[Cscwg-public] Final Minutes for Code Signing Working Group 08/29/19

Dean Coclin dean.coclin at digicert.com
Thu Oct 3 03:58:01 MST 2019

Meeting Minutes August 29, 2019


1.	Call to order
2.	Roll call performed - Bruce Morton, Dean Coclin, Tim Callen, Mike
Reilly, Oliver Kuley, Atsushi Inaba, Joanna Fox, Karthik
3.	Anti-trust statement was read
4.	Approved minutes from August 15, 2019 meeting
5.	No new members to the forum. Joanna advised that Daniela Hood will
be added as a GoDaddy representative
6.	Code Signing final guidelines have been posted to the CAB Forum site

a.	Microsoft updated this link http://aka.ms/csbr to point to the CAB
Forum page
b.	It was suggested that CASC remove old guideline from their resource
page https://casecurity.org/resources/ or update the link to the CABF page

7.	Discussed the impact of having Time-stamping in the Code Signing
guidelines, as it has been stated this is outside of the charter of this
Working Group. The team reviewed the charter and believes that there is no
scope interference. Time-stamping as described in the document relates only
to its use pertaining to code signing. It does not interfere or impede with
other potential uses of time-stamping.
8.	Information sharing sheet targeted to A/V vendors has been completed
by CA members, https://1drv.ms/x/s!Aj5mKADqdqlWhSiFqRuWpcG-FdFQ. Intention
is to provide this to AV vendors and post on CABF website.
9.	Review of action items/discussion topics/additional changes 

a.	Mike stated they had discussed internally whether we should move up
the SHA1 prohibition. He stated they agreed to May 31, 2020. This will be
put into a cleanup ballot.
b.	Bruce said he doesn't believe kernel mode is reflected in the
current document and therefore no updates are needed on that.
c.	Bruce believed Doug was the one who brought up the "maintain
revocation for 10 years" topic. Doug was not on the call.
d.	Bruce asked about combining the EV CS and CS BRs into one document.
Impact to audits was discussed. Bruce and Mike will review the documents to
determine impact.

10.	No other business to discuss.
11.	Adjourned.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20191003/be75f167/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/cscwg-public/attachments/20191003/be75f167/attachment.p7s>

More information about the Cscwg-public mailing list