CA/Browser Forum
Home » All CA/Browser Forum Posts » 2015-04-16 Minutes

2015-04-16 Minutes

CA/Browser Forum Minutes Apr. 16, 2015 Attendees: Dean Coclin, Bruce Morton, Atsushi Inaba, Doug Beattie, Kirk Hall, Gerv Markham, Jennifer Stanford, Ben Wilson, Atilla Biler, Volkan Nergiz, Wayne Thayer, Tim Shirley, Robin Alden, Patrick Tronnier, Mads Henriksveen, Ryan Sleevi, Burak Kalkan, Tim Hollebeek, Jody Cloutier, Eddy Nigg, Stephen Davidson, Jeremy Rowley

  1. Minutes of 2 April meeting were approved. These will be posted to the public list. Minutes of Cupertino face to face meeting also approved and will be posted.
  2. Ballot 146 (Conversion of BRs): Voting closing today. Appears it will pass.

Kirk may submit ballot on bylaw changes shortly.

Jeremy is circulating a pre-ballot on domain validation.

  1. Domain Validation emails and US-CERT advisory: Current ballot removes attorney/accountant letter for validation of domain name. Discussion with Anoosh on the list about various validation issues. Jeremy is looking for endorsers on the current ballot. Dean stated Symantec does get requests for lawyer opinion letters. Jeremy said this ballot would prohibit that. Kirk said there are a lot of moving parts in this ballot and suggests another call with Validation Working Group before going to a ballot. Jeremy said it’s been out there for quite a while and hasn’t received many comments. Kirk said he’s still reviewing it and will provide comments shortly.
  2. Interested Party Application, Richter: We have received an Interested Party application from a firm in Canada called Richter. New IPR was signed by an appropriate party and there were no objections. Kirk asked whether they are participating on behalf of WebTrust or themselves. Dean assumed it was for themselves.
  3. Microsoft program changes for 2015: Jody said they are updating their program and audit requirements and would like to send out to the members for comments. Expects to have comments returned by May 15. Each CA will have to sign a new agreement with Microsoft. Each CA needs to have an NDA with Microsoft and should send an email to xxxxxxxx@microsoft.com (redacted for public list) if they don’t already have one. Highlights: Considering their own validation requirements for high value Microsoft domains. Requiring WebTrust baseline for all SSL operations. All government CAs (operated on or behalf of a government) will have to be constrained. Expanded incident response requirements. A more detailed discussion will be had in Zurich during the face to face meeting.
  4. Validation Working Group: No further updates other than domain validation.
  5. CSWG: Dean and Jeremy need to connect to close 1 open item
  6. Policy Review Working Group: Awaiting passage of ballot 146. Next step is to prepare draft of other sections that are recommended to change.
  7. Info Sharing Working Group: Ben has emailed the group with minutes of last meeting which discussed a system to share information (TAXII and STIX).
  8. Other Business: A draft agenda for Zurich has been circulated. Members decided they did not want a presentation from Netcraft or any other commercial businesses during the regular meeting unless the presentation involved something around open standards. Kirk said that he’s seen presentations like this can be done after the formal agenda has concluded. Eddy agreed. Ben asked for a slot on Ballot process/preparation (30-40 mins). Ryan asked if we could discuss the marked down version of the BRs from Peter Bowen that helps us optimize ballots. Possibly combine this with Ben’s session. Ryan feels this will streamline the process for updates and tooling of the BRs. Dean will add to the agenda.
  9. Next meeting: April 30th.
  10. Adjourned.
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).