CA/Browser Forum
Home » All CA/Browser Forum Posts » 2016-02-04 Minutes

2016-02-04 Minutes

Minutes of CA/B Forum Teleconference – February 04, 2016.

Attendees: Andrew Whalley (Google), Atsushi Inaba, Ben Wilson, Bruce Morton, Dean Coclin, Dimitris Zacharopoulos, Doug Beattie, Gervase Markham, Jeremy Rowley, Kirk Hall, Li-Chun Chen, Mads Henriksveen, Marcelo Silva, Moudrick Dadashov, Neil Dunbar, Patrick Tronnier, Peter Bowen, Peter Miscovic, Rich Smith, Rick Andrews, Robin Alden, Ryan Sleevi, Tyler Myers, Volkan Nergiz, Wayne Thayer, Wendy Brown

  1. Antitrust Statement was unintentionally skipped and not read at the start of this meeting.

  2. Roll Call completed

  3. Agenda Reviewed.

  4. Minutes of 21st January meeting: The revised minutes were approved and will be sent to the public list.

  5. Ballot Status: Two ballots are in the voting period. Ballot 157 (IPR) and Ballot 160 (BR changes). Both look likely to pass. Ballot 161 will start voting tomorrow. Peter B. will be proposing a new ballot and has been assigned number 162. Gerv mentioned that the ballot page on the wiki was slightly out of date. Ben volunteered to update it.

  6. Membership Applications: We received an application from Cisco as a CA. It all appears valid and there was no objection to admitting Cisco as a full member. Dean will notify the applicant. We also received an application from NCDC in Saudi Arabia which we started discussing last time. Ryan stated that he had sent an email to the list questioning some of the results from Deloitte but those don’t apply to the membership application since it meets our bylaws. Gerv asked if a member could be removed if their audit was found to be invalid. There was consensus was that yes, that would occur since it’s an ongoing membership requirement. Dean read some comments received back from the auditor which explained the points sent by Erwaan. Ryan requested that the statement Dean read be sent to the list. A discussion on those comments ensued but at the end, all agreed that the applicant met the current requirements and was granted admission into the forum. It was also noted that a presentation will be made at the F2F meeting by Don of Deloitte about WebTrust and criteria. Kirk said that if a member’s audit was ever pulled, the group should have a discussion about it before automatically revoking membership. Dean said that yes, that would occur.

  7. F2F Agenda: Dean said the latest agenda is on the wiki. Wayne said that the meeting for the working group and day 1 will be at GoDaddy’s conference center. But we will move to another facility on Thursday (possibly the hotel’s conference room). Wayne will advise during that week. Peter wanted to make sure we can have teleconference ability both for dial in and for the demo of the tools. Dean reviewed the agenda. Gerv emphasized that every item on the agenda should have a discussion leader and also send out information ahead of time any pertinent information. Peter asked if we could add something about Mozilla and Salesforce. Gerv will check with Kathleen to see if she can dial in.

  8. Summer Meeting: Dean confirmed the dates for the Bilbao meeting will be May 24-26th hosted by Izenpe.

  9. PAG Status: Ben indicated the ballot would likely pass and urged everyone to review the agreement which needs to be signed in 30 days.

  10. Validation WG Update: Kirk stated that the Validation Working Group was finishing a new draft of a ballot to update BR 3.2.2.4 on domain validation methods, and would meet again next week. A draft will be sent to the members in advance of the Scottsdale face to face meeting, and the working group will ask for input from the members, then try to finish the draft ballot for possible adoption. The working group will also meet on Tuesday of the face to face meeting.

  11. Code Signing WG Update: No report. No WG meeting next week.

  12. Policy WG Update: Ben Wilson reported that the Policy Review Working Group had completed Ballot 160, which is now in the balloting period. The working group will not have a call next week, but its next project is to look at various open Bugzilla issues that point out possible glitches in the Baseline Requirements, and may create a ballot to address these. Ben also stated he was just completing a new version of the Baseline Requirements that will include all recent changes.

  13. Information Sharing WG Update: Ben Wilson stated he had circulated a possible information sharing agreement among working group members seeking their input, and asked if the other Forum members also wanted a copy for review at this point. Kirk suggested Ben wait on that, and only distribute a draft the working group was satisfied with, which Ben agreed to do. Ben said the working group members had time for their review, as he hasn’t given any deadline for comments yet.

  14. Other Business: The members were asked if there was any other business to discuss. There was no new business.

  15. Next teleconference scheduled for March 3rd

  16. Meeting adjourned at approximately 11:53 am Eastern time.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).