CA/Browser Forum
Home » All CA/Browser Forum Posts » 2015-01-08 minutes

2015-01-08 minutes

Minutes Jan. 8, 2015 Attendees: Dean, Davut, Patrick (OATI), Wayne, Atsushi, Ben, Kirk, Atilla, Gerv, Doug, Eddy, Jeremy, Tim H(Trustwave), Cecilia, Ryan S, Stephen, Chris (Trustwave), Kubra, Volkan (Turktrust), Robin, Bruce, Tim S (Trustwave), Sisel (Buypass), Peter (Disig), Rick

  1. Minutes of 12 December meeting were approved. These will be posted to the public list.
  2. .Onion proposal: Jeremy is looking for a 2nd The proposal is for EV vetting of .Onion domains, which provide the value as to who is operating the service (removing anonymity for the service provider). He is working with IANA to reserve a .onion name but this is progressing slowly and may not happen before it goes to ballot.
  3. Ballots 141/142: Kirk and Gerv have reposted the ballots and voting will begin next week. Stephen said he is opposed to removing the insurance requirement and that it’s not a meaningful barrier to entry to the CA business. It also sends the wrong message about the value of our services to the world. He believes the liability proposal from Trend is hard to define for many CAs and that they will ‘wing it’ which will weaken the current system.

Kirk said the current EV insurance requirements don’t provide benefits to anyone. Eddy agreed that the current insurance is useless. Stephen said the complexity of ballot 141 would require CAs to do a lot of diligence with their management and legal teams which they may not be willing to do for this ballot. Dean suggested that CA’s be required to post the type of insurance they have in their CPS. Stephen said that’s fine but we’re trying to have consistency among all CAs.

  1. IPV6: Ryan is looking for a co-sponsor or input to the question from CAs on the infrastructure challenges. Wayne said that data from GoDaddy is coming.
  2. Brand Registry Group: Letter received from this organization looking to “cooperate with the Forum”. This group owns TLDs. Gerv: they probably want *. certificates. The consensus was that we would be happy to work with them but since they are not a CA or a browser, their “participation” is limited to working groups. It was suggested that they participate in the EV Working Group to start. Dean to compose a letter back to BRG indicating ways we can cooperate.
  3. Info Sharing List: Ben revised the wiki with a draft of a structure on how this could work going forward. It would be not binding.
  4. EV Working Group: would like to change their name/charter to “Validation” Working Group to include BR and EV validation. This requires a ballot.
  5. CSWG: Working to finalize the latest version after some minor updating
  6. Policy Review Working Group: Will be meeting in Boston on Jan 27th to try and make progress. Five confirmed attendees so far. Expecting 2-3 more.
  7. Info Sharing Working Group: Ben has been sending out informational documents to help educate the group. Would like more participation from EU CAs.
  8. Kirk updated the status for the Cupertino meeting in March. Strongly suggested folks put in their hotel requests now to lock in the rates. Please add your names to the wiki to confirm your attendance.
  9. Dates confirmed for Summer meeting in Zurich: June 23-25th. Fall meeting Oct 6-8th.
  10. Next meeting: Jan 22nd
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).