CA/Browser Forum posts
Posts by tag Code Signing
2021-10-13 Minutes of the Code Signing Certificate Working Group
October 13, 2021 by Corey BonnellAttendees SwissSign (Adrian Mueller), Telia Company (Ali Gholami), SecureTrust (Andrea Holland), Nimbus, Member of ETSI ESI (Arno Fiedler), GlobalSign (Atsushi Inaba), Entrust (Bruce Morton), DigiCert (Corey Bonnell), DigiCert (Dean Coclin), HARICA (Dimitris Zacharopoulos), CPA Canada (Don Sheehy), GlobalSign (Doug Beattie), SSL.com (Dustin Ward), GlobalSign (Eva Van Steenberge), Microsoft (Glaucia Young), GoDaddy (Hong Bui), Microsoft (Ian McMillan), Sectigo (Iñigo Barreira), SecureTrust (Janet Hines), BDO (Jeff Ward), TrustCor (Joanna Fox), Cisco (Jos Purvis), Microsoft (Karina Gupta), Microsoft (Karina Sirota), OATI (Kidd Freeman), Microsoft (Kiran Tummala), TÜViT / ACAB’c (Matthias Wiedenhorst), SSL.com (Michael Sykes), Primekey (Guest) (Mike Agrenius Kushner), SECOM (Natsumi Uchida), Sectigo (Nick France), SECOM (Ono Fumiaki), Entrust (Paul van Brouwershaven), GoDaddy (Rae Ann Gonzales), SwissSign (Roman Fischer), GlobalSign (Sebastian Schulz), OATI (Stephanie Skoro), SECOM (Tadahiko Ito), SSL.com (Thomas Zermeno), BDO (Tim Crawford), DigiCert (Tim Hollebeek), DigiCert (Tomofumi Okubo), Amazon Trust Services (Trevoli Ponds-White), Chunghwa Telecom Co., Ltd (Tsung-Min Kuo), eMudhra (Vijay Kumar), JPRS (Yoshiro Yoneya)
October 13, 2021 by Corey BonnellAttendees SwissSign (Adrian Mueller), Telia Company (Ali Gholami), SecureTrust (Andrea Holland), Nimbus, Member of ETSI ESI (Arno Fiedler), GlobalSign (Atsushi Inaba), Entrust (Bruce Morton), DigiCert (Corey Bonnell), DigiCert (Dean Coclin), HARICA (Dimitris Zacharopoulos), CPA Canada (Don Sheehy), GlobalSign (Doug Beattie), SSL.com (Dustin Ward), GlobalSign (Eva Van Steenberge), Microsoft (Glaucia Young), GoDaddy (Hong Bui), Microsoft (Ian McMillan), Sectigo (Iñigo Barreira), SecureTrust (Janet Hines), BDO (Jeff Ward), TrustCor (Joanna Fox), Cisco (Jos Purvis), Microsoft (Karina Gupta), Microsoft (Karina Sirota), OATI (Kidd Freeman), Microsoft (Kiran Tummala), TÜViT / ACAB’c (Matthias Wiedenhorst), SSL.com (Michael Sykes), Primekey (Guest) (Mike Agrenius Kushner), SECOM (Natsumi Uchida), Sectigo (Nick France), SECOM (Ono Fumiaki), Entrust (Paul van Brouwershaven), GoDaddy (Rae Ann Gonzales), SwissSign (Roman Fischer), GlobalSign (Sebastian Schulz), OATI (Stephanie Skoro), SECOM (Tadahiko Ito), SSL.com (Thomas Zermeno), BDO (Tim Crawford), DigiCert (Tim Hollebeek), DigiCert (Tomofumi Okubo), Amazon Trust Services (Trevoli Ponds-White), Chunghwa Telecom Co., Ltd (Tsung-Min Kuo), eMudhra (Vijay Kumar), JPRS (Yoshiro Yoneya)
2021-10-07 Minutes of the Code Signing Certificate Working Group
October 7, 2021 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Iñigo Barreira, Ian McMillan, Janet Hines, Kiran Tummala, Roberto Quiñones, Sebstian Schulz, Tim Hollebeek
October 7, 2021 by Corey BonnellAttendees Andrea Holland, Atsushi Inaba, Bruce Morton, Corey Bonnell, Dean Coclin, Iñigo Barreira, Ian McMillan, Janet Hines, Kiran Tummala, Roberto Quiñones, Sebstian Schulz, Tim Hollebeek
Ballot CSC-11 – Update to log data retention requirements
October 4, 2021 by Corey BonnellResults of IPR Review (Mailing list post is available here.)
October 4, 2021 by Corey BonnellResults of IPR Review (Mailing list post is available here.)
2021-09-23 Minutes of the Code Signing Certificate Working Group
September 23, 2021 by Corey BonnellAttendees Atsushi Inaba, Ben Wilson, Bruce Morton, Corey Bonnell, Dimitris Zacharopoulos, Ian McMillan, Iñigo Barreira, Janet Hines, Joanna Fox, Roberto Quiñones, Sebastian Schulz, Tim Crawford, Tomas Gustavsson
September 23, 2021 by Corey BonnellAttendees Atsushi Inaba, Ben Wilson, Bruce Morton, Corey Bonnell, Dimitris Zacharopoulos, Ian McMillan, Iñigo Barreira, Janet Hines, Joanna Fox, Roberto Quiñones, Sebastian Schulz, Tim Crawford, Tomas Gustavsson
Ballot CSC-9 – Spring 2021 Cleanup and Clarification
September 9, 2021 by Ben WilsonIPR Review Results The review period has ended and no exclusion notices were filed.
September 9, 2021 by Ben WilsonIPR Review Results The review period has ended and no exclusion notices were filed.
2021-09-09 Minutes of the Code Signing Certificate Working Group
September 9, 2021 by Corey BonnellAttendees Atsushi Inaba, Ben Wilson, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Iñigo Barreira, Janet Hines, Joanna Fox, Roberto Quiñones, Sebastian Schulz, Tim Hollebeek, Tomas Gustavsson
September 9, 2021 by Corey BonnellAttendees Atsushi Inaba, Ben Wilson, Bruce Morton, Corey Bonnell, Dean Coclin, Dimitris Zacharopoulos, Iñigo Barreira, Janet Hines, Joanna Fox, Roberto Quiñones, Sebastian Schulz, Tim Hollebeek, Tomas Gustavsson
Ballot CSC-10 – WebTrust CSBR v2.0 Audit Criteria
August 13, 2021 by Ben WilsonResults of IPR Review (Mailing list post is available here.)
August 13, 2021 by Ben WilsonResults of IPR Review (Mailing list post is available here.)
Ballot CSC-8 v3: Update to Revocation response mechanisms. key protection for EV certificates, and clean-up of 11.2.1 & Appendix B
April 2, 2021 by Ben WilsonThe voting period for Ballot CSC-8 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers – 7 votes total including abstentions – 6 Yes votes: Certum (Asseco), DigiCert, Entrust, GlobalSign, HARICA, Sectigo – 0 No votes – 1 Abstain: GoDaddy 87% of voting Certificate Issuers voted in favor. Voting by Certificate Consumers – 1 vote total including abstentions – 1 Yes votes: Microsoft – 0 No votes
April 2, 2021 by Ben WilsonThe voting period for Ballot CSC-8 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers – 7 votes total including abstentions – 6 Yes votes: Certum (Asseco), DigiCert, Entrust, GlobalSign, HARICA, Sectigo – 0 No votes – 1 Abstain: GoDaddy 87% of voting Certificate Issuers voted in favor. Voting by Certificate Consumers – 1 vote total including abstentions – 1 Yes votes: Microsoft – 0 No votes
Ballot CSC-7v2: Update to merge EV and Non-EV clauses
February 2, 2021 by Ben WilsonVoting has closed on this ballot and the results are as follows: CAs voting in favor (7): Actalis, DigiCert, Entrust, GDCA, GlobalSign, GoDaddy, HARICA CAs opposed: None CAs abstaining: None Certificate Consumers voting in favor (1): Microsoft Certificate Consumers opposed: None Certificate Consumers abstaining: None Therefore the ballot CSC-7 passes. Purpose of the Ballot: The CSC-2 merger of the Code Signing BRs and the EV Code Signing Guidelines was done without technical changes. The result is that we have some sections where there is different text for Non-EV and EV Code Signing certificates. In many cases there was no reason to have two different requirements. In other cases, it made sense that they both have the same requirement. There were of course some items where EV is different and these clauses were not touched for now. These items were all discussed in our bi-weekly meetings. Other minor changes were the adding in a table for document revision and history and another table for effective dates within the BRs. There were also some errors corrected from the merger.
February 2, 2021 by Ben WilsonVoting has closed on this ballot and the results are as follows: CAs voting in favor (7): Actalis, DigiCert, Entrust, GDCA, GlobalSign, GoDaddy, HARICA CAs opposed: None CAs abstaining: None Certificate Consumers voting in favor (1): Microsoft Certificate Consumers opposed: None Certificate Consumers abstaining: None Therefore the ballot CSC-7 passes. Purpose of the Ballot: The CSC-2 merger of the Code Signing BRs and the EV Code Signing Guidelines was done without technical changes. The result is that we have some sections where there is different text for Non-EV and EV Code Signing certificates. In many cases there was no reason to have two different requirements. In other cases, it made sense that they both have the same requirement. There were of course some items where EV is different and these clauses were not touched for now. These items were all discussed in our bi-weekly meetings. Other minor changes were the adding in a table for document revision and history and another table for effective dates within the BRs. There were also some errors corrected from the merger.