2014-09-04 Minutes

Minutes of CA/B Forum Teleconference – 4 Sept. 2014

1. Antitrust Statement: Read.

2. Roll Call: Ben Wilson, Robin Alden, Eddy Nigg, Kelvin Yiu, Doug Beattie, Bruce Morton, Atilla Biler, Geoff Keating, Mads Henriksveen, Gerv Markham, Kirk Hall, Tim Shirley, Dean Coclin, Annabel Lewis, Jeremy Rowley, Richard Wang, Ryan Sleevi, Dave Barnet, Patrick Tronnier, Atsushi Inaba, Aaron Kornblum, Chris Casciano, Tim Hollebeek, Tom Albertson, Steve Roylance

3. Agenda was read. Eddy suggested that SHA 1 be discussed under “any other business.”

4. Minutes of 21 August 2014 approved.

5. Minutes of Eilat Face-to-Face: Ben quickly reviewed last face-to-face minutes and explained that he would go through the content one more time, but barring any objections, would post them. There were no objections.

6. Ballot review: Ballot 131: voting closes today on “Verified Method of Communication”. Mads said he asked for a clarification to the ballot yesterday, which he would like before voting closes. He sent questions to the drafters. Jeremy will take a look at it and get it back to him. Voting on Ballot 132 – Time Stamp Validity Period for EV Code Signing starts next week. On Ballot 125 for CAA, are we ready to go forward on this? Ryan had indicated that he would endorse it and Rick Andrews was one of the proposers. Ben was another endorser. That ballot looks ready to go. Ballot 123 will be ready to go and Jeremy will present it after Ballot 131 finishes.

Dean: Steve, I have a question on the time stamping ballot.

Steve: This ballot stems from the fact that we picked 9 years plus one, and it should have been 10 plus one. If you set the minimum of 10 years then you have an extra 3 months. We need to sign documents for Japanese legal requirements that have 10 years minimum years validity on the certificate which requires a longer validity for time stamping.

7. Membership Application of 360 Browser: Ben said that there have been a few emails back and forth on whether 360 Browser is affiliated with WoSign. Recently, Richard communicated that he had talked with representatives of 360 and that they had indicated that they were going to withdraw their application. Ben said that we do not want them to withdraw their application and that we should at least let them know that they are still welcome to join in conversations at the face-to-face meetings. Ben said he thought there was no longer any confusion based on Richard’s emails clarifying that the two parties do not have a common ownership problem now. Richard said that while 360 wants to join the CA/B Forum, they were going to withdraw their application in order to avoid arousing suspicion. Ben asked Dean for his thoughts. Dean said that he only raised the common ownership issue because we have had concerns in the past to not allow anyone join both as a CA and as a browser. If there is common ownership, then that is a concern, but if they want to participate at the face-to-face, since we’ll be in China, then that’s fine. Ben said that technically they haven’t withdrawn, it was Richard relaying an intent to withdraw to us. Dean and Ben suggested that the status of 360 could be “pending”. Kirk said that, in theory, even if they are the same company as WoSign, then they should be able to attend. But if they are not, then they should be able to participate in their own right. Kirk suggested that we review the information a little more closely, and Ben suggested that we put this on the back burner until after the face-to-face meeting but to let 360 know they are invited to attend.

8. Nominations for Vice Chair: Dean requested that since all candidates will be at the face-to-face meeting, we should take some time to allow them to present their thoughts, say something about themselves and why they want to be vice chair. Ben suggested that we now declare nominations closed, since that was what we had discussed and planned for during the last call. There was no objection.

9. Review of Upcoming Face-to-Face meetings: Dean had sent out a poll for the meeting in Zurich. He indicated that June 23 was the lead candidate. We have a total of 19+ responses. Conny will have to decide, and I will leave it up to the membership to decide when they want to close voting on this. Maybe we could just settle on June 23? Dean will send Conny an email to re-confirm that the date is still good.

Review of the agenda and logistics for Meeting 33. We could use some additional time to cover the browsers and their updates. That does seem like a topic that people usually want to spend more time on than anticipated. We’ll add discussion time for the nominees for vice chair. We will still have two slots open on Thursday afternoon if anyone has suggestions-although it might be good to keep one of them open for anything that might come up–current security topics going on right now. We have about 30 people scheduled. If there are any questions about logistics, please contact Richard by email. Kirk thanked Richard for setting up so many extra things.

10. Any Other Business: Ben said he had not put any reports from working groups on the agenda, but that we have time to discuss those now, if we’d like.

EV Working Group: Jeremy said that there is one more ballot coming out. We are also looking at domain verification as well as verification of EV roles. There is a lighter agenda each time now, and we’re finishing up.

Code Signing Working Group: Dean said we’re receiving comments and processing them. Dean also sent the draft guidelines to 7 large software vendors. When we get closer to the comments deadline we will work on them a little more.

CP Review Working Group: We had a call, and one of the goals/tasks that we’re working on is a matrix for everything that is in the BRs and comparing it to RFC 3647 and the things that NIST had populated in the network security area of its model CP–there are places where we don’t have certain things. Ben will go through and fill in those gaps with a blurb of why there is a gap and what we might do to fill it. We are going to try to make sure that they are not new and additional and unreasonable and they fit in with actual practice. Also, for things like password policies, we’re going to try not to create crazy password rules, etc.–we’ll be going back through the network security document.

SHA1 Transition: Eddy said he wanted to chime in. He isn’t clear where Google and Microsoft are in relation to SHA1 policy as stated in the BRs, but there are CAs issuing certificates for 5 years. There should be a different way to introduce such changes. It was obvious at that time, when we changed the validity period that changes would be difficult for CAs to accommodate. There are tons of certificates with SHA1 and he has questions about due process. Is there a better way to develop consensus among CAs and browsers? Maybe a change in the BRs is the better approach?

Ryan: The validity / lifetime of certificates has been one of Google’s concerns because it affects the ability of the ecosystem to respond to issues. There are other root programs that have their own requirements. So, even though it may be permissible in the BRs, the BRs don’t represent the upper end, they represent the lower end. So, we may and almost certainly will continue to have more stringent requirements.

Eddy: Would it not be much more preferred to go through the CA/B Forum and get some consensus and include it in the BRs? I think there was some effort, at least in part, if we would have made a motion for it, it would have been more clear. The problem is that now, we might have a browser say, “ok, we will deprecate this in 6 weeks, or two months…”

Ryan: I appreciate your concerns, and I won’t try to respond point-by-point, but just say that this is how the browser root programs work and how the Baseline Requirements came to be. You’ll continue to see divergence among browsers on how they treat requirements. Unless browser root programs can all agree, that will be the case. Our primary goal is to serve the security of our users. So, your question should be why did Microsoft decide that SHA1 certificates would no longer be valid 2017 January 1?

Ben: Before Microsoft talks, I recall that when we were working on this discussion at one of our face-to-face meetings, in fact earlier this year, I worked on a draft ballot for SHA1 sunsetting for the CA/B Forum – ballot 118. I put it aside and stopped working on it because we couldn’t make progress, and I assumed the next step would be that everyone was going to be sunsetting on their own. There is still that draft ballot if anyone thinks that we can come up with an industry, CA / Browser-wide policy on this.

Eddy: It depends on what the browsers agree on, and whether it’s consistent with what Microsoft wants and what Google wants.

Ben: I’d like to see us come to a meeting of minds on this and have it in the Baseline Requirements, because once it’s there, there will be less dispute.

Doug: Once we agree on something, even if it doesn’t go as far as what Google wants, at least we have some direction.

Kelvin: We spend a lot of time planning these policy things to make sure there is an orderly transition away from things like SHA1. Microsoft has had a lot of heated conversations internally, about speeding up the SHA1 date and disrupting the existing ecosystem, and eventually the decision is based on balancing the schedule based on experience with MD5, etc. In looking at the data, we are disappointed that CAs are still issuing SHA1 certificates. My goal would be push CAs forward.

Eddy: I think we’re going to see a lot of SHA1 certificates still valid in 2017. I’d like to see something that allows us to make changes on a more reasonable time frame given that SHA1 has not been compromised.

Gerv: The dollar figure for how much it costs to accomplish a SHA1 attack drops every year with the advancement of computing power. It is within the budget of some to attack SHA1 successfully.

Kelvin: Once a successful SHA1 attack is announced, it will be hard to tell whether the certificate was issued before the attack or after. We were expecting when we made our policy public, that we start cutting down the number of SHA1 certificates being issued.

Ryan: There were several efforts and discussions about putting this in the BRs, and there was vocal opposition, so it was not without effort at the Mountain View face-to-face that we tried to memorialize this within the BRs. When something does not become part of the BRs, but part of the browser’s program, then it is the browser’s job to make sure that it is enforced.

Kelvin: So are you suggesting that the browsers need to be more aggressive and stricter in enforcing these requirements?

Ryan: I was just responding to Eddy’s comment about something being permissible in the BRs. And there was an effort to reflect the Microsoft policy in the Baseline Requirements, but it appeared that that effort would certainly fail. So having it in the Baseline Requirements, or especially because of backdating, that does not mean that the certificate will always be valid.

Eddy: I’d like to explore why this could not be done in the future in order to prevent this-what browsers could do to coordinate, they could propose their own ballot, instead of having to face each browser separately and having to figure out which UI with which browser you get at each stage of the transition, which type of certificate, which part of validity.

Kelvin: This has been an issue from day 1. Browsers will have different UIs and implement things based on what they believe is best for their users. It’s not going to be the same. It will be based on their own experience. But browser root store requirements have been diverging for some time, so maybe it is worth looking at this across all browser vendors and seeing if we can take some subset of requirements that we all agree on and take them into the BRs or take the BRs over to the browser documents. It does make things clearer for the CAs.

Eddy: Yes. Maybe if you can work with Ben on ballot 118, modify it, and get that out.

Kirk: One suggestion about the process for browsers in the future–if you would, could you please bring your ideas first to the Forum, and if possible, get the Forum’s feedback? Get the proposal in front of the Forum for a vote, and then if we are not responsive, then go do what you have to.

Eddy: Browsers can bring forth ballots as well. They should forward a ballot. Microsoft did talk about it, and made the announcement on their side. Browsers certainly have more power, but even though there has bee a warning from browsers, there is still competition among CAs, so CAs will continue to issue SHA1 certificates.

Ben: Thanks everyone. We need to wrap this conversation up for now.

11. Next phone call: Thurs. 2 October 2014

12. Meeting adjourned.