CA/Browser Forum
Home » Posts » 2015-07-23 Minutes

2015-07-23 Minutes

Minutes July 23, 2015

Attendees: Atsushi Inaba, Ben Wilson, Billy VanCannon, Bruce Morton, Dean Coclin, Dimitris Zacharopoulos, Gerv Markham, Jeremy Rowley, Jody Cloutier, Kirk Hall, Mads Henriksveen, Mat Caughron, Patrick Tonnier, Peter Miscovic, Rick Andrews, Stephen Davidson, Tim Hollebeek, Wayne Thayer

  1. Antitrust statement was read by Dean

  2. Roll Call

  3. Review Agenda: Ben asked to add “github” as a topic.

  4. Approve minutes of July 9, 2015 meeting: Minutes approved. Approve minutes of Zurich F2F meeting. Minutes approved.

  5. Ballot Status: Ballot 149: The ballot passed. Domain Validation: To be discussed during working group updates later in the call. IV OIDs Ballot 150: Dean decided to pull the ballot again due to some last minute comments and will re-post.

  6. Microsoft Root Program Updates: Jody worked through the outstanding issues and believes he is done. The root cert requirements have been revised and published. Dean said it’s not easy to see changes. Jody is working to move to github to make it easier to see changes. He summarized the current section changes as follows: Section 4.C3, 4.A15, deleted 4.C2, typo in 4.6D5. In the subcontracting section, they will remove “resellers” that don’t have the ability to cause cert issuance. Once the github versions are up and running, he will let the members know. Rick stated that the document should clarify that these requirements only apply to new certificates and not existing ones. It also should not apply to roots not in the program. Kirk suggested that version number of the document be added to the top of the page.

  7. CNNIC Application: The application for membership was approved. Dean to send email to CNNIC. Ben to update membership list on website.

  8. PAG formation: Dean reiterated the formation of the Patent Advisory Group, in accordance with the IPR policy. The first call will be on 7/24 and a chair will be elected. An email list has been created: pag@cabforum.org

  9. Certificate Validity: This was discussed in Zurich. Kirk suggested that we discuss this in the validation working group to come up with some recommendations. Dean suggested that members that are not on the validation list may be interested in joining and asked that when this topic is discussed, that the management list be copied so that others can join the call. Kirk suggested a grid be developed with the different options and pros/cons. He will take a stab at it.

  10. Working Group Updates: Validation: Ben gave the update. Group is talking about simplifying the list of domain validation proposals. Also discussing the “well known directory” and “expected port” and having the client demonstrate something through that. He mentioned some similar work is going on in IETF. Code Signing: Dean said they are down to 2 items which are minor: SHA1 code signing certs, which will require a revision to the policy (to accommodate Vista) and a change to the Timestamp Authority section. Policy: the working group continued reviewing Section 5 but recommended that we have a face to face meeting which was scheduled on Sept 9th at Symantec in Washington, DC. We have 6 people signed up so far. Information Sharing: Meeting tomorrow at 1600 UTC.

  11. Other business: Istanbul meeting still on for Oct. 6-8th. Davut sent a note to Dean that he is down to 3 hotels and is getting final offers from them. The wiki page is open for registration now. Dean stated that Mr. Andrea Servida from the EU will give a talk on EU Qualified SSL certificates on Oct. 7th. For the Feb 2016 meeting, Dean stated that the preferred date is the week of Feb 16th. Wayne confirmed that GoDaddy will host that week.

  12. Github: Ben stated that he is working on the Baseline Requirements on github and invited all to give him their user name so they can be added to the cabforum list there. About 20 people are subscribed so far. Ben said he will talk to Ryan Sleevi about doing a more detailed tutorial for novice github users. Tim suggested we do a mock ballot for practice.

  13. Other business: Jody stated they are seeing more signed code malware from individual developers from .ru, .ua. A detailed memo will be sent to the list today.

  14. Next Teleconference Aug 6th.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).