CA/Browser Forum
Home » All CA/Browser Forum Posts » 2014-05-01 Minutes

2014-05-01 Minutes

Notes of meeting, CAB Forum, 1 May 2014, Version 2

1. Antitrust Statement

2. Agenda reviewed.

3. Present: Atsushi Inaba, Jeremy Rowley, Ben Wilson, Kirk Hall, Moudrick Dadashov, Dean Coclin, Eddy Nigg, Doug Beattie, Atilla Biler, Rick Andrews, Marcelo Silva, Wayne Thayer, Mert Ozarar, Gerv Markham, Iñigo Barreira, Cecilia Kam, Tom Albertson, Stephen Davidson

4. Minutes of 17-April-2014. The minutes were approved.

5. Ballot review: Voting on Ballot 121 EVG Insurance and Ballot 122 Verified Method of Communication close next week. Atilla said that there may be a need for rewording the ballot that will put clear alternatives for the current insurance scheme. Otherwise, simply accepting this ballot will cause ambiguity, whereas totally rejecting this ballot and ignoring the difficulties (in terms of local jurisdiction and insurance legislation of different countries) will sustain applicability problems.

6. Discussion: Ballot 123 Pre-Draft: Section 11.13 worked on by Jeremy, Cecilia, and several other members of the EV Working Group. The intent is just to clarify the current provisions regarding the reuse of previously verified information. The only major change is in section 11.13.3(2), which is to clarify when the date for document validity begins the period in section 11.13.3(1)-more recent / later of the date when it was gathered, or if the certificate issues within 30 days of when the first piece of info was gathered, then you can use the certificate issuance date. That is the only change that should change anyone’s practices; the rest is to get rid of the inconsistencies that have arisen out of modifications. We’ll start the ballot process with a review and comment period today, so let Jeremy or Cecilia know if you have any changes.

7. Next Face-to-Face Meeting: StartCom is helping everyone make flight arrangements between Tel Aviv and Eilat. If you have not RSVP’d yet, please send an email to Ben and Eddy. Ben will send out an email reminder to those who have not signed up.

8. Working group updates:

Code Signing WG: A discussion draft for the Forum should be ready very soon. The next call is at 1500 UTC on Thursday, May 8.

EV Guidelines WG: Besides the three recent ballots, the EV WG continues work on additional sections. The next call is at 1600 UTC on Thursday, May 8.

Performance WG: Brian Smith is still involved. Wayne will email him.

9. Any Other Business: CAA discussion: Jeff Hodges recently asked about CAA implementation. Phil Hallam Baker had proposed something previously. Rick said that Symantec is still planning on implementing it, but has run into potential roadblocks with lack of support from DNS server providers. Ryan said that the big issue is that in order to have server software, there has to be more incentive that demonstrates there is more support from CAs that will use it; otherwise there is no use for it. Phil’s proposal was still a good one, but it needs to be revisited. Gerv said that he was no expert, but that his understanding was that most DNS software, certainly BIND, will allow you to put in CAA records without explicit support, but it is a little more of a pain than it should be. Rick said that was not the impression he got when he last asked his folks, but admitted he wasn’t too involved in the technical review. Jeremy agreed that it was his understanding that it could be done with BIND. It was decided to revisit Phillip’s last suggestion – that CAs will be required to publish something in their CPS that states their CAA implementation policy or practice. Rick will take a crack at writing up a ballot.

10. Next phone call - Thurs. May 15

**11. Meeting adjourned. **

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).