[Cscwg-public] Final CSCWG minutes Feb 9, 2023

Dean Coclin dean.coclin at digicert.com
Fri Mar 3 13:53:29 UTC 2023


Final Minutes of the Code Signing Certificate Working Group February 9, 2023

 

Attendance (in alphabetical order):

Andrea Holland (VikingCloud), Atsushi Inaba (GlobalSign), Ben Dewberry
(Keyfactor), Brianca Martin (Amazon Trust Services), Bruce Morton (Entrust),
Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Ian McMillan (Microsoft),
Inigo Barreira (Sectigo), Martijn Katerbarg (Sectigo), Mohit Kumar
(GlobalSign), Roberto Quinones (Intel), Rollin Yu (TrustAsia), Tim Crawford
(WebTrust), Tim Hollebeek (DigiCert)

 

Minutes

1.	Antitrust statement read
2.	Approval of minutes: Jan 26th minutes have not been sent out
3.	Ballot: Malware base revocation (Martijn)

*	Received some pushback on the mailing list.
*	Discussion from Martijn K., Bruce M., Ian M., and Tim H. around
revamping the entire revocation section. 
*	Agreed to pull revocation sections from the TLS and SMIME BRs and
removing unnecessary items and added necessary sections like backdating and
revocation investigations.

4.	Ballot: Signing Service Update (Bruce)

*	Previous action item was to change the definition of Signing Service
to align what a signing service does and its models.
*	Proposed definition- **Subscriber Key Protection Service**: An
organization that generates the Key Pair and securely generates and manages
the Private Key associated with a Subscriber's Code Signing Certificate.
*	Discussion from Bruce M., Tim H., Ian M., Inigo B., and Martijn K.
on the requirements for signing service: who generates, who activates, who
stores, how it is stored and how is it managed. Discussion around adjusting
the name from Signing Service to Subscriber Key Protection Service as the
focus of the Signing Service is on protection not the artifact being signed.
*	Next step is to close out the comments, push through the new
definition, get a second proposal, and effective date.

5.	Ballot: Remove SSL BR References - tabled discussion
6.	Other business - F2F prep

*	Top 3 Goals are being worked on 

                                                  i.      Revocation ballot

                                                 ii.      Subscriber Key
Protection Service ballot

                                               iii.      SSL BR reference
ballot

*	Additional goals: 

                                                  i.      timestamp updates

                                                 ii.      high risk
applicants

                                               iii.      validity period

                                               iv.      shorter lived
certificates

                                                 v.      certificate
transparency

7.	Next Meeting - Potentially cancel the meeting on 23 February
8.	Adjourn   

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20230303/1af69d42/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20230303/1af69d42/attachment-0001.p7s>


More information about the Cscwg-public mailing list