CA/Browser Forum
Home » Posts » 2016-05-12 Minutes

2016-05-12 Minutes

Final minutes May 12, 2016

Attendees: Alex Wight (Cisco), Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Bruce Morton (Entrust), Dean Coclin (Symantec), Dimitris Zacharopoulos (Harica), Geoff Keating (Apple), Gervase Markham (Mozilla), Jos Purvis (Cisco), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (BuyPass), Peter Bowen (Amazon), Peter Miscovic (Disig), Rick Andrews (Symantec), Robin Alden (Comodo), Ryan Sleevi (Google), Sanjay Modi (Symantec), Tim Hollebeek (Trustwave), Tim Shirley (Trustwave),Tyler Myers (GoDaddy), Wayne Thayer (GoDaddy)

  1. Roll Call completed.

  2. Antitrust Statement was read by Ben.

  3. Agenda Reviewed.

  4. Minutes of 28 April meeting: The minutes were approved with one minor correction pointed out by Mads and will be sent to the public list.

  5. Ballot Status: Ballots 168 passed.

  6. Domain Validation draft ballot (169): Jeremy and Kirk were absent so Peter gave an update. Discussions are continuing on the list to refine the ballot. The goal is to continue the review period until after Bilbao, with voting to start after then.

  7. Governance Review Working Group. The group had their initial meeting last week. Dean Coclin and Ben Wilson were elected as co-chairs. The group’s next task was to brainstorm a list of areas that they want to tackle, which created a broad list. At the F2F meeting, the group plans on reviewing that list and prioritizing it.

  8. Trend Micro membership termination: As a result of the closing of the sale of Trend Micro’s SSL business to Entrust, Trend’s membership was terminated as of April 28th. Kirk and Chris are now with Entrust.

  9. IPR: A formality to approve members who submitted their IPR agreements after the 30 day window was conducted. There were no objections so the following have full membership status now: ESG de electronische signatuur B.V., Koninklijke KPN N.V., ANF Autoridad de Certificacion, CFCA, Digidentity. Docusign, D-Trust, E-TUGRA, Firmaprofesional, Kamu, Network Solutions, OATI, SheCA, SSC, Startcom, Swisscom, Trustis, Wells Fargo and Browsers: Apple, Microsoft, Qihoo 360. The following members have not properly submitted their new IPR and remain suspended: Camerfirma, SECOM, Visa. Cisco signed their IPR but crossed out one line. Jos explained the reasoning for that which was a concern about unpublished patents. Subsequently they had a change in IP council and need to discuss this area again with the PAG. They would like to resolve as soon as possible. A discussion ensued with members stating that the IPR is a “take it or leave it” document. The reasoning for having the stricken clause in the document were given. Allowing any member to make changes cannot be handled by the forum and cannot be allowed. Cisco clarified that they want to work it out with the PAG. Ben said he would convene another PAG meeting. Since their status at this moment would not allow them to attend meetings, the chair invited them to attend the F2F (as allowed by our bylaws). Cisco will send 3 reps to Bilbao. Jos clarified Cisco’s legal concern in that some patent applications are very broad and may only have a small piece related to certificates. A discussion on IPR review periods began with Dean stating that he was reminded that we need to send out IPR review notices and that we would need to “catch up” since none had been sent since Oct 2014. Ryan said one interpretation is that the Ballot results notices which Dean sends out could be used as the “notification”. Peter said he would like more clarity than that and suggested a “catch up” notice be sent. Ryan said that might be problematic as it may affect the “Effective Date” of the guideline change and hence current audits but would have to think about it more. He also said we should look at a process and be consistent. Dean suggested we add this to the agenda for Bilbao and prepare a summary of the relevant ballots since Oct 2014 (ballots relating to things like bylaws, IPR and other administrative items would not be included).

  10. Validation WG Update: No further updates other than the Ballot

  11. Code Signing WG Update: Working group members plan to meet in Bilbao although discussion on the mailing list has focused on whether this group should be considered as part of the formal agenda since the ballot to approve the group’s work product did not pass. Nonetheless, the group will meet and plans to wrap up its activities there.

  12. Policy WG Update: The group is working on additions to Section 5.1.

  13. Information Sharing WG Update: No update.

  14. Other Business: Dimitris has drafted some text for the website on certs with IP/SAN names. He asked for someone technical to review and possibly test before we post it. We will discuss in Bilbao. Dean said the agenda on the wiki will change due to some logistical issues but the content will remain the same (with minor updates) and he will publish it again one week prior to the meeting.

  15. Next meeting will be in Bilbao on May 24th – 26th

  16. Meeting adjourned

Latest releases
Code Signing Requirements
v3.7 - Mar 4, 2024

S/MIME Requirements
v1.0.5 - Ballot SMC07 - Jul 15, 2024

Ballot SMC07: Align Logging Requirement and Key Escrow clarification

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).