CA/Browser Forum
Home » All CA/Browser Forum Posts » 2014-05-01 Minutes

2014-05-01 Minutes

Notes of meeting, CAB Forum, 1 May 2014, Version 2

1. Antitrust Statement

2. Agenda reviewed.

3. Present: Atsushi Inaba, Jeremy Rowley, Ben Wilson, Kirk Hall, Moudrick Dadashov, Dean Coclin, Eddy Nigg, Doug Beattie, Atilla Biler, Rick Andrews, Marcelo Silva, Wayne Thayer, Mert Ozarar, Gerv Markham, Iñigo Barreira, Cecilia Kam, Tom Albertson, Stephen Davidson

4. Minutes of 17-April-2014. The minutes were approved.

5. Ballot review: Voting on Ballot 121 EVG Insurance and Ballot 122 Verified Method of Communication close next week. Atilla said that there may be a need for rewording the ballot that will put clear alternatives for the current insurance scheme. Otherwise, simply accepting this ballot will cause ambiguity, whereas totally rejecting this ballot and ignoring the difficulties (in terms of local jurisdiction and insurance legislation of different countries) will sustain applicability problems.

6. Discussion: Ballot 123 Pre-Draft: Section 11.13 worked on by Jeremy, Cecilia, and several other members of the EV Working Group. The intent is just to clarify the current provisions regarding the reuse of previously verified information. The only major change is in section 11.13.3(2), which is to clarify when the date for document validity begins the period in section 11.13.3(1)-more recent / later of the date when it was gathered, or if the certificate issues within 30 days of when the first piece of info was gathered, then you can use the certificate issuance date. That is the only change that should change anyone’s practices; the rest is to get rid of the inconsistencies that have arisen out of modifications. We’ll start the ballot process with a review and comment period today, so let Jeremy or Cecilia know if you have any changes.

7. Next Face-to-Face Meeting: StartCom is helping everyone make flight arrangements between Tel Aviv and Eilat. If you have not RSVP’d yet, please send an email to Ben and Eddy. Ben will send out an email reminder to those who have not signed up.

8. Working group updates:

Code Signing WG: A discussion draft for the Forum should be ready very soon. The next call is at 1500 UTC on Thursday, May 8.

EV Guidelines WG: Besides the three recent ballots, the EV WG continues work on additional sections. The next call is at 1600 UTC on Thursday, May 8.

Performance WG: Brian Smith is still involved. Wayne will email him.

9. Any Other Business: CAA discussion: Jeff Hodges recently asked about CAA implementation. Phil Hallam Baker had proposed something previously. Rick said that Symantec is still planning on implementing it, but has run into potential roadblocks with lack of support from DNS server providers. Ryan said that the big issue is that in order to have server software, there has to be more incentive that demonstrates there is more support from CAs that will use it; otherwise there is no use for it. Phil’s proposal was still a good one, but it needs to be revisited. Gerv said that he was no expert, but that his understanding was that most DNS software, certainly BIND, will allow you to put in CAA records without explicit support, but it is a little more of a pain than it should be. Rick said that was not the impression he got when he last asked his folks, but admitted he wasn’t too involved in the technical review. Jeremy agreed that it was his understanding that it could be done with BIND. It was decided to revisit Phillip’s last suggestion – that CAs will be required to publish something in their CPS that states their CAA implementation policy or practice. Rick will take a crack at writing up a ballot.

10. Next phone call - Thurs. May 15

**11. Meeting adjourned. **

Latest releases
Server Certificate Requirements
SC099: Improve Recording of Validation Methods - May 19, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).