CA/Browser Forum
Home » All CA/Browser Forum Posts » 2017-06-08 Minutes

2017-06-08 Minutes

Final Minutes for CA/Browser Forum Teleconference – June 8, 2017 (Approved June 22, 2017)

Attendees: Arno Fiedler (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (DigiCert), Christopher Kemmerer (SSL.com), Doug Beattie (GlobalSign), Fotis Loukos (SSL.com), Geoff Keating, (Apple), Gervase Markham (Mozilla), Josh Aas (Let’s Encrypt), Jos Purvis (Cisco), Kirk Hall (Entrust), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (BuyPass), Masakazu Asano (GlobalSign), Mike Reilly (Microsoft), Peter Bowen (Amazon), Peter Miscovic (Disig), Rich Smith (Comodo), Rick Andrews (Symantec), Ryan Sleevi (Google), Tim Shirley (Trustwave), Virginia Fournier (Apple), Wayne Thayer (GoDaddy), Wendy Brown (FPKI).

  1. Roll Call

  2. Read Antitrust Statement

  3. Review Agenda. Agenda was approved.

  4. Approve of Minutes: The Minutes of the May 25, 2017 CABF teleconference were approved, and will be posted on the Public list.

  5. Governance Change Working Group update. Ben said the WG will present its work at the F2F meeting, including its ideas on changing the IPR Policy. He said Virginia is trying to make the minimum IPR changes necessary to reflect the changed structure. Virginia said the changes are intended to make the royalty-free license granted under the IPR Agreement based on working group participation, not on simple Forum membership. In response to a question, she confirmed that any royalty free license created by working group outputs would be available to all, just as at present, but the “participation” requirements would only apply to those who participate in a working group and not to other Forum members. At the F2F meeting, the WG will provide a draft of proposed changes to the Bylaws and IPR policy plus some slides with an overview of the proposed changes. Ben and Virginia indicated they wanted a WG meeting on Tuesday to prepare, which will be in the later afternoon so those on Pacific time could participate by phone.

  6. Validation Working Group update. There was no update.

  7. Policy Review Working Group update. Ben said the WG had not met that day, but would have a WG meeting on Tuesday at the F2F meeting. Based on the prior teleconference, Kirk suggested the WG come up with new definitions of “CA Operator” and “CA System” and then pick one section of the BRs to insert those definitions in place of the current “CA” so the Forum members could see how that solution works, before the changes are made throughout the BRs. Ben agreed to that procedure.

  8. Ballot Status – Discussion of ballots. Kirk noted that Ballot 201 (.Onion Revisions) was still in the voting period, and Ballot 203 (Formation of Network Security Working Group) was in the discussion period. He asked if anyone wanted to discuss any pending ballots. There was no discussion.

  9. Next F2F meeting: June 20-22, 2017 Berlin (D-Trust). Kirk reviewed the most recent draft of F2F Agenda Items and Arno provided additional logistics information. Kirk asked for any suggestions for edits to the Agenda.

  10. Any Other Business. There was no other business.

  11. Next call July 6, 2017

  12. Adjourn

Latest releases
Server Certificate Requirements
SC099: Improve Recording of Validation Methods - May 19, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Unable to retrieve latest release information from the netsec repository.
Related posts
Tags
Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).