CA/Browser Forum
Home » Posts » 2014-10-30 Minutes

2014-10-30 Minutes

  1. Antitrust Statement was read.

  2. Roll Call: Dean (Symantec), Rick (Symantec), Bruce (Entrust), Ben (Digicert), Atsushi (Globalsign), Atilla (TurkTrust), Jeremy (Digicert), Tim S (Trustwave), Tim H (Trustwave), Matt (Apple), Doug (Globalsign), Kirk (Trend Micro), Wayne (GoDaddy), Joe (Wells Fargo), Gerv (Mozilla), Erwann (OpenTrust), Eddy (Startcom), Patrick (Swisscom), Aaron (Microsoft), Kelvin (Microsoft)

  3. Agenda reviewed.

  4. Minutes of 16 October 2014 and Beijing F2F meeting were approved. Ben to post on website

  5. Ballot Review.

Ballots 118, 123, 134, 135, 137 and 138 have passed.

Ballot 139 for Vice Chair has concluded with Kirk Hall as the winner. Congratulations Kirk and thanks to all the candidates for their participation**.**

An error to one of the recent BR edits was pointed out by a member. Ben acknowledged it and will review, fix and post to the website.

A discussion on revocation ensued. Gerv postulated that not everyone understands how browsers treat revocation. Kirk asked if a summary document could be developed. Gerv said he distributed one earlier this year and he will re-distribute after the meeting.

  1. Financial Responsibility for CAs. With the failure of Ballot 133 (Insurance Requirements for EV), Kirk and Ben have “reset” the discussion around financial responsibility for CAs. CAs should have some financial responsibility. If the CA is terminated, it should have funds to run CRLs, archiving, etc. The goal of this requirement is that CAs have some minimum capital requirements which could be based on number of certs issued (for example). Ben supports Kirk’s approach but it needs more discussion.

  2. Continued Discussion of Policy OIDs for DV and OV Certificates: Dean sent out a table which summarized the issues raised in response to his original email and asked the group to review and comment. Erwann pointed out an error which will be fixed once all comments are received and another version will be sent out for discussion on the next call.

  3. EV Working Group: Discussions about using video conferencing technology for vetting and improving attorney opinion letters occurred in the last meeting. The group will form a ballot for review that will address attorney opinion letters.

  4. Code Signing Working Group: The public comment period for the draft BR for code signing is now closed. The group will compile those comments and send out a final draft to the management list. They will also meet with Don and the audit team to verify auditability of the BR.

  5. Policy Review Working Group: Ben is still looking for volunteers to help work on certain sections of the document. He will resend the invitation to the forum.

10a. Information Sharing Working Group: This group is just being formed. Ben will request Wayne to pull together a formal mailing list and will solicit interested members from the Forum.

  1. CA/B Forum directory: Kirk suggests we put a directory on the wiki with names of companies, representatives, contact details and photos. He asked if anyone was against having their information published on the wiki (accessible only by forum members) to contact him.

  2. Any other business: Dean will send out a Doodle poll to finalize the dates for next year’s CA/B Forum meeting in Istanbul hosted by E-Tugra. Potential weeks are Sept 28th, Oct 5, or Oct 12th.

  3. Next phone call - Thurs. Nov. 13th We’ll talk again in two weeks. Dean cannot lead the call that day so Kirk will take charge.

  4. Meeting adjourned.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).