[Cscwg-public] Final CSWG minutes May 9, 2019

[Dean Coclin]

Final Code Signing working group minutes - May 9, 2019

 

Roll call -  Dean Coclin, Doug Beattie, Hugh Mercer, Rich Smith, Chris
Hickman, Frank Corday, Jason Cooper, Ben Wilson, Oliver Kuley, Joanna Fox

Antitrust Statement - Dean read the statement

Approval of prior minutes April 25, 2019 - minutes approved

Potential new member status:

               Possible interest by IBM as an interested party

               No other updates

Ballot for current Code Signing guidelines

               Comment that we should call it Baseline Requirements -
general agreement

               Endorsers?  Jason from Microsoft and Rich from Sectigo will
review and are probably willing to endorse

              Ben to revise and send out

Potential changes to current documents:

Blacklist and information sharing

                             General agreement that it would be useful, but
concern that if not done very carefully may open us to anti-trust litigation

                             Should we invite anti-malware industry reps to
participate? Tim Callan mentioned a few weeks ago he would do this.

Cognizant of new signing approaches

Timestamping differences briefly discussed

EOL of SHA1? Microsoft to re-look 

Kernel Mode still valid?

Other Business

               Brief discussion of upcoming F2F in Greece

               Members need to subscribe to the Public list to receive all
emails, even if already subscribed to the Management list.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190523/77c51c3a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20190523/77c51c3a/attachment.p7s>