rollin Yu, Tim Crawford, Trevoli Ponds-White Minutes Antitrust statement was read. Minutes approved for last meeting 1-Dec-22 and F2F. There was discussion on how we can make minutes more effective – in general with a suggestion on recapping along discussion by chair or minute taker for summary. Ballot around Malware protection Updates made to draft to suggest that subscriber can provide a different date based on impact.
December 15, 2022 by Corey BonnellAttendees Andrea Holland, Brianca Martin, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Inigo Barreira, Michael Sykes Mohit Kumar, Rollin Yu, Tim Crawford, Trevoli Ponds-White Minutes Antitrust statement was read. Minutes approved for last meeting 1-Dec-22 and F2F. There was discussion on how we can make minutes more effective – in general with a suggestion on recapping along discussion by chair or minute taker for summary. Ballot around Malware protection Updates made to draft to suggest that subscriber can provide a different date based on impact.
2022-12-01 Minutes of the Code Signing Certificate Working Group
December 1, 2022 by Corey BonnellAttendees Andrea Holland – (SecureTrust), Bruce Morton – (Entrust), Corey Bonnell – (DigiCert), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Ian McMillan – (Microsoft), Inaba Atsushi – (GlobalSign), Janet Hines – (SecureTrust), Martijn Katerbarg – (Sectigo), Roberto Quionones – (Intel), Tim Crawford – (CPA Canada/WebTrust), Tim Hollebeek – (DigiCert), Tomas Gustavsson – (PrimeKey), Trevoli Ponds-White – (Amazon) Minutes The Anti-trust statement was read Minutes of the last call were approved.
December 1, 2022 by Corey BonnellAttendees Andrea Holland – (SecureTrust), Bruce Morton – (Entrust), Corey Bonnell – (DigiCert), Dean Coclin – (DigiCert), Dimitris Zacharopoulos – (HARICA), Ian McMillan – (Microsoft), Inaba Atsushi – (GlobalSign), Janet Hines – (SecureTrust), Martijn Katerbarg – (Sectigo), Roberto Quionones – (Intel), Tim Crawford – (CPA Canada/WebTrust), Tim Hollebeek – (DigiCert), Tomas Gustavsson – (PrimeKey), Trevoli Ponds-White – (Amazon) Minutes The Anti-trust statement was read Minutes of the last call were approved.
2022-11-17 Minutes of the Code Signing Certificate Working Group
November 17, 2022 by Corey BonnellAttendees Atsushi Inaba (GobalSign), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Joanna Fox (Trustcor), Martijn Katerberg (Sectigo), Roberto Quinones (Intel), Tim Crawford (BDO), Tomas Gustavsson, Trevoli Ponds-White (Amazon Trust Services) Minutes Antitrust statement was read. Minutes from 25 October are not yet available. Minutes from 3 November were approved. Ballot: Signing Service Update – The draft text has been recirculated. Dimitris has some comments on the ETSI Time-stamping audit requirements.
November 17, 2022 by Corey BonnellAttendees Atsushi Inaba (GobalSign), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Joanna Fox (Trustcor), Martijn Katerberg (Sectigo), Roberto Quinones (Intel), Tim Crawford (BDO), Tomas Gustavsson, Trevoli Ponds-White (Amazon Trust Services) Minutes Antitrust statement was read. Minutes from 25 October are not yet available. Minutes from 3 November were approved. Ballot: Signing Service Update – The draft text has been recirculated. Dimitris has some comments on the ETSI Time-stamping audit requirements.
2022-11-03 Minutes of the Code Signing Certificate Working Group
November 3, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Mohit Kumar, Tim Crawford, Tim Hollebeek, Tomas Gustavsson Minutes Dean read the antitrust statement. Signing Service Ballot Bruce said that he received no further feedback and would like to push this to ballot. Tim and Ian offered to review and endorse, barring any issues found. Dimitris mentioned that one of the takeaways from the F2F was that there is ETSI guidance for remote QSCDs for activation and we should consider incorporating.
November 3, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Mohit Kumar, Tim Crawford, Tim Hollebeek, Tomas Gustavsson Minutes Dean read the antitrust statement. Signing Service Ballot Bruce said that he received no further feedback and would like to push this to ballot. Tim and Ian offered to review and endorse, barring any issues found. Dimitris mentioned that one of the takeaways from the F2F was that there is ETSI guidance for remote QSCDs for activation and we should consider incorporating.
2022-10-06 Minutes of the Code Signing Certificate Working Group
October 6, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign) Minutes Antitrust statement was read. Approval of prior meeting minutes: Minutes for 22 September 2022 were approved. Ballot Status: CSC 15: IPR review ended 18 September 2022, so is now complete. CSC 17: Passed and is not in IPR period until 27 October 2022.
October 6, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dimitris Zacharopoulos (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign) Minutes Antitrust statement was read. Approval of prior meeting minutes: Minutes for 22 September 2022 were approved. Ballot Status: CSC 15: IPR review ended 18 September 2022, so is now complete. CSC 17: Passed and is not in IPR period until 27 October 2022.
Ballot CSC-17: Subscriber Private Key Extension
September 27, 2022 by Corey BonnellNotice of Review Period (Mailing list post is available here.) The IPR review period ended on October 28, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-10-28, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.
September 27, 2022 by Corey BonnellNotice of Review Period (Mailing list post is available here.) The IPR review period ended on October 28, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-10-28, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.
2022-09-22 Minutes of the Code Signing Certificate Working Group
September 22, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Joanna Fox, Martijn Katerbarg, Michael Sykes, Roberto Quiñones, Tim Crawford, Tim Hollebeek Minutes Dean read the anti-trust statement No objection to minutes from Aug 8, minutes approved. Will be sent to public list Information that the IPR review on CSC-15 ended and the ballot has been approved. The website has been updated. CSC-17, subscriber private key protection, is in voting period that closes September 23rd.
September 22, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Joanna Fox, Martijn Katerbarg, Michael Sykes, Roberto Quiñones, Tim Crawford, Tim Hollebeek Minutes Dean read the anti-trust statement No objection to minutes from Aug 8, minutes approved. Will be sent to public list Information that the IPR review on CSC-15 ended and the ballot has been approved. The website has been updated. CSC-17, subscriber private key protection, is in voting period that closes September 23rd.
2022-09-08 Minutes of the Code Signing Certificate Working Group
September 8, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Iñigo Barreira, Janet Hines, Joanna Fox, Martjin Katerbarg, Michael Sykes, Mohit Kumar, Roberto Quiñones, Tim Hollebeek, Tomas Gustavsson, Vijay eMudhra Minutes Dean read the anti-trust statement. No objection to minutes from Aug-25th, minutes approved. Will be sent to public list. Reminder on CSC 15 , IPR review ends on Sept 18th Malware Proposal from Martijn Nothing new to discuss at this time.
September 8, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Iñigo Barreira, Janet Hines, Joanna Fox, Martjin Katerbarg, Michael Sykes, Mohit Kumar, Roberto Quiñones, Tim Hollebeek, Tomas Gustavsson, Vijay eMudhra Minutes Dean read the anti-trust statement. No objection to minutes from Aug-25th, minutes approved. Will be sent to public list. Reminder on CSC 15 , IPR review ends on Sept 18th Malware Proposal from Martijn Nothing new to discuss at this time.
2022-08-25 Minutes of the Code Signing Certificate Working Group
August 25, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Christophe Bonjean, Corey Bonnell, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Lynn Jeun, Martijn Katerbarg, Mohit Kumar, Tim Crawford, Tim Hollebeek Minutes Bruce read the anti-trust statement. Meeting minutes for 2022-08-11 were approved. Malware revocation ballot Martijn said there were updates in Github (https://github.com/cabforum/code-signing/pull/10). Christophe and Corey have been providing feedback. There was a discussion on the existing sentence “The CA SHOULD indicate whether its investigation found that the Suspect Code was a false positive or an inadvertent signing”.
August 25, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Christophe Bonjean, Corey Bonnell, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Lynn Jeun, Martijn Katerbarg, Mohit Kumar, Tim Crawford, Tim Hollebeek Minutes Bruce read the anti-trust statement. Meeting minutes for 2022-08-11 were approved. Malware revocation ballot Martijn said there were updates in Github (https://github.com/cabforum/code-signing/pull/10). Christophe and Corey have been providing feedback. There was a discussion on the existing sentence “The CA SHOULD indicate whether its investigation found that the Suspect Code was a false positive or an inadvertent signing”.
Ballot CSC-15 – Summer 2022 Cleanup
August 18, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The IPR review period ended on September 19, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-09-19, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.
August 18, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The IPR review period ended on September 19, 2022 and no exclusion notices were filed. The final documents, with the effective date being 2022-09-19, are available here. This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period is for a Final Maintenance Guideline (30 day Review Period). The complete Draft Guideline subject of this Review Notice is available here.