[cabfpub] Code Signing Working Group

Richard Wang richard at wosign.com
Fri May 6 09:56:11 UTC 2016

I don't think so.
This is CABF meeting, CA/Browser Forum is not SSL/Browser Forum, CA have 3 type certificates business -- SSL certificate, Code signing certificate and Client certificate. We need to work for the standard (BR) for SSL certificate, code signing certificate and client certificate.

And not just Microsoft use code signing certificate, Google Android, Apple IOS, Oracle Java all are using code signing certificate. I don’t think Android developer used a self-signed certificate to sign the code is good solution that the malware signing is very serious now in Android market. 

Best Regards,


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Friday, May 6, 2016 5:41 PM
To: Dean Coclin <Dean_Coclin at symantec.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Code Signing Working Group

On 28/04/16 15:23, Gervase Markham wrote:
> I have no desire to put a spoke in anyone's wheel, and I understand 
> what Dean says about us getting better at conforming with our own 
> bylaws. But right now, the CABFCSWG is effectively working on a 
> document for Microsoft, rather than working on a document for the CAB 
> Forum. And it's not right for that to continue under the CAB Forum auspices.

I notice with disappointment that the Code Signing Working Group remains on the draft agenda for Bilbao. In my previous email, I laid out what seems to be a non-disruptive and accommodating way forward:

> As Peter notes, there's nothing to prevent the same group of people 
> meeting on the same conference line at the same time to work on the 
> "liberated" document, if the line owner permits, and our F2F meetings 
> have historically supported side events like CASC meetings, which are 
> not on the official schedule, subject to the permission of the host. 
> So I hope that this change would not be too disruptive to the group's 
> plans to work with Microsoft on the document in practice.

This seems a better solution than the formality of a ballot, and I hope we can agree quickly on this course.

Looking at the agenda, it doesn't seem complicated to remove Code Signing, move everything up (perhaps reordering to fit the blocks) and adjourn an hour early. Then, with Inigo's permission for use of the room, anyone who wants to discuss the Code Signing document in a side meeting can stay behind to do so. And I'm sure they can write up and circulate information on what they discussed in lieu of an update in the meeting on the following day.

Dean: please can you make the appropriate changes to the agenda?


Public mailing list
Public at cabforum.org

More information about the Public mailing list