CA/Browser Forum
Home » Posts » 2013-08-22 Minutes

2013-08-22 Minutes

Notes of meeting

CAB Forum

22 August 2013

Version 1

1. Present: Dean Coclin, Atsushi Inaba, Ben Wilson, Mads Henriksveen, Sissel Hoel, Kirk Hall, Eddy Nigg, Atilla Biler, Mert Ozarar, Rick Andrews, Geoff Keating, Gerv Markham, Stephen Davidson, Wayne Thayer

2. Agenda review: Approved as published.

**3. Minutes: ** The minutes of August 8, 2013, were approved as published.

4. Ballots: No ballot voting processes are pending. However, the following ballots are being revised and will be re-presented for voting: Ballot 89 (EV Processing Recommendations), 103 (clarification on OCSP Stapling), 107 (removal of specific version numbers and URLs), and 108 (definition of SSL certificate scope).

On Ballot 89, Wayne will be asked to remove the old version of the EV Processing Guidelines and Rick will update the EV Processing Recommendations this week. Kirk and Ben have said that they will endorse the ballot.

Mads said that after reading the minutes from the last meeting he is unclear about the ballot process and what his responsibility should be as the proponent of the ballot. Ben said he understood this confusion due to the way we pulled Ballot 107 out of voting. Kirk said his comments during the last meeting about inadequate preparation of ballots were directed more at complicated changes to guidelines and not necessarily simple changes to cross-references. Ben said that Ballot 107 faced several minor comments which we were not able to get resolved to people’s satisfaction before the time came to start voting and that is why we pulled it rather than follow some other course of action. Ben, Mads, Kirk and Iñigo will circulate and discuss a revised Ballot 107 offline before bringing it back for vote.

5. Announcements: The EV Guideline Revisions Working Group will begin meeting every other week, starting next Thursday, 29-Aug at 1600UTC, on a schedule that alternates opposite to this meeting . It was suggested that this be announced by email. The group will take a comprehensive look at the EV Guidelines since it has been 5 years since they were created. The group will perform a high-level review the EVGs and make suggestions about what ought to be changed. After an initial body of work has been done by the working group, they will report back and invite comments from others and from interested parties who are not members of the CA/Browser Forum. Ben also announced that Tim Moses was back from sick-leave and that it looked like the pace of work WPKOPS in IETF would pick up again.

Atilla asked about which working groups were still active. Dean said that we have the Code Signing working group, the Revocation working group, and the EV Guidelines working group. It was suggested that we list those working groups on the website or wiki. We should also plan that the working group meetings on Tuesday Sept. 24 (prior to the plenary face-to-face in Ankara) will take more than just a half day as it has in the past. It was suggested that Code Signing and EV Guideline working groups each take 3 hours. The Revocation working group will not likely need even one hour on Tuesday. Atilla and Mert need to have a count for the number of people who will be in attendance during Tuesday’s working group sessions (as well as for the entire F2F meetings on Wednesday and Thursday).

6. Review recent inquiries about joining CABF and levels of engagement with CABF-recognized liaisons/ interested parties: Dean mentioned he was drafting a welcome page for the web site to introduce new members. Recently we’ve been contacted by: Disig (Slovakia), Firma Profesional (Spain), WoSign (China), První CA (Czech), AS Sertifitseerimiskeskus (Estonia), OATI (US), and others. He will complete the welcome message for the website when the more recent applicants have been squared away.

The role and privileges of non-member interested parties was discussed in relation to our liaison relationship with ICANN. Kirk explained that the early drafts of the bylaws mentioned “observer” status. The bylaws that were adopted use the term “interested parties”. The bylaws say that interested parties may be invited to participate in working groups related to their areas of expertise. Kirk asked whether the scope of ICANN’s interest was limited. He also noted that allowing a multitude of interested parties to participate in meeting discussions would create an unmanageable situation. Eddy said that that collaboration and communication between ICANN and the CA/Browser Forum is very important. Also, the ICANN relationship is unique, so we shouldn’t define a limited scope to their involvement because unlike others, ICANN’s interest in what we do is likely to be broad. Ben said that the key distinction between members and interested parties when it comes to participation is that interested parties do not have voting rights. Still, he needed some direction from the group on two key areas - wiki access and the management mailing list because if an interested party is involved, then they need to know more details about meetings. Dean asked and Ben confirmed that ICANN had signed the IPR policy. In conclusion, it was generally agreed that ICANN is a special case and that for any other potential interested party that we discuss we need to conduct a careful review of their anticipated scope of participation and each time it will need to be done on an ad-hoc / case-by-case basis.

Rick noted that the discussion reminded him that Oracle is getting closer to making an application for membership as a browser. Ben noted that the bylaws define “browser” as a provider of software with browsing capability, so we might need to revise the definition of “browser” even if we do not change the term. He also noted that we have discussed in the past whether we need to rename our organization to something else. He also said that we ought to make the change to our bylaws before Oracle submits its application, if we can, and that we have previously drafted language that would resolve this issue.

7. Agenda planning for F2F meeting in Ankara: – Atilla and Mert announced that approximately 13 people have RSVP’d. Once they have the number of attendees, they can finalize hotel, meeting space, dinner, and travel arrangements. Then they will send out another announcement during the first of next week. Ben said he would send out an email reminding people that they need to RSVP. Ben will also put a draft agenda up on the wiki or on a Google spreadsheet.

8. Review status of website revisions: Not discussed.

9. Any Other Business: None.

10. Next phone calls: It was agreed that we should have two more calls before the face-to-face – Thurs. Sept. 5th and Thurs. Sept. 19th so that we can communicate any last minute instructions before the face-to-face.

11. Meeting adjourned.

Latest releases
Code Signing Requirements
v3.7 - Mar 4, 2024

S/MIME Requirements
v1.0.4 - Ballot SMC06 - May 11, 2024

Ballot SMC06: Post implementation clarification and corrections

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).