CA/Browser Forum
Home » Working Groups » Code Signing Cert WG

Code Signing Certificate Working Group

The CA/Browser Forum’s Code Signing Certificate Working Group was chartered to work on requirements applicable to Certification Authorities that issue code signing certificates.

Officers

Charter

Code Signing Certificate WG Charter (Ballot)

Ballots

Code Signing Working Group Ballots

Membership Requirements

There are four categories of members in the Code Signing Working Group:

  1. Certificate Issuers: Certificate Authorities that issue publicly trusted code signing certificates. This group can attend all meetings and vote in the working group.
  2. Certificate Consumers: This refers to platforms (OS or other) that “consume” code signing certificates to make decisions about the code signed by the certificate. This group can attend all meetings and vote in the working group.
  3. Interested Parties: Anyone that has an interest in participating in the working group. This group can attend all telephone meetings but cannot vote. They can be invited to face to face meetings by the Chair.
  4. Associate Members: Organizations that add value to the working group as determined by the group. Traditionally these have been organizations such as WebTrust, ETSI, Federal PKI, and ICANN (see: /about/membership/associate-members/ ). Recently this category has been expanded to include organizations that intend to be in categories 1 or 2 but have not completed all the required steps. This group can attend all meetings but cannot vote.

IN ALL CATEGORIES, EXECUTION AND SUBMISSION OF THE IPR AGREEMENT IS MANDATORY, PER THE CA/BROWSER FORUM BYLAWS (See: /about/ipr-policy/)

How to Join the Code Signing Certificate WG

If interested in joining the Working Group, please submit an email to and include your signed IPR form and category of membership. There is no cost to join.

Mailing List

To subscribe to the public mailing list, click here: https://groups.google.com/u/1/a/groups.cabforum.org/g/cscwg-public

Questions or comments should be sent to questions@cabforum.org.

Members

Certification Authorities

  • AC Camerfirma SA
  • Actalis S.p.A.
  • Asseco Data Systems SA (Certum)
  • DigiCert
  • eMudhra
  • Entrust
  • E-tugra
  • GDCA
  • GlobalSign
  • HARICA
  • IdenTrust
  • Sectigo
  • SSC
  • SSL.com
  • VikingCloud

Certificate Consumers

  • Microsoft

Associates

  • ACAB Council
  • Amazon
  • Buypass AS
  • Chunghwa Telecom
  • Cisco Systems
  • Comsign
  • CPA Canada/WebTrust
  • DarkMatter
  • DigitalTrust
  • D-TRUST
  • ETSI
  • Keyfactor
  • SHECA
  • TrustAsia
  • TWCA

Interested Parties

  • AGMS Information Technology Solutions
  • Common Crypto Authority
  • Doowon Kim
  • Encryption Consulting
  • Hydraulic Software AG
  • IBM
  • Insta Advance OY
  • Intel
  • Jeff Ward (private person)
  • Maria Merkel (Private Person)
  • PSW
  • QuantuSS Network
  • TL Certification Centre Co., Ltd(泰尔认证中心有限公司)
  • Wojciech Jakubowski (Private Person)
Code Signing Cert WG
Latest releases
Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).