Final Minutes for CA/Browser Forum Teleconference 19 January 2017 (approved 2 Feb. 2017)
Attendees: Arno Fiedler (D-Trust), Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Bruce Morton (Entrust), Christopher Kemmerer (SSL.com), Curt Spann (Apple), Dean Coclin (Symantec), Dimitris Zacharopoulos (Harica), Doug Beattie (Globalsign), Fotis Loukos (SSL.com), Gervase Markham (Mozilla), JC Jones (Mozilla), Jeff Stapleton (Wells Fargo), Jeremy Rowley (Digicert), Jody Cloutier (Microsoft), Josh Aas (Let’s Encrypt), Kirk Hall (Entrust), Leo Grove (SSL.com), Peter Bowen (Amazon), Peter Miscovic, (Disig), Rich Smith (Comodo), Rick Andrews (Symantec), Robin Alden (Comodo), Sissel Hoel, (Buypass), Steve Medin (Symantec), Tarah Wheeler (Symantec), Tim Hollebeek (Trustwave), Tyler Myers (GoDaddy), Virginia Fournier (Apple), Wayne Thayer (GoDaddy).
- Roll Call
- Read Antitrust Statement
- Review Agenda – there were no changes to the Agenda.
- Approve Minutes of teleconferences of Jan. 5, 2017. The draft Minutes were approved for posting to the Public list.
- Governance Change Working Group update. Ben said the working group had finished with a report and recommendations for changes to the Forum structure, which had been forwarded to the Forum for comments before the working group proceeds further. His message to the Forum included a deadline for comments of February 17.
Virginia noted that she had also sent a draft “charter” that could be used in the future to charter new working groups if the governance changes are adopted. Dean said the working group was seeking comments before it begins actual drafting of Bylaws changes, etc.
Kirk asked if there were any special issues the working group wanted to highlight on this call, and Ben said no. Kirk said we would schedule a block of time to discuss on the next teleconference on Feb. 2.
- Validation Working Group update. Jeremy said the working group had continued discussions on several issues, as described in the working group minutes he had posted. There will be new ballots on some of the issues soon.
- Policy Review Working Group update. Ben noted the working group had completed a redraft of its proposals on its last call, and will circulate to the Forum for its comments after this teleconference. The proposal deals with all the places in the Baseline Requirements where the term “CA” or similar is used, sometimes in inconsistent ways, and the working group is trying to achieve a clearer text. In response to a question, Ben said 98 percent of the instances in the BRs were easy to address, but a few were difficult. The working group also addressed the language concerning exceptions to stapling in email.
- IPR Policy Task Force update. Virginia noted that Ballot 183 had been started on Tuesday, and was the result of the many meetings of the IPR Policy Task Force. The Ballot proposes new Bylaws to implement the voting, review, and disclosure procedures required in the Forum’s IPR Policy in our Bylaws voting procedures, plus some other minor clarifications. The ballot is now in the discussion period, and will the voting period will end on January 31. If successful, new ballots can then be filed. Because Ballot 183 does not include any Draft Guidelines but simply amends the Bylaws, it will not require a Review Period.
Kirk thanked Virginia and others for all their hard work in guiding the Forum through this process, and noted that the IPR Policy Task Force would not have any future meetings.
- Ballot Status
Kirk noted the following list of pending ballots, which can begin after January 31 if Ballot 183 passes. Ben asked members to use the wiki when assigning ballot numbers to their ballots, and to please wait to get a ballot number until the ballot is ready to start.
- Ballot 184 – RFC 822 Names and OtherNames (Jeremy)
- BR 220.127.116.11 – CNAME verification (Jeremy)
- BR 6.1.7 – Root signing time stamping certs (Dimitris)
- BR 7.1.3 : OCSP responder certs (Wayne)
- BR 18.104.22.168.2 and EVGL 9.2.5 and 9.2.7 (Li-Chun)
- SRV names in certificates (Jeremy)
- Reuse of domain validation data after Ballot 169 effective date (Wayne)
- CAA (Gerv)
- Ballot adding back Methods 1 and 8 to BR 22.214.171.124 (Gerv)
As to ballot i), Gerv noted that validation methods 1 and 8 of Ballot 169 had not attracted any Exclusion Notices during the Ballot 182 Review Period, and so could be added back as permitted methods to BR 126.96.36.199. Peter volunteered to draft a ballot, and will modify the verbiage always included at the end of ballots to reflect the new procedures under Ballot 183.
- Call for PAG. Kirk noted he had issued a call for the first meeting of a Patent Advisory Group (PAG) for January 24 during the time slot of the previous IPR Policy Task Force to deal with the Exclusion Notices filed for Ballot 182. He will start the meeting as Chair pro tem, and relinquish the chair to a PAG Chair once elected. The PAG will determine for itself what its procedural rules will be. Those who participate on the PAG teleconferences will all be considered to be PAG members, and all members are welcome to serve on the PAG.
Kirk noted that David Singer of Apple had some expertise with how PAGs operate through his work with W3C, and asked Virginia if David could be on the first call. Virginia noted that David would be travelling on that date and might be unavailable, but she will check.
- Membership Status of WoSign and StartCom. Kirk said Dean had raised the question of whether WoSign and Qihoo 360 could continue as Forum members, now that Qihoo 360 had informed the Forum that the two companies were affiliates of Qihoo 360. Dean said he thought the Bylaws meant there could only be one “member” of the Forum among affiliates, but noted the Bylaws sections Kirk had cited in the Agenda, so maybe that wasn’t the case. Jeremy said he interpreted the Bylaws as allowing all three companies to participate as members, but because they are affiliates only one can vote on ballots, and Dean accepted that interpretation.
Peter noted that Qihoo 360 had said it would be the entity casting the vote as a browser, and the two other member-affiliates, WoSign and StartCom, would not vote on ballots. Dimitris asked if WoSign and StartCom would be counted for the purpose of establishing a quorum, and Kirk said no, only those who can vote are counted. Peter agreed, but said we may want to ask for clarification on the voting choice for the future, and confirm that Qihoo 360 will always be casting the sole vote for the affiliates as a browser, and would not be switching back and forth among the affiliates. Kirk agreed to do that, and noted the Governance Change Working Group had also discussed the issue generally and may clarify this point in the Bylaws in the future.
- Next F2F meetings. Kirk confirmed the following meeting dates had been selected:
21-23 March 2017 – Research Triangle Park, NC (Cisco) – sign up on wiki
20-23 June 2017 Berlin (D-Trust)
3-5 Oct 2017 (Chunghwa Telecom)
13. Any Other Business. Arno asked if the date for the CT Day meeting had been chosen yet, and Tarah said it would be held on Feb. 21-22 at Google’s offices in Mountain View. Ryan Hurst is coordinating meeting details.
Jeff noted that he participates in X9 standards groups including those relating to PKI, and wondered if it would be beneficial to the Forum for the X9 organization https://x9.org/ to participate as an Associate Member under the Bylaws. Kirk asked if Jeff thought X9 would have any interest, and Jeff thought yes. Kirk suggested that Jeff work with the X9 organization to prepare a brief statement to the Forum of what it did, how its work would overlap with the Forum’s work, how the two organizations would benefit, etc., and the members could consider it on a future call. Fotis suggested X9’s response be posted to the questions@ list, which would automatically be distributed to the members. Jeff agreed to convey that request to the X9 organization.
There was no other business.
- Next call on Thursday, Feb. 2, 2017