CA/Browser Forum posts
Posts by author Corey Bonnell
2024-08-08 Minutes of the Code Signing Certificate Working Group
August 8, 2024 by Corey BonnellAttendees Dean Coclin(DigiCert), Corey Bonnell (DigiCert), Inigo Barreira (Sectigo), Thomas Zermeno (SSL.com), Brianca Martin (Amazon), Martijn Katerbarg (Sectigo), Rebecca Kelley (SSL.com), Bruce Morton (Entrust), Trevoli Ponds-White (Amazon), Mohit Kumar (Globalsign), Tim Hollebeek (DigiCert), Scott Rea (eMudhra), Brian Winters (Identrust), Atsushi Inaba (Globalsign) Minutes Antitrust reminder was read. Prior meeting minutes approved: July 11, July 25th. The June 27th minutes are pending approval for the next call. IPR review is completed for CSC-25.
August 8, 2024 by Corey BonnellAttendees Dean Coclin(DigiCert), Corey Bonnell (DigiCert), Inigo Barreira (Sectigo), Thomas Zermeno (SSL.com), Brianca Martin (Amazon), Martijn Katerbarg (Sectigo), Rebecca Kelley (SSL.com), Bruce Morton (Entrust), Trevoli Ponds-White (Amazon), Mohit Kumar (Globalsign), Tim Hollebeek (DigiCert), Scott Rea (eMudhra), Brian Winters (Identrust), Atsushi Inaba (Globalsign) Minutes Antitrust reminder was read. Prior meeting minutes approved: July 11, July 25th. The June 27th minutes are pending approval for the next call. IPR review is completed for CSC-25.
2024-07-25 Minutes of the Code Signing Certificate Working Group
July 25, 2024 by Corey BonnellAttendees Brian Winters (Identrust), Brianca Martin (Amazon), Bruce Morton (Entrust), Dean Coclin, (DigiCert), Ian McMillan (Microsoft), Inaba Atsushi (GlobalSign), Mohit Kumar (GlobalSign), Puneet (EncryptionConsulting.com), Rebecca Kelley (SSL.com), Richard Kisley (IBM), Scott Rea (eMudhra), Thomas Zermeno (SSL.com) Minutes Dean read the note well. Meeting minutes for June 13, 2024 Meeting (Rebecca Kelley) posted – Approved unanimously. Meeting minutes for June 27, 2024 Meeting (Brianca Martin) yet to be posted. Meeting minutes for July 11, 2024 Meeting (Ian McMillan) posted – Approved unanimously.
July 25, 2024 by Corey BonnellAttendees Brian Winters (Identrust), Brianca Martin (Amazon), Bruce Morton (Entrust), Dean Coclin, (DigiCert), Ian McMillan (Microsoft), Inaba Atsushi (GlobalSign), Mohit Kumar (GlobalSign), Puneet (EncryptionConsulting.com), Rebecca Kelley (SSL.com), Richard Kisley (IBM), Scott Rea (eMudhra), Thomas Zermeno (SSL.com) Minutes Dean read the note well. Meeting minutes for June 13, 2024 Meeting (Rebecca Kelley) posted – Approved unanimously. Meeting minutes for June 27, 2024 Meeting (Brianca Martin) yet to be posted. Meeting minutes for July 11, 2024 Meeting (Ian McMillan) posted – Approved unanimously.
2024-07-11 Minutes of the Code Signing Certificate Working Group
July 11, 2024 by Corey BonnellAttendees Atsushi INABA - GlobalSign, Brian Winters - IdenTrust, Bruce Morton - Entrust, Corey Bonnell -DigiCert, Dean Coclin-DigiCert (checked in to start meeting call), Ian McMillan Microsoft, Inigo Barreira - Sectigo, Rebecca Kelley - SSL.com, Scott Rea - eMudhra, Thomas Zermeno - SSL.com, Tim Crawford - BDO, Wangmo Tenzing Minutes Roll Call Completed by Bruce Antitrust reminder Completed by Bruce Approve prior meeting minutes – June 13th and June 27th (Brianca) Minutes are not available for review and approval Pushed to next meeting IPR review: CSC-25 Remove EV Guideline References (Dimitris) Ballot has passed and IPR period set to complete on August 1, 2024 IPR review: CSC-26 Time-stamp Requirements update (Martijn) Ballot has passed and IPR period set to complete on August 1, 2024 Simplifying EV (Tim) Tim was not available on the call (pushing to next meeting) No progress has been made currently, but CSC-25 completion will simplify this effort Other business Ian volunteered to provide draft language for reducing the signing certificate max validity from 39 months to 15 months as previously discussed by the group Draft to be shared in next meeting No other business Next meeting – July 25th Adjourn
July 11, 2024 by Corey BonnellAttendees Atsushi INABA - GlobalSign, Brian Winters - IdenTrust, Bruce Morton - Entrust, Corey Bonnell -DigiCert, Dean Coclin-DigiCert (checked in to start meeting call), Ian McMillan Microsoft, Inigo Barreira - Sectigo, Rebecca Kelley - SSL.com, Scott Rea - eMudhra, Thomas Zermeno - SSL.com, Tim Crawford - BDO, Wangmo Tenzing Minutes Roll Call Completed by Bruce Antitrust reminder Completed by Bruce Approve prior meeting minutes – June 13th and June 27th (Brianca) Minutes are not available for review and approval Pushed to next meeting IPR review: CSC-25 Remove EV Guideline References (Dimitris) Ballot has passed and IPR period set to complete on August 1, 2024 IPR review: CSC-26 Time-stamp Requirements update (Martijn) Ballot has passed and IPR period set to complete on August 1, 2024 Simplifying EV (Tim) Tim was not available on the call (pushing to next meeting) No progress has been made currently, but CSC-25 completion will simplify this effort Other business Ian volunteered to provide draft language for reducing the signing certificate max validity from 39 months to 15 months as previously discussed by the group Draft to be shared in next meeting No other business Next meeting – July 25th Adjourn
Ballots CSC-25 and CSC-26
July 1, 2024 by Corey BonnellRESULTS OF REVIEW PERIOD CSC-25 Ballot CSC 25: Import EV Guidelines into the Code Signing Baseline Requirements The Intellectual Property Review (IPR) period for Ballot CSC25: Import EV Guidelines into the Code Signing Baseline Requirements has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of Aug 1, 2024. The new Code Signing BRs will be published to the CABF public website in accordance with the Bylaws.
July 1, 2024 by Corey BonnellRESULTS OF REVIEW PERIOD CSC-25 Ballot CSC 25: Import EV Guidelines into the Code Signing Baseline Requirements The Intellectual Property Review (IPR) period for Ballot CSC25: Import EV Guidelines into the Code Signing Baseline Requirements has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of Aug 1, 2024. The new Code Signing BRs will be published to the CABF public website in accordance with the Bylaws.
2024-06-27 Minutes of the Code Signing Certificate Working Group
June 27, 2024 by Corey BonnellAgenda Roll Call Antitrust reminder Minutes Ballots Membership Other business Next meeting - July 11th Adjourn Attendees Dean Coclin (DigiCert), Atsushi INABA (GlobalSign), Brian Winters (IdenTrust), Brianca Martin (Amazon), Corey Bonnell (DigiCert), Inigo Barriera (Sectigo), Mohit Kumar (GlobalSign), Wangmo Tenzing (Interested Party), Rebecca Kelley (SSL.com) Minutes Dean Coclin read the Antitrust policy. Minute taker is Brianca Martin. Prior meeting minutes: Approved F2F-New Delhi minutes that were sent on June 19th with one typo corrected, added an attendee, Scott Ray.
June 27, 2024 by Corey BonnellAgenda Roll Call Antitrust reminder Minutes Ballots Membership Other business Next meeting - July 11th Adjourn Attendees Dean Coclin (DigiCert), Atsushi INABA (GlobalSign), Brian Winters (IdenTrust), Brianca Martin (Amazon), Corey Bonnell (DigiCert), Inigo Barriera (Sectigo), Mohit Kumar (GlobalSign), Wangmo Tenzing (Interested Party), Rebecca Kelley (SSL.com) Minutes Dean Coclin read the Antitrust policy. Minute taker is Brianca Martin. Prior meeting minutes: Approved F2F-New Delhi minutes that were sent on June 19th with one typo corrected, added an attendee, Scott Ray.
2024-05-29 Minutes of the Code Signing Certificate Working Group
May 29, 2024 by Corey Bonnell2024-05-29 Minutes of the Code Signing Certificate Working GroupAttendees In the room Paul van Brouwershaven (Entrust), Bruce Morton (Entrust), Dave Chin (CPA Canada), Ben Wilson (Mozilla), Wayne Thayer (Fastly), Martijn Katerbarg (Sectigo), Dean Coclin (DigiCert), Corey Bonnell (DigiCert), Leo Grove (SSL.com), Tim Hollebeek (DigiCert), Tsung-Min Kuo (Chungwa Telecom), Rob Stradling (Sectigo), Nick France (Sectigo), Inigo Barreira (Sectigo), Sven Rajala (Keyfactor), Wei-Hao Tung (Chungwa Telecom), Romain Delval (Certigna), Josselin Alexmandou (Certigna), Arvid Vermote (Globalsign), Andreas Henschel (D-Trust), Kateryna Aleksieiva (Asseco), Joanna Brawata (Asseco), Eva Van Steenberge (Globalsign), Paul Brown (Globalsign), Christophe Bonjean (Globalsign), Stephen Davidson (DigiCert), Stefan Kirch (Telekom Security), Tadahiko Ito (SECOM), Michal Malinowski (Asseco), Adrian Mueller (Swissign), An Yin (iTrusChina), Chorus Li (iTrusChina), Mats Rosberg (Keyfactor), Kiran Tummala (Microsoft), Puja Sehgal (Microsoft), Mahua Chaudhuri (Microsoft), John Sarapata (Google Trust Services), Miguel Sanchez (Google Trust Services), Adriano Santoni (Actalis), Scott Rea (eMuhdra
May 29, 2024 by Corey Bonnell2024-05-29 Minutes of the Code Signing Certificate Working GroupAttendees In the room Paul van Brouwershaven (Entrust), Bruce Morton (Entrust), Dave Chin (CPA Canada), Ben Wilson (Mozilla), Wayne Thayer (Fastly), Martijn Katerbarg (Sectigo), Dean Coclin (DigiCert), Corey Bonnell (DigiCert), Leo Grove (SSL.com), Tim Hollebeek (DigiCert), Tsung-Min Kuo (Chungwa Telecom), Rob Stradling (Sectigo), Nick France (Sectigo), Inigo Barreira (Sectigo), Sven Rajala (Keyfactor), Wei-Hao Tung (Chungwa Telecom), Romain Delval (Certigna), Josselin Alexmandou (Certigna), Arvid Vermote (Globalsign), Andreas Henschel (D-Trust), Kateryna Aleksieiva (Asseco), Joanna Brawata (Asseco), Eva Van Steenberge (Globalsign), Paul Brown (Globalsign), Christophe Bonjean (Globalsign), Stephen Davidson (DigiCert), Stefan Kirch (Telekom Security), Tadahiko Ito (SECOM), Michal Malinowski (Asseco), Adrian Mueller (Swissign), An Yin (iTrusChina), Chorus Li (iTrusChina), Mats Rosberg (Keyfactor), Kiran Tummala (Microsoft), Puja Sehgal (Microsoft), Mahua Chaudhuri (Microsoft), John Sarapata (Google Trust Services), Miguel Sanchez (Google Trust Services), Adriano Santoni (Actalis), Scott Rea (eMuhdra
Ballot CSC-24 - Timestamping Private Key Protection
May 29, 2024 by Corey BonnellResults of Voting Yes No Abstain Certificate Issuers DigiCert, Entrust, Globalsign, HARICA, IdenTrust, Sectigo Certificate Consumers There were not enough Certificate Consumer votes to pass the ballot. Therefore, the ballot FAILS. Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to:
May 29, 2024 by Corey BonnellResults of Voting Yes No Abstain Certificate Issuers DigiCert, Entrust, Globalsign, HARICA, IdenTrust, Sectigo Certificate Consumers There were not enough Certificate Consumer votes to pass the ballot. Therefore, the ballot FAILS. Purpose of the Ballot This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 3.7 in order to clarify language regarding Timestamp Authority Private Key Protection. The main goals of this ballot are to:
2024-05-16 Minutes of the Code Signing Certificate Working Group
May 16, 2024 by Corey BonnellAttendees Atsushi INABA - GlobalSign, Ben Dewberry -Keyfactor, Brian Winters - IdenTrust, Brianca Martin - Amazon, Bruce Morton - Entrust, Corey Bonnell-Digicert, Dean Coclin-DigiCert, Dimitris Zacharopoulos - HARICA, Martijn Katerbarg - Sectigo, Mohit Kumar - GlobalSign, Richard Kisley (Guest), Scott Rea - eMudhra Minutes Antitrust statement was read. Meeting Minutes of 2nd-May-24 approved. Following Ballots were discussed. Removing EV Guidelines References: Dimitris removed the Organization Identifier requirements from the updates that had objection from the group.
May 16, 2024 by Corey BonnellAttendees Atsushi INABA - GlobalSign, Ben Dewberry -Keyfactor, Brian Winters - IdenTrust, Brianca Martin - Amazon, Bruce Morton - Entrust, Corey Bonnell-Digicert, Dean Coclin-DigiCert, Dimitris Zacharopoulos - HARICA, Martijn Katerbarg - Sectigo, Mohit Kumar - GlobalSign, Richard Kisley (Guest), Scott Rea - eMudhra Minutes Antitrust statement was read. Meeting Minutes of 2nd-May-24 approved. Following Ballots were discussed. Removing EV Guidelines References: Dimitris removed the Organization Identifier requirements from the updates that had objection from the group.
2024-05-02 Minutes of the Code Signing Certificate Working Group
May 2, 2024 by Corey BonnellAttendees Andrea Holland (VikingCloud), Atsushi INABA (GlobalSign), Brian Winters (IdenTrust), Brianca Martin (Amazon), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Janet Hines (VikingCloud), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Rebecca Kelley (SSL.com), Richard Kisley (IBM), Scott Rea (eMudhra), Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Wangmo Tenzing (Wangmo Tenzing) Minute-taker: Brian Winters Minutes AntiTrust Reminder read by Dean Coclin.
May 2, 2024 by Corey BonnellAttendees Andrea Holland (VikingCloud), Atsushi INABA (GlobalSign), Brian Winters (IdenTrust), Brianca Martin (Amazon), Bruce Morton (Entrust), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris (HARICA), Ian McMillan (Microsoft), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Janet Hines (VikingCloud), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Mohit Kumar (GlobalSign), Rebecca Kelley (SSL.com), Richard Kisley (IBM), Scott Rea (eMudhra), Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Wangmo Tenzing (Wangmo Tenzing) Minute-taker: Brian Winters Minutes AntiTrust Reminder read by Dean Coclin.
2024-04-18 Minutes of the Code Signing Certificate Working Group
April 18, 2024 by Corey BonnellAttendees Andrea Holland (VikingCloud), Ben Dewberry (Keyfactor), Brian Winters (IdenTrust), Bruce Morton (Entrust), Christophe Bonjean (GlobalSign), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Eva Vansteenberge (GlobalSign), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nome Huang (TrustAsia), Scott Rea (eMudhra), Thomas Zermeno (SSL.com), Tim Crawford (CPA Canada/WebTrust), Wangmo Tenzing (Wangmo Tenzing) Minute-taker: Corey Bonnell Minutes Bruce read the note well. Bruce said he will call for approval of the F2F minutes at the next meeting.
April 18, 2024 by Corey BonnellAttendees Andrea Holland (VikingCloud), Ben Dewberry (Keyfactor), Brian Winters (IdenTrust), Bruce Morton (Entrust), Christophe Bonjean (GlobalSign), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Eva Vansteenberge (GlobalSign), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (VikingCloud), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Nome Huang (TrustAsia), Scott Rea (eMudhra), Thomas Zermeno (SSL.com), Tim Crawford (CPA Canada/WebTrust), Wangmo Tenzing (Wangmo Tenzing) Minute-taker: Corey Bonnell Minutes Bruce read the note well. Bruce said he will call for approval of the F2F minutes at the next meeting.