CA/Browser Forum
Home » Posts » 2016-07-07 Minutes

2016-07-07 Minutes


Attendees: Andrew Whalley (Google), Anuj Saxena (Network Solutions), Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Billy VanCannon (Trustwave), Bruce Morton (Entrust), Curt Spann (Apple), Dean Coclin (Symantec), Geoff Keating (Apple), Kirk Hall (Entrust), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (BuyPass), Michele Coon (OATI), Peter Bowen (Amazon), Peter Miscovic (Disig), Rick Andrews (Symantec), Robin Alden (Comodo), Ryan Sleevi (Google), Sissel Hoel (BuyPass), Tim Shirley (Trustwave), Tyler Myers (GoDaddy), Virginia Fournier (Apple), Wayne Thayer (GoDaddy).

  1. Roll Call completed.

  2. Antitrust Statement was read by Dean

  3. Agenda Reviewed – no changes

  4. Minutes of F2F of June 23, 2016 – Minutes were approved and will be posted to the public list. Reinstatement of SECOM membership: SECOM signed the new IPR policy and their membership was reinstated.

  5. Ballot Status: Ballot 164 is in the voting period and it appears it will pass. Ballots 171 and 172 had both passed last week. Jeremy was not on the call to discuss the SRV ballot but Peter said the “underscore” proposal had been removed. The ballot also had the IDN portion removed and would be addressed separately.

6, 7. Quantum Computing: Topic was not discussed as Philip was not on the call. It was suggested that Philip send something out to the list.

  1. Comsign membership application: Ryan sent some questions to Bryan Walker of AICPA regarding this application. Acceptance of this application was tabled until Bryan’s response can be reviewed. The questions revolved around the version of the WebTrust audit that was used. Further updates will be given on the next call.

  2. Governance Change WG: A face to face meeting has been scheduled on August 10th in the Bay area. Ben will send out minutes from the latest call. The group is still discussing the primary goals to insure we go down the right path. Everything from doing nothing to a full blown reform are being considered. Things like IPR, participation and sub groups are being discussed. Kirk had written up a summary on the various positions on the last call and is looking for feedback from participants. Dean said the F2F meeting is open to all members. In addition, we may invite outside participants that have experience in this area to share their expertise.

  3. Validation Working Group: Kirk said the ballot is “ready to go” and is discussing the best way to put it forward. Peter concurred that the work was complete and a red line version should be published soon.

  4. IPR Update: Cisco was not on the call but Dean had heard from Jos who said there were no updates other than they are continuing to have their legal review it. Ben said further changes to IPR should be tabled until we know what is going to happen with governance change.

  5. Policy Review WG: Discussion about the state/locality proposal from Li-Chun continues in the working group. Li-Chun will update his proposal. Kirk asked if a general rule can be written rather than writing up a list of specific countries. Ben said that had not been discussed.

  6. Information Sharing WG: Ben said activity in this group is waning and asked if it should continue. Complications arose about different jurisdictions and things like antitrust law which are impeding progress. Dean suggested a meeting at the next F2F to review the goals and where the group stands before deciding what to do. Ben concurred. Dean will add to the next F2F agenda.

  7. Other Business: Dean encouraged members to register for the fall meeting on the wiki. He reminded everyone that hotel rates had spiked and people should reserve a room now to lock in a good rate.

Dean advised that one company will likely come forward to request a SHA-1 exception. He asked whether there will be a lessons learned document after exception requests are reviewed. Ryan agreed that something should be written but given that we don’t know what the data patterns collected would look like, it would be hard to describe exactly what we should write up. He said the info is relevant and valuable but the report is contingent on how many and what patterns emerge. Bruce wondered if we should do a post mortem on migrating from SHA-1 with this data as input to the report. Dean suggested we have a session at our next F2F meeting in October to review the results and see if we can prepare such a report.

  1. The next call is on July 21st.
Latest releases
Code Signing Requirements
v3.7 - Mar 4, 2024

S/MIME Requirements
v1.0.4 - Ballot SMC06 - May 11, 2024

Ballot SMC06: Post implementation clarification and corrections

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).