CA/Browser Forum posts
Posts by tag Code Signing
2022-04-07 Minutes of the Code Signing Certificate Working Group
April 7, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust) Minute-taker: Tim Crawford Minutes Antitrust Statement: Read by Dean Minutes for the March 24th meetings were approved Interested party application from Insta Oy No comment was offered, and the application was accepted. Updates on Ballot CSC-13 – Private Key Protection Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed.
April 7, 2022 by Corey BonnellAttendees Andrea Holland (SecureTrust), Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mohit Kumar (GlobalSign), Tim Crawford (CPA Canada/WebTrust) Minute-taker: Tim Crawford Minutes Antitrust Statement: Read by Dean Minutes for the March 24th meetings were approved Interested party application from Insta Oy No comment was offered, and the application was accepted. Updates on Ballot CSC-13 – Private Key Protection Bruce mentioned that the ballot received eight (8) votes and is deemed to have passed.
Ballot CSC-13 – Update to Subscriber Key Protection Requirements
April 6, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2022-05-09, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, HARICA, Sectigo, SSL.com Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
April 6, 2022 by Corey BonnellResults of Review Period (Mailing list post is available here.) The review period has ended and no exclusion notices were filed. The final documents, with the effective date being 2022-05-09, are available here. Results of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers Certum (Asseco), DigiCert, eMudhra, Entrust, HARICA, Sectigo, SSL.com Certificate Consumers Microsoft The ballot has PASSED. Purpose of the Ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.
2022-03-24 Minutes of the Code Signing Certificate Working Group
March 24, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (Harica), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign), Thomas Gustavsson (PrimeKey), Tim Crawford (CPA Canada/WebTrust), Tim Hollebeek (DigiCert) Minutes Antitrust Statement: Read by Dean Minute Taker: Martijn Katerbarg Minutes of the February 24th (F2F) and March 10th meetings were approved Updates on ballot CSC-13 Bruce mentioned that the ballot is currently out for discussion.
March 24, 2022 by Corey BonnellAttendees Atsushi Inaba (GlobalSign), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Corey Bonell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (Harica), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Mohit Kumar (GlobalSign), Thomas Gustavsson (PrimeKey), Tim Crawford (CPA Canada/WebTrust), Tim Hollebeek (DigiCert) Minutes Antitrust Statement: Read by Dean Minute Taker: Martijn Katerbarg Minutes of the February 24th (F2F) and March 10th meetings were approved Updates on ballot CSC-13 Bruce mentioned that the ballot is currently out for discussion.
2022-03-10 Minutes of the Code Signing Certificate Working Group
March 10, 2022 by Corey BonnellAttendees Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Joanna Fox – TrustCor, Martin Katerberg – Sectigo, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Roberto Quinones – Intel, Tim Hollebeek – DigiCert, Tomas Gustavsson Minutes Antitrust statement: read by Dean. Minutes: Approval of minutes from F2F on hold until people can review.
March 10, 2022 by Corey BonnellAttendees Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Joanna Fox – TrustCor, Martin Katerberg – Sectigo, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Roberto Quinones – Intel, Tim Hollebeek – DigiCert, Tomas Gustavsson Minutes Antitrust statement: read by Dean. Minutes: Approval of minutes from F2F on hold until people can review.
Ballot CSC-6 – Update to Subscriber Private Key Protection Requirements
March 2, 2022 by Corey BonnellResults of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers DigiCert, Entrust, GlobalSign, HARICA, SecureTrust Certificate Consumers Microsoft The ballot has FAILED. Purpose of the ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.7. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Tim Hollebeek of DigiCert and Bruce Morton of Entrust.
March 2, 2022 by Corey BonnellResults of Voting (Mailing list post is available here.) Yes No Abstain Certificate Issuers DigiCert, Entrust, GlobalSign, HARICA, SecureTrust Certificate Consumers Microsoft The ballot has FAILED. Purpose of the ballot Update the subscriber private key protection requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.7. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Tim Hollebeek of DigiCert and Bruce Morton of Entrust.
2022-02-10 Minutes of the Code Signing Certificate Working Group
February 10, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Roberto Quinones – Intel, Tim Crawford – WebTrust Minutes Chris Kemmerer “volunteered” by Dean Coclin as minute taker. Antitrust statement: read by Corey. Minutes: discussion regarding minutes from Jan 27 2022 call: Dimitris observed that the minutes submitted are perhaps too detailed, easier to digest if summarized.
February 10, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Roberto Quinones – Intel, Tim Crawford – WebTrust Minutes Chris Kemmerer “volunteered” by Dean Coclin as minute taker. Antitrust statement: read by Corey. Minutes: discussion regarding minutes from Jan 27 2022 call: Dimitris observed that the minutes submitted are perhaps too detailed, easier to digest if summarized.
2022-01-27 Minutes of the Code Signing Certificate Working Group
January 27, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust , Ashish Dhiman – GlobalSign, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Jeff Ward – WebTrust, Karina Sirota – Microsoft, Kiran Tummala – Microsoft, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Tim Crawford – WebTrust, Tim Hollebeek – DigiCert Minutes Minutes of January 13th 2022 approved.
January 27, 2022 by Corey BonnellAttendees Andrea Holland – SecureTrust , Ashish Dhiman – GlobalSign, Atsushi Inaba – GlobalSign, Bruce Morton – Entrust, Corey Bonnell – DigiCert, Dean Coclin – DigiCert, Dimitris Zacharopoulos – HARICA, Ian McMillan – Microsoft, Inigo Barreira – Sectigo, Jeff Ward – WebTrust, Karina Sirota – Microsoft, Kiran Tummala – Microsoft, Michael Sykes – SSL.com, Mohit Kumar – GlobalSign, Tim Crawford – WebTrust, Tim Hollebeek – DigiCert Minutes Minutes of January 13th 2022 approved.
2022-01-13 Minutes of the Code Signing Certificate Working Group
January 13, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Hollebeek, Tomas Gustavsson Minutes The Antitrust statement was read. Minutes from the prior meeting on December 16, 2021 were approved CSC-6 Subscriber Private Key Protection Ian thought he had sent the draft to the list before the holidays but it was determined that was not the case.
January 13, 2022 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Hollebeek, Tomas Gustavsson Minutes The Antitrust statement was read. Minutes from the prior meeting on December 16, 2021 were approved CSC-6 Subscriber Private Key Protection Ian thought he had sent the draft to the list before the holidays but it was determined that was not the case.
2021-12-16 Minutes of the Code Signing Certificate Working Group
December 16, 2021 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Hollebeek Minutes Antitrust Statement was read by Bruce Morton. Approved minutes from previous Dec 2, 2021 meeting. Ballot CSC-6 (Subscriber Private Key Protection) Ian shared the final discussion feedback and changes. Added the definition of Hardware Crypto Module: A tamper-resistant device with a cryptography processor used for the specific purpose of protecting the lifecycle of cryptographic keys (generating, managing, processing, and storing).
December 16, 2021 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Michael Sykes, Roberto Quinones, Tim Hollebeek Minutes Antitrust Statement was read by Bruce Morton. Approved minutes from previous Dec 2, 2021 meeting. Ballot CSC-6 (Subscriber Private Key Protection) Ian shared the final discussion feedback and changes. Added the definition of Hardware Crypto Module: A tamper-resistant device with a cryptography processor used for the specific purpose of protecting the lifecycle of cryptographic keys (generating, managing, processing, and storing).
2021-12-02 Minutes of the Code Signing Certificate Working Group
December 2, 2021 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Chris Kemmerer, Correy Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Kiran Tummala, Michael Sykes, Sebastian Schulz, Tim Crawford, Tim Hollebeek Minutes Approved minutes from previous Nov 18, 2021 meeting Discussion regarding SC-50 from Server Working Group Bruce Morton suggests dropping SC-50 (Ballot is concerned with removal of 4.1.1) Ian McMillan concurs with no other objections regarding SC-50 Ballot CSC-12 Revocation date verification ballot currently under IPR review; period ends Dec 03, 2021 Plan is push out latest version of CSBR’s Dec 03, 2021 afternoon Ballot CSC-6 11.
December 2, 2021 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Chris Kemmerer, Correy Bonnell, Dean Coclin, Dimitris Zacharopoulos, Ian McMillan, Inigo Barreira, Janet Hines, Joanna Fox, Kiran Tummala, Michael Sykes, Sebastian Schulz, Tim Crawford, Tim Hollebeek Minutes Approved minutes from previous Nov 18, 2021 meeting Discussion regarding SC-50 from Server Working Group Bruce Morton suggests dropping SC-50 (Ballot is concerned with removal of 4.1.1) Ian McMillan concurs with no other objections regarding SC-50 Ballot CSC-12 Revocation date verification ballot currently under IPR review; period ends Dec 03, 2021 Plan is push out latest version of CSBR’s Dec 03, 2021 afternoon Ballot CSC-6 11.